ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 233 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 233
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company has three VPCs named Development, Testing, and Production in the us-east-1 Region. The three VPCs need to be connected to an on-premises data center and are designed to be separate to maintain security and prevent any resource sharing. A solutions architect needs to find a scalable and secure solution.
What should the solutions architect recommend?

  • A. Create an AWS Direct Connect connection and a VPN connection for each VPC to connect back to the data center.
  • B. Create VPC peers from all the VPCs to the Production VPC. Use an AWS Direct Connect connection from the Production VPC back to the data center.
  • C. Connect VPN connections from all the VPCs to a VPN in the Production VPC. Use a VPN connection from the Production VPC back to the data center.
  • D. Create a new VPC called Network. Within the Network VPC, create an AWS Transit Gateway with an AWS Direct Connect connection back to the data center. Attach all the other VPCs to the Network VPC.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by sadhou2004 at Nov. 2, 2020, 6:43 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
VinceL88
Highly Voted 3 years, 9 months ago
B, C, and D enable resources sharing between VPCs, therefore none of them can be the correct answer. The elimination, A is the answer. Also VPN on top of DX to provide encryption.
upvoted 59 times
sadhou2004
3 years, 9 months ago
A is wrong : A provides redundancy not scalability
upvoted 5 times
d719273
3 years, 8 months ago
Why would it not provide scalability? You could, when needed, add a VPN for any new VPC. Scalable, isn't it?
upvoted 2 times
d719273
3 years, 8 months ago
For reference: https://www.youtube.com/watch?v=dhpTTT6V1So
upvoted 2 times
...
...
...
crazyaboutazure
3 years, 8 months ago
Answer should be A. Transit gateway can be used to isolate resources across vpc by connecting it to direct connect and is a very scalable way of doing things but in option presented its mentioned that transit gateway is created within VPC which is incorrect as in the the route table attached to Transit Gateway the VPCs can be attached so VPC s are attached within Transit gateway kind of not other way around. Nice question!!!!
upvoted 7 times
Lucky_
3 years, 8 months ago
Answer is D. You can configure routes to any destination in the transit gateway attachment in any transit gateway route table. The transit gateway attachment doesn't need to be associated with that specific route table. https://aws.amazon.com/premiumsupport/knowledge-center/transit-gateway-connect-vpcs-from-vpn/
upvoted 14 times
...
...
...
woonsi
Highly Voted 3 years, 9 months ago
Ans : A sure Check link https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-vpn.html
upvoted 28 times
bustedd
3 years, 9 months ago
Thank you for the link. Ans A
upvoted 2 times
...
Lucky_
3 years, 8 months ago
Answer is D. Similar scenario here. https://aws.amazon.com/premiumsupport/knowledge-center/transit-gateway-connect-vpcs-from-vpn/
upvoted 6 times
...
...
Uzbekistan
Most Recent 1 year, 3 months ago
Selected Answer: D
Option D: Create a new VPC called Network. Within the Network VPC, create an AWS Transit Gateway with an AWS Direct Connect connection back to the data center. Attach all the other VPCs to the Network VPC.
upvoted 1 times
...
AmbrishK
2 years, 4 months ago
Selected Answer: D
Option D is the recommended solution. The solution architect should create a new VPC called Network and create an AWS Transit Gateway within the Network VPC. An AWS Direct Connect connection should be established from the AWS Transit Gateway back to the data center. The other three VPCs should be attached to the Network VPC, and the traffic can be routed through the AWS Transit Gateway to the data center. This solution is scalable, secure, and maintains the separation between the VPCs. By using a single AWS Transit Gateway, the solution reduces complexity and simplifies the management of the network architecture. Additionally, this solution provides better control and monitoring capabilities, enabling the organization to maintain high levels of security and compliance.
upvoted 1 times
...
alexsanteeno
2 years, 5 months ago
Answer A, all others sharing connections
upvoted 1 times
...
Moathov
2 years, 10 months ago
Selected Answer: A
Answer is A
upvoted 1 times
...
Moathov
2 years, 11 months ago
Selected Answer: A
Answer is A
upvoted 1 times
...
slcheng
2 years, 11 months ago
Selected Answer: A
"ensure security and avoid resource sharing". all 3 VPC require own VPN.
upvoted 1 times
...
cloud_collector
2 years, 11 months ago
D is better https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/centralized-network-security-for-vpc-to-vpc-and-on-premises-to-vpc-traffic.html
upvoted 1 times
...
Red8aron
2 years, 11 months ago
Selected Answer: D
D is right no need to 4 direct connect connection to each VPC plus VPN, one Network VPC can handle.
upvoted 2 times
...
Iliyan_Azure
2 years, 11 months ago
Transit Gateway is a Regional resource and can connect thousands of VPCs within the same AWS Region. You can create multiple Transit Gateway instances per Region, and you can connect to a maximum of three Transit Gateway instances over a single Direct Connect connection for hybrid connectivity. Typically, you can use just one Transit Gateway instance connecting all your VPC instances in a given Region, and use Transit Gateway routing tables to isolate them wherever needed. There is a valid case for creating multiple Transit Gateway instances to limit misconfiguration blast radius, segregate control plane operations and administrative ease-of-use https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/building-scalable-secure-multi-vpc-network-infrastructure.pdf
upvoted 2 times
...
reve666
3 years ago
Selected Answer: A
Answer should be A
upvoted 1 times
...
gpikagm
3 years, 1 month ago
A as you do not need to create a new VPC network for using transit gateway. It is not like NAT gateway which needs to be in public subnet within VPC.
upvoted 1 times
...
esinan
3 years, 2 months ago
Selected Answer: D
We have to use Transit Gateway for scalability. https://aws.amazon.com/premiumsupport/knowledge-center/transit-gateway-connect-vpcs-from-vpn/
upvoted 2 times
...
SZARCHITECT
3 years, 2 months ago
Selected Answer: D
I will go with D. For scalability , Transit GW is way better and flexible for routing.
upvoted 3 times
...
rvnz45
3 years, 3 months ago
Selected Answer: D
lets end the war : https://aws.amazon.com/premiumsupport/knowledge-center/transit-gateway-connect-vpcs-from-vpn/ A is not scalable. you create DX and VPN on each VPC ? that alot effort
upvoted 5 times
...
FF11
3 years, 5 months ago
Selected Answer: A
A seems correct
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel