ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 427 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 427
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company has developed a new billing application that will be released in two weeks. Developers are testing the application running on 10 EC2 instances managed by an Auto Scaling group in subnet 172.31.0.0/24 within VPC A with CIDR block 172.31.0.0/16. The Developers noticed connection timeout errors in the application logs while connecting to an Oracle database running on an Amazon EC2 instance in the same region within VPC B with CIDR block 172.50.0.0/16.
The IP of the database instance is hard-coded in the application instances.
Which recommendations should a Solutions Architect present to the Developers to solve the problem in a secure way with minimal maintenance and overhead?

  • A. Disable the SrcDestCheck attribute for all instances running the application and Oracle Database. Change the default route of VPC A to point ENI of the Oracle Database that has an IP address assigned within the range of 172.50.0.0/16
  • B. Create and attach internet gateways for both VPCs. Configure default routes to the internet gateways for both VPCs. Assign an Elastic IP for each Amazon EC2 instance in VPC A
  • C. Create a VPC peering connection between the two VPCs and add a route to the routing table of VPC A that points to the IP address range of 172.50.0.0/16
  • D. Create an additional Amazon EC2 instance for each VPC as a customer gateway; create one virtual private gateway (VGW) for each VPC, configure an end- to-end VPC, and advertise the routes for 172.50.0.0/16
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by piotr at Sept. 16, 2019, 9:36 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
donathon
Highly Voted 3 years, 8 months ago
C A: It does not goes through NAT so this is not the solution. B: It does not need to go through internet. This is not secured. D: This is VPN which is not suitable. Peering should be used.
upvoted 34 times
...
amog
Highly Voted 3 years, 8 months ago
Answer is C
upvoted 5 times
...
mrgreatness
Most Recent 2 years, 7 months ago
100% C
upvoted 1 times
...
Blair77
2 years, 7 months ago
Selected Answer: C
An easy one! C is right!
upvoted 1 times
...
hilft
2 years, 10 months ago
most secure. B.
upvoted 1 times
...
AzureDP900
3 years, 6 months ago
C is right
upvoted 1 times
...
andylogan
3 years, 7 months ago
It's C
upvoted 1 times
...
moon2351
3 years, 7 months ago
C is Correct
upvoted 1 times
...
walkwolf3
3 years, 7 months ago
Answer C is missing the routes in VPC B. You also need to add a route to the routing table of VPC B that points to the IP address of range of 172.31.0.0/24, otherwise, there is no route for return traffic from VPC B to A. That's to say, C is most likely answer but not the full solution.
upvoted 4 times
...
WhyIronMan
3 years, 7 months ago
I'll go with C
upvoted 1 times
...
Waiweng
3 years, 7 months ago
it's C
upvoted 2 times
...
Kian1
3 years, 7 months ago
will go with C
upvoted 2 times
...
Ebi
3 years, 7 months ago
Easy one, answer is C
upvoted 3 times
...
sanjaym
3 years, 7 months ago
I'll go with C
upvoted 2 times
...
jayakumarchellam
3 years, 7 months ago
C is wrong - Peering already happened , problem is timeout . autoscale instance required time to route to Database IP address
upvoted 1 times
DerekKey
3 years, 7 months ago
There is no such information. Rather opposite.
upvoted 3 times
...
...
SachinJha
3 years, 7 months ago
Though C looks appropriate but not sure how that resolves this problem without EIP: "The IP of the database instance is hard-coded"
upvoted 1 times
...
T14102020
3 years, 7 months ago
C is correct. Key is VPC peering
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel