ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 697 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 697
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company provides a centralized Amazon EC2 application hosted in a single shared VPC. The centralized application must be accessible from client applications running in the VPCs of other business units. The centralized application front end is configured with a Network Load Balancer (NLB) for scalability.
Up to 10 business unit VPCs will need to be connected to the shared VPC. Some of the business unit VPC CIDR blocks overlap with the shared VPC, and some overlap with each other. Network connectivity to the centralized application in the shared VPC should be allowed from authorized business unit VPCs only.
Which network configuration should a solutions architect use to provide connectivity from the client applications in the business unit VPCs to the centralized application in the shared VPC?

  • A. Create an AWS Transit Gateway. Attach the shared VPC and the authorized business unit VPCs to the transit gateway. Create a single transit gateway route table and associate it with all of the attached VPCs. Allow automatic propagation of routes from the attachments into the route table. Configure VPC routing tables to send traffic to the transit gateway.
  • B. Create a VPC endpoint service using the centralized application NLB and enable the option to require endpoint acceptance. Create a VPC endpoint in each of the business unit VPCs using the service name of the endpoint service. Accept authorized endpoint requests from the endpoint service console.
  • C. Create a VPC peering connection from each business unit VPC to the shared VPC. Accept the VPC peering connections from the shared VPC console. Configure VPC routing tables to send traffic to the VPC peering connection.
  • D. Configure a virtual private gateway for the shared VPC and create customer gateways for each of the authorized business unit VPCs. Establish a Site-to-Site VPN connection from the business unit VPCs to the shared VPC. Configure VPC routing tables to send traffic to the VPN connection.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by kalyan_krishna742020 at March 12, 2021, 2:24 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
wasabidev
Highly Voted 3 years, 8 months ago
B. Transit Gateway doesn't support routing between VPC with identical CIDRs
upvoted 19 times
DashL
3 years, 8 months ago
Amazon Transit Gateway doesn’t support routing between Amazon VPCs with overlapping CIDRs. If you attach a new Amazon VPC that has a CIDR which overlaps with an already attached Amazon VPC, Amazon Transit Gateway will not propagate the new Amazon VPC route into the Amazon Transit Gateway route table.
upvoted 3 times
...
...
tvs
Highly Voted 3 years, 7 months ago
B. Use NLB VPC endpoint service name overcome CIDR overlap issues.
upvoted 8 times
kirrim
3 years, 7 months ago
Agree! NLBs always SNAT the client source IP address to their own IP within your VPC when the incoming request to the NLB via a gateway load balancer endpoint or vpc endpoint (private link): https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation (This can be annoying if you want the NLB's client IP preservation feature!)
upvoted 3 times
...
...
asfsdfsdf
Most Recent 2 years, 11 months ago
Selected Answer: B
B - classic use cased for PrivateLink (NLB +EP) all other options are out due to overlapping CIDRs not possible to route it
upvoted 2 times
...
cldy
3 years, 5 months ago
B correct.
upvoted 1 times
...
AzureDP900
3 years, 6 months ago
I'll go with B
upvoted 1 times
...
acloudguru
3 years, 6 months ago
Selected Answer: B
A is not useful for overlap CIDR. B, use NLB's vpc endpoint
upvoted 1 times
...
tgv
3 years, 7 months ago
BBB ---
upvoted 2 times
...
blackgamer
3 years, 7 months ago
It is B
upvoted 1 times
...
WhyIronMan
3 years, 7 months ago
I'll go with B
upvoted 2 times
...
Waiweng
3 years, 8 months ago
it's B
upvoted 3 times
...
aws_master
3 years, 8 months ago
B for sure
upvoted 3 times
...
SD13
3 years, 8 months ago
Correct option : B
upvoted 2 times
...
gm
3 years, 8 months ago
Yes, B
upvoted 5 times
...
kalyan_krishna742020
3 years, 8 months ago
Ans: C https://docs.aws.amazon.com/vpc/latest/peering/peering-configurations-partial-access.html
upvoted 3 times
kalyan_krishna742020
3 years, 8 months ago
My bad.. it is B. https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-securely-publish-internet-applications-at-scale-using-application-load-balancer-and-aws-privatelink/
upvoted 8 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel