ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 340 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 340
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company operates a fleet of servers on premises and operates a fleet of Amazon EC2 instances in its organization in AWS Organizations. The company's AWS accounts contain hundreds of VPCs. The company wants to connect its AWS accounts to its on-premises network. AWS Site-to-Site VPN connections are already established to a single AWS account. The company wants to control which VPCs can communicate with other VPCs.

Which combination of steps will achieve this level of control with the LEAST operational effort? (Choose three.)

  • A. Create a transit gateway in an AWS account. Share the transit gateway across accounts by using AWS Resource Access Manager (AWS RAM).
  • B. Configure attachments to all VPCs and VPNs.
  • C. Setup transit gateway route tables. Associate the VPCs and VPNs with the route tables.
  • D. Configure VPC peering between the VPCs.
  • E. Configure attachments between the VPCs and VPNs.
  • F. Setup route tables on the VPCs and VPNs.
Show Suggested Answer Hide Answer
Suggested Answer: ABC 🗳️
by devalenzuela86 at Nov. 21, 2023, 10:08 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
HappyPrince
Highly Voted 1 year, 6 months ago
Selected Answer: ABC
As transit gateway follows a hub and spoke model connecting all VPCs and VPNs to it makes more sense. Moreover, between VPCs and VPNs is invalid.
upvoted 16 times
...
HunkyBunky
Highly Voted 1 year, 7 months ago
Selected Answer: ACE
I guess ACE. The company wants to control which VPC will communicate with other VPC, that means that we don't need to setup attachment for all VPCs
upvoted 11 times
devalenzuela86
1 year, 6 months ago
Option E proposes configuring attachments between the VPCs and VPNs. This option is necessary to connect the VPCs and VPNs to the transit gateway.
upvoted 3 times
...
...
Longc
Most Recent 1 month, 3 weeks ago
Selected Answer: ACE
ACE B (Attach "all" VPCs/VPNs): Overly broad and operationally intensive for hundreds of VPCs. Attachments should be configured selectively.
upvoted 1 times
...
Daniel76
7 months, 3 weeks ago
why i dont choose: D - VPC peering not feasible for hundreds of VPCs E and F, the attachments and route tables should be done on the transit gateways, not on the VPCs and VPNs.
upvoted 3 times
...
Danm86
7 months, 3 weeks ago
Answer ABC is correct. Since C has route tables, which gives Organization to control which VPC can communicate
upvoted 1 times
...
JoeTromundo
8 months, 2 weeks ago
Selected Answer: ABC
For those who think that, in relation to the requirement "The company wants to control which VPCs can communicate with other VPCs", option E would be correct, in fact this will be possible through letter C, therefore the answer is A, B, C.
upvoted 1 times
...
vip2
11 months ago
Selected Answer: ABC
C is correct instea of E because all VPCs and VPN attach to Transit-GW
upvoted 1 times
...
053081f
11 months, 2 weeks ago
Selected Answer: ACE
The question and opitons include (or lack) some typo errors. E should be "Configure 'transit gateway' attachments between the VPCs and VPNs." Then, I think ABE is correct, not ABC. The company wants to control "which VPCs can communicate with other VPCs." It doesn't say "all VPCs and VPNs.".
upvoted 1 times
053081f
11 months, 2 weeks ago
Sorry I think ACE is correct, not ABC.
upvoted 1 times
...
...
seetpt
1 year, 1 month ago
Selected Answer: ABC
ABC for me
upvoted 3 times
...
VerRi
1 year, 3 months ago
Selected Answer: ACE
We don't need "all"
upvoted 3 times
...
hogtrough
1 year, 3 months ago
Selected Answer: ABC
E. You don't configure attachments between VPCs and VPNs, you configure attachments to both VPCs and VPN from the transit gateway, thus B.
upvoted 6 times
...
arberod
1 year, 4 months ago
Selected Answer: ACE
It is ACE
upvoted 1 times
...
tmlong18
1 year, 5 months ago
Selected Answer: ABC
I go ABC
upvoted 4 times
...
vibzr2023
1 year, 5 months ago
My Answer "ACE" Why B is correct? The question asks "The company wants to control which VPCs can communicate with other VPCs" Saying that Option B is "Involves attaching every single VPC and VPN within the organization directly to the Transit Gateway" where as Option C focuses on "establishing attachments only between the VPCs that need to communicate with each other and the VPN gateway" Can one explain why B is correct?
upvoted 1 times
vibzr2023
1 year, 5 months ago
Typo... I mean Option E Option E... focuses on "establishing attachments only between the VPCs that need to communicate with each other and the VPN gateway" Can anyone explain why B is correct?
upvoted 1 times
...
...
career360guru
1 year, 5 months ago
Selected Answer: ABC
Option A, B, C. Option E looks feasible instead of B but that is not a requirement as company only wants to control VPC to VPC communication.
upvoted 6 times
...
ayadmawla
1 year, 6 months ago
Selected Answer: ABC
ABC - we need to read the answers as a combination of steps.
upvoted 5 times
ayadmawla
1 year, 6 months ago
One issue though that in order to control which VPC talks to which one, we need to setup route tables on each VPC (E) and not on the transit VPC (C) as that need to be light. So I am thinking that the choice should be ABE and not ABC. The specific use case is not mentioned here but this link should give an idea of how route tables need to be configured. https://docs.aws.amazon.com/vpc/latest/tgw/TGW_Scenarios.html
upvoted 1 times
ayadmawla
1 year, 6 months ago
This article suggests the use of NACL to control inter-vpc traffic but that option is not available in the question (although there is another question that brings it up) https://intuitive.cloud/blog/securing-multi-vpc-connectivity-with-aws-transit-gateway-#:~:text=Use%20security%20groups%20and%20NACLs,connected%20to%20the%20Transit%20Gateway.
upvoted 1 times
...
...
...
shaaam80
1 year, 6 months ago
Selected Answer: ABC
Answer - ABC
upvoted 5 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel