Exam AWS Certified Solutions Architect - Professional topic 1 question 406 discussion

D A: Too long. B\C: VPC endpoints are for communications between VPC and S3. You will need a public virtual interface on DC to connect to S3 when the data is on premise. To connect to AWS public endpoints, such as an Amazon Elastic Compute Cloud (Amazon EC2) or Amazon Simple Storage Service (Amazon S3), with dedicated network performance, use a public virtual interface.A public virtual interface allows you to connect to all AWS public IP spaces globally. Direct Connect customers in any Direct Connect location can create public virtual interfaces to receive Amazon’s global IP routes, and they can access publicly routable Amazon services in any AWS Regions (except the AWS China Region).

A is not practical as Snow Ball takes more than 1 week. B is not valid because Direct Connect can't access VPC Endpoint. C and D are Ok but C is not cost effective because you have to setup a proxy farm. D should be correct

B,C,D is a valid method: B: https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-access-direct-connect/ if you create VPC Endpoint for S3 with Interface type C: https://d0.awsstatic.com/aws-answers/Accessing_VPC_Endpoints_from_Remote_Networks.pdf work on 2 type of VPC endpoint. D: it a function of DX. Must be work. Now, point to LEAST EXPENSIVE B: Fee of proxy farm. C: Fee of S3 interface endpoint ($/hour) and data processed D: Free (with S3 ingress) So, D is the best choice!

The question states, a minimally used 10 Gbps AWS Direct Connect connection with a private virtual interface to its virtual private cloud (VPC). Therefore there is an existing virtual interface, so why are we creating another one as stated in answer D. For me the simpler option is B, unless someone can give a valid reason

There are few exams as grinding for the candidates as the AWS Solutions Architect Professional exam. The failure rate of the exam is well above 72%. This means that less than 28% of the candidates who take the AWS Solutions Architect Professional exam manage to clear it. Now, this is a daunting number. https://192168l254.com.mx/ES

To connect to s3 using direct connect Public VIF is must

D correct.

D: CORRECT

D is the right choice. https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-access-direct-connect/

D is the best answer for given use case

Answer is C based on this link https://d0.awsstatic.com/aws-answers/Accessing_VPC_Endpoints_from_Remote_Networks.pdf

It's D

D D - Data can be copied privately using Public VIF on DX. B - VPC endpoints are not accessible through DX.

The Answer is C. I really hate AWS for putting questions to a VERY specific solution. See my below link, it literally is the use case they are asking for. https://d0.awsstatic.com/aws-answers/Accessing_VPC_Endpoints_from_Remote_Networks.pdf

Answer D Amazon’s primary recommended method is to run multiple VIFs, mixing both public and private.

D. https://aws.amazon.com/premiumsupport/knowledge-center/public-private-interface-dx/

Should be C B : not possible to use Direct Connect with VPC Endpoint : https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-access-direct-connect/?nc1=h_ls D : Possible to use a Public VIF (https://aws.amazon.com/premiumsupport/knowledge-center/connect-private-network-dx-vif/) but not secure (where is the VPN connexion over it, it is not mentioned in the question), plus you add to the transfer rate an extra cost for the appliance (https://aws.amazon.com/directconnect/pricing/) whereas on C you just pay for the transfer rate of a set of EC2 playing the role of proxy, and the LB allows for future growth