ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 538 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 538
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

To abide by industry regulations, a Solutions Architect must design a solution that will store a company's critical data in multiple public AWS Regions, including in the United States, where the company's headquarters is located. The Solutions Architect is required to provide access to the data stored in AWS to the company's global WAN network. The Security team mandates that no traffic accessing this data should traverse the public internet.
How should the Solutions Architect design a highly available solution that meets the requirements and is cost-effective?

  • A. Establish AWS Direct Connect connections from the company headquarters to all AWS Regions in use. Use the company WAN to send traffic over to the headquarters and then to the respective DX connection to access the data.
  • B. Establish two AWS Direct Connect connections from the company headquarters to an AWS Region. Use the company WAN to send traffic over a DX connection. Use inter-region VPC peering to access the data in other AWS Regions.
  • C. Establish two AWS Direct Connect connections from the company headquarters to an AWS Region. Use the company WAN to send traffic over a DX connection. Use an AWS transit VPC solution to access data in other AWS Regions.
  • D. Establish two AWS Direct Connect connections from the company headquarters to an AWS Region. Use the company WAN to send traffic over a DX connection. Use Direct Connect Gateway to access data in other AWS Regions.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Reference:
https://aws.amazon.com/blogs/aws/new-aws-direct-connect-gateway-inter-region-vpc-access/
by cmm103 at Oct. 3, 2019, 2:45 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
donathon
Highly Voted 3 years, 8 months ago
D This feature also allows you to connect to any of the participating VPCs from any Direct Connect location, further reducing your costs for making using AWS services on a cross-region basis. https://aws.amazon.com/blogs/aws/new-aws-direct-connect-gateway-inter-region-vpc-access/ A: There is only a single DC and hence is not highly available. B: VPC peering means there are additional cost charges when data transfer between region. Also there is a 125 VPC peering limit. Data transferred across Inter-Region VPC Peering connections is charged at the standard inter-region data transfer rates. https://aws.amazon.com/about-aws/whats-new/2017/11/announcing-support-for-inter-region-vpc-peering/ C: Similar to B. D: Remember one caveat which the question did not state is if there are multiple accounts: The VPCs that reference a particular Direct Connect Gateway must have IP address ranges that do not overlap. Today, the VPCs must all be in the same AWS account; we plan to make this more flexible in the future. https://aws.amazon.com/blogs/aws/new-aws-direct-connect-gateway-inter-region-vpc-access/
upvoted 56 times
Joeylee
3 years, 7 months ago
Agree on D
upvoted 1 times
...
Kuro
3 years, 7 months ago
Clearly explaination.
upvoted 1 times
...
shammous
3 years, 7 months ago
Another argument is that there was no mention to have transit feature between VPCs, which is an extra reason to choose D over C (from apart being more cost-effective)
upvoted 2 times
...
DashL
3 years, 7 months ago
As per aws announcement in Mar 2019 (https://aws.amazon.com/about-aws/whats-new/2019/03/announcing-multi-account-support-for-direct-connect-gateway/): With the launch of multi-account support for Direct Connect gateway, you can associate up to 10 Amazon VPCs from multiple accounts with a Direct Connect gateway. The Amazon VPCs and the Direct Connect gateway must be owned by AWS Accounts that belong to the same AWS payer account ID.
upvoted 3 times
...
...
bebo
Highly Voted 3 years, 8 months ago
Question 144 A. Use Amazon CloudFront with Amazon ECS for hosting the website. Use AWS Secrets Manager for provide user management and authentication functions. Use ECS Docker containers to build an API. B. Use Amazon Route 53 latency routing with an Application Load Balancer and AWS Fargate in different regions for hosting the website. use Amazon Cognito to provide user management and authentication functions. Use Amazon EKS containers. C. Use Amazon CloudFront with Amazon S3 for hosting static web resources. Use Amazon Cognito to provide user management authentication functions. Use Amazon API Gateway with AWS Lambda to build an API. D. Use AWS Direct Connect with Amazon CloudFront and Amazon S3 for hosting static web resource. Use Amazon Cognito to provide user management authentication functions. Use AWS Lambda to build an API. Correct Answer: C
upvoted 15 times
...
HellGate
Most Recent 3 years, 2 months ago
Selected Answer: D
B, C, D are all right way... D > C > B D is the best answer.
upvoted 1 times
...
GeniusMikeLiu
3 years, 4 months ago
why need two AWS Direct Connect connections?
upvoted 2 times
HellGate
3 years, 4 months ago
HA purpose
upvoted 2 times
...
...
AzureDP900
3 years, 6 months ago
D is right
upvoted 1 times
...
student22
3 years, 7 months ago
D AWS region 1 --> VIF --> Direct Connect Gateway --> multiple VIF --> multiple AWS Regions
upvoted 3 times
...
WhyIronMan
3 years, 7 months ago
I'll go with D
upvoted 1 times
...
Waiweng
3 years, 7 months ago
it's D
upvoted 1 times
...
Pupu86
3 years, 7 months ago
A: Doesn’t fulfill HA B: charges are implemented for both inbound and outbound peering C: charges are implemented for outbound only but solution only suitable for VPC transits purpose to overcome VPC peering mesh D: Correct answer to link multiple regional traffic
upvoted 1 times
...
bnagaraja9099
3 years, 7 months ago
D https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-aws-transit-gateway.html
upvoted 1 times
...
Firststack
3 years, 7 months ago
D is correct
upvoted 1 times
...
Ebi
3 years, 7 months ago
I go with D
upvoted 3 times
...
MichaelHuang
3 years, 7 months ago
D See the link for Direct Connect Gateway for multi-regions: https://aws.amazon.com/blogs/aws/new-aws-direct-connect-gateway-inter-region-vpc-access/
upvoted 1 times
...
Bulti
3 years, 7 months ago
Answer is D
upvoted 1 times
...
jackdryan
3 years, 7 months ago
I'll go with D
upvoted 3 times
GopiSivanathan
3 years, 7 months ago
data is in the AWS public regions, so Direct connect Gateway can't be used. it should Transit VPC
upvoted 2 times
rcher
3 years, 7 months ago
You can create Public VIF between Direct Connect and Direct Connect Gateway. and access AWS public services like S3. Transit VPC works for VPN, which means IPSEC that work over the internet :)
upvoted 1 times
...
...
...
Edgecrusher77
3 years, 7 months ago
C, Transit VPC
upvoted 1 times
...
ipindado2020
3 years, 7 months ago
A. Multiple DX connections very expensive: KO B. Transitive peering not allowed: KO. C. transit VPC: OK D. Direct Connect Gateway: OK As for the additional costs of the transit VPC solution.... D seems to be correct
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel