Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 113 discussion

Answer A for sure. https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html

A is correct and not D. Though D also looks correct. Reason is Private Virtual Interface will need to be created in that VPC from where you are trying to access the other VPC. This question says that EC2 instance from VPCA will access EC2 instance of VPC B, so ideally Private Virtaul Interface must be created in VPCA to meet the requirement whereas option D says to create it in VPCB. Hence, the option D is incorrect https://aws.amazon.com/premiumsupport/knowledge-center/public-private-interface-dx/

Option D is the most appropriate solution for enabling secure access from VPC-A to the EC2 instance in VPC-B, which are in separate AWS accounts. Here's why: D. Create a private virtual interface (VIF) for the EC2 instance running in VPC-B and add appropriate routes from VPC-A: This option involves setting up a Direct Connect private virtual interface (VIF) between VPC-A and VPC-B. This provides a private, dedicated connection between the VPCs, ensuring secure communication. By configuring the appropriate routes, traffic from the EC2 instance in VPC-A can reach the EC2 instance in VPC-B securely. Using AWS Direct Connect eliminates single points of failure and provides consistent, reliable bandwidth for communication between the VPCs.

https://docs.aws.amazon.com/vpc/latest/peering/create-vpc-peering-connection.html#create-vpc-peering-connection-remote You can request a VPC peering connection with a VPC that's in another AWS account. Before you begin, ensure that you have the AWS account number and VPC ID of the VPC to peer with. After you've created the request, the owner of the accepter VPC must accept the VPC peering connection to activate it.

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The VPCs can be in different regions (also known as an inter-region VPC peering connection).

Should be A. vpc gateway is not for vpcs, but subnets.

AAAA for sureee

Q. What if my peering connection goes down? AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware. There is no single point of failure for communication or a bandwidth bottleneck. Inter-Region VPC Peering operates on the same horizontally scaled, redundant, and highly available technology that powers VPC today. Inter-Region VPC Peering traffic goes over the AWS backbone that has in-built redundancy and dynamic bandwidth allocation. There is no single point of failure for communication. Transit virtual interface To connect to your resources hosted in an Amazon VPC (using their private IP addresses) through a transit gateway, use a transit virtual interface. With a transit virtual interface, you can: Connect multiple Amazon VPCs in the same or different AWS account using Direct Connect. https://aws.amazon.com/premiumsupport/knowledge-center/public-private-interface-dx/ Answer is A

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The VPCs can be in different regions . AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware. There is no single point of failure for communication or a bandwidth bottleneck. https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html

VIF is ONLY when you have a Direct Access connection to on prem.

D correct, because it is mentioed EC2 to EC2 no hole VPC to VPC which can contain other instances

A is correct

Ans:A it is not D Because as you can see from the link VIF works with Direct connect or virtual private gateway. So after you attach the interface you still need to have DC or VPG. https://docs.aws.amazon.com/cli/latest/reference/directconnect/create-private-virtual-interface.html#:~:text=A%20private%20virtual%20interface%20can%20be%20connected%20to%20either%20a%20Direct%20Connect%20gateway%20or%20a%20Virtual%20Private%20Gateway%20(VGW).

A is the easier option

A should be the answer https://d1.awsstatic.com/whitepapers/lambda-architecure-on-for-batch-aws.pdf

D To connect to your resources hosted in an Amazon Virtual Private Cloud (Amazon VPC) using their private IP addresses, use a private virtual interface. With a private virtual interface, you can: Connect VPC resources (such as Amazon Elastic Compute Cloud (Amazon EC2) instances or load balancers) on your private IP address or endpoint. https://aws.amazon.com/premiumsupport/knowledge-center/public-private-interface-dx/

i think this is (d) - https://aws.amazon.com/premiumsupport/knowledge-center/public-private-interface-dx/ "To connect to your resources hosted in an Amazon Virtual Private Cloud (Amazon VPC) using their private IP addresses, use a private virtual interface. With a private virtual interface, you can: Connect VPC resources (such as Amazon Elastic Compute Cloud (Amazon EC2) instances or load balancers) on your private IP address or endpoint." the question mentions a direct connection to an ec2 instance, not vpc-to-vpc peering which opens up all the resources