ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 465 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 465
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company uses an organization in AWS Organizations to manage multiple AWS accounts. The company hosts some applications in a VPC in the company's shared services account.

The company has attached a transit gateway to the VPC in the shared services account.

The company is developing a new capability and has created a development environment that requires access to the applications that are in the shared services account. The company intends to delete and recreate resources frequently in the development account. The company also wants to give a development team the ability to recreate the team's connection to the shared services account as required.

Which solution will meet these requirements?

  • A. Create a transit gateway in the development account. Create a transit gateway peering request to the shared services account. Configure the shared services transit gateway to automatically accept peering connections.
  • B. Turn on automatic acceptance for the transit gateway in the shared services account. Use AWS Resource Access Manager (AWS RAM) to share the transit gateway resource in the shared services account with the development account. Accept the resource in the development account. Create a transit gateway attachment in the development account.
  • C. Turn on automatic acceptance for the transit gateway in the shared services account. Create a VPC endpoint. Use the endpoint policy to grant permissions on the VPC endpoint for the development account. Configure the endpoint service to automatically accept connection requests. Provide the endpoint details to the development team.
  • D. Create an Amazon EventBridge rule to invoke an AWS Lambda function that accepts the transit gateway attachment when the development account makes an attachment request. Use AWS Network Manager to share the transit gateway in the shared services account with the development account. Accept the transit gateway in the development account.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by CMMC at March 19, 2024, 3:06 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AzureDP900
5 months, 3 weeks ago
Option B uses AWS Resource Access Manager (RAM) to share the transit gateway resource with the development account. This eliminates the need for manual peering requests and allows the development team to access the shared services account without requiring intervention on both sides. The use of RAM also simplifies the process of granting permissions and managing resources, making it a suitable solution for this use case. Option B is more straightforward and easier to implement than Option C, which involves creating a VPC endpoint and configuring an endpoint service.
upvoted 2 times
...
dman
8 months, 2 weeks ago
Selected Answer: A
The dev account has frequent changes and needs to connect with the ShareServices account hence connection request is from Dev -> SS
upvoted 1 times
...
trungtd
10 months, 3 weeks ago
Selected Answer: B
A is incorrect: creating and managing another transit gateway in the development account and setting up peering. This adds unnecessary complexity and management overhead. B is correct: the development account can create transit gateway attachments without needing manual intervention every time an attachment is made. C is incorrect: Not usecase of VPC endpoints. VPC endpoints are typically used for connecting to AWS services privately without traversing the public internet. This option does not align well with the requirement to access applications in a VPC through a transit gateway. D is incorrect: too complicated
upvoted 3 times
...
titi_r
11 months, 2 weeks ago
Selected Answer: B
"B" is correct. "C" is wrong: Endpoint services require either a Network Load Balancer or a Gateway Load Balancer., However, the answer does not mention the creation of a NLB. https://docs.aws.amazon.com/vpc/latest/privatelink/create-endpoint-service.html
upvoted 2 times
...
pangchn
1 year, 1 month ago
Selected Answer: B
B Auto accept shared attachments https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html Then, create create TGW attachment in dev account
upvoted 3 times
...
Dgix
1 year, 1 month ago
Selected Answer: B
B is correct. A is wrong becase TGW peering is done between regions, not accounts. C is rubbish D is overengineered and weird, using Network Manager for sharing the TGW rather than RAM which is best practice.
upvoted 3 times
dman
8 months, 2 weeks ago
Intra region peering is allowed, A is also valid
upvoted 1 times
...
...
CMMC
1 year, 1 month ago
Selected Answer: B
Provide the flexibility needed for the development team to recreate their connection to the shared services account
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago