ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 524 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 524
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company has an AWS account used for software engineering. The AWS account has access to the company's on-premises data center through a pair of AWS
Direct Connect connections. All non-VPC traffic routes to the virtual private gateway.
A development team recently created an AWS Lambda function through the console. The development team needs to allow the function to access a database that runs in a private subnet in the company's data center.
Which solution will meet these requirements?

  • A. Configure the Lambda function to run in the VPC with the appropriate security group.
  • B. Set up a VPN connection from AWS to the data center. Route the traffic from the Lambda function through the VPN.
  • C. Update the route tables in the VPC to allow the Lambda function to access the on-premises data center through Direct Connect.
  • D. Create an Elastic IP address. Configure the Lambda function to send traffic through the Elastic IP address without an elastic network interface.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by rolo5555 at Dec. 15, 2021, 8:37 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Guha
Highly Voted 3 years, 5 months ago
C is the Answer
upvoted 18 times
naveenagurjara
2 years, 11 months ago
A.. read this All traffic that does not originate in a virtual private cloud is routed via the virtual private gateway. Meaning we have the default route pointing to the VPG towards DX /On prem so routing ia already taken care.
upvoted 2 times
...
...
rolo5555
Highly Voted 3 years, 5 months ago
Answer A
upvoted 7 times
Alcpt
3 years, 5 months ago
Deploy the Lambda Function in the VPC with a security group. https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html#vpc-managing-eni
upvoted 4 times
...
SuhasH
3 years, 4 months ago
provide access to the function to a database that is located on a private subnet inside the company's data center. How security group details linked to premise DB in a private VPN
upvoted 1 times
serdar55
3 years, 2 months ago
All non-VPC traffic is already routed to the on-premise thorough vpg. No need to do the configuration from the route table. Check the outbound of the security group.
upvoted 1 times
Zoroter
3 years ago
security groups are for EC2 instances, not for lambda functions
upvoted 2 times
allanm
2 years, 10 months ago
Incorrect. Security groups are meant to control the traffic that is allowed to reach and leave the resources that it is associated with, within a VPC. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html These resources don't have to be EC2, they can be other resources as well including ELBs and Lambda! https://stackoverflow.com/questions/29730155/what-are-all-the-resources-that-can-be-associated-with-a-security-group-in-aws
upvoted 3 times
ocbn3wby
2 years, 6 months ago
Good refresher. Thanks.
upvoted 1 times
...
...
...
...
...
...
allanm
Most Recent 2 years, 10 months ago
Answer is A Read the section here about configuring the VPC access for Lambda - https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html#vpc-managing-eni
upvoted 3 times
...
Arrkady
2 years, 10 months ago
Selected Answer: A
C cannot be correct because without A lambda is not executed within the VPC
upvoted 1 times
...
sam_aws2021
2 years, 10 months ago
"All traffic that does not originate in a virtual private cloud is routed via the virtual private gateway" - But it does it guarantee that it can access anything on premise. We have to still configure the DB Security Group ?
upvoted 1 times
...
bora4motion
2 years, 10 months ago
Selected Answer: C
"The development team must provide access to the function to a database that is located on a private subnet inside the company's data center." So they are asking how will the lambda reach the data center? follow the routing table. C
upvoted 3 times
...
naveenagurjara
2 years, 11 months ago
Selected Answer: A
A.. A... You can run Lambda within a VPC.
upvoted 1 times
...
bighedgedog
2 years, 11 months ago
Selected Answer: A
Assuming the routing is already properly configured ("All traffic that does not originate in a virtual private cloud is routed via the virtual private gateway.") then the only thing pending is to define the lambda function in the right VPC and with the right SG - Option A.
upvoted 2 times
...
esinan
3 years, 1 month ago
Selected Answer: C
https://docs.aws.amazon.com/lambda/latest/dg/foundation-networking.html#foundation-nw-connecting "To connect to another AWS service, you can use VPC endpoints for private communications between your VPC and supported AWS services. An alternative approach is to use a NAT gateway to route outbound traffic to another AWS service. To give your function access to the internet, route outbound traffic to a NAT gateway in a public subnet. The NAT gateway has a public IP address and can connect to the internet through the VPC's internet gateway."
upvoted 2 times
...
sapbc
3 years, 2 months ago
RapidStar, tu as passé ton test le 03/APR/22 un dimanche ?
upvoted 2 times
...
RapidStar
3 years, 2 months ago
Selected Answer: C
I passed the text on 03/APR/22. This question appeared on my test. I picked C Thank you all folks.
upvoted 5 times
miles3719
2 years, 9 months ago
if only we could all agree on the right answer
upvoted 1 times
...
...
Siraf
3 years, 3 months ago
Answer is A
upvoted 1 times
...
brij1
3 years, 4 months ago
Selected Answer: C
I think C is correct. https://forums.aws.amazon.com/thread.jspa?threadID=282688 (see last comment)
upvoted 5 times
...
tin2022
3 years, 5 months ago
C. Update the route tables
upvoted 2 times
...
CeCe1
3 years, 5 months ago
c is the Amswer
upvoted 1 times
...
FF11
3 years, 5 months ago
Selected Answer: A
A is correct.
upvoted 3 times
SuhasH
3 years, 4 months ago
provide access to the function to a database that is located on a private subnet inside the company's data center. How security group details linked to premise DB in a private VPN
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel