ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 984 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 984
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company wants to move its three-stage web application to the AWS Cloud. The three stages are development, test, and production. Each stage must use its own dedicated VPC. The company wants to access the stages through IPsec connections from the company's main office location.

Which combination of steps should a solutions architect implement in the network design to meet these requirements? (Choose three.)

  • A. Create a dedicated networking VPC that includes a virtual private gateway.
  • B. Create a transit gateway. Attach all the VPCs to the transit gateway.
  • C. Create security groups in each VPC to control access to and from the application resources.
  • D. Create a customer gateway. Create a VPN connection. Attach the VPN connection to the transit gateway by specifying the customer gateway.
  • E. Create a customer gateway. Create a VPN connection. Attach the VPN connection to the virtual private gateway by specifying the customer gateway.
  • F. Create security groups for the transit gateway to control network access to the application resources.
Show Suggested Answer Hide Answer
Suggested Answer: BCD 🗳️
by due at Dec. 16, 2022, 5:45 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Vash2303
Highly Voted 2 years, 5 months ago
Selected Answer: BCD
BCD. A - not required F - not possible
upvoted 7 times
...
due
Highly Voted 2 years, 6 months ago
Selected Answer: ABD
IPsec connections from the company to 3 VPC = VPCs + transit gateway with VPN IP SEC + customer gateway
upvoted 6 times
...
Ebi
Most Recent 1 year, 4 months ago
BCD, TGW does not need a dedicated network VPC, so A is not correct
upvoted 1 times
...
marszalekm
1 year, 5 months ago
https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-transit-gateway-vpn.html
upvoted 1 times
...
dkd123
1 year, 6 months ago
ABD should be the answer per this link: https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-centralized-router.html
upvoted 1 times
...
ggrodskiy
1 year, 12 months ago
Correct BCD
upvoted 1 times
...
SkyZeroZx
2 years ago
Selected Answer: BCD
BCD. A - not required F - not possible
upvoted 1 times
...
Jesuisleon
2 years, 1 month ago
Selected Answer: BCD
IPSec is from cgw via VPN to tgw, no need to introduce vgw. "Transit gateway: A transit hub that can be used to interconnect multiple VPCs and on-premises networks, and as a VPN endpoint for the Amazon side of the Site-to-Site VPN connection." from link https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html I found two links similar to this question except no intra-access between VPCs ( this can be controlled by tgw route table). There are no vgw introduced in both cases. https://repost.aws/knowledge-center/transit-gateway-multiple-vpc https://repost.aws/knowledge-center/transit-gateway-connect-vpcs-from-vpn
upvoted 3 times
...
dev112233xx
2 years, 2 months ago
Selected Answer: ABD
i agree it's ABD VPC+TGW+customer GW
upvoted 1 times
...
hobokabobo
2 years, 3 months ago
Selected Answer: BCD
Lets start with D vrs E. Either we attach the vpn to a transit gateway or to virtual private gateway. As we we have multiple VPC, choice is the transit gateway. For A vrs B: Now that we decide, that we do not want the private gateway in favour of the transit gateway, we want to create the transit gateway(B) and not the private Gateway. F vrs C: Finally we have to decide where to create security groups. They are not created for the transit gateway but in the VPC for the various resources, which means C So we end up with BCD
upvoted 6 times
...
TajSidKazi
2 years, 3 months ago
Selected Answer: ABD
Option A specifies the creation of a dedicated networking VPC that includes a virtual private gateway (VGW). This VGW will enable the IPsec connections to the AWS Cloud from the company's main office location. Option B specifies the creation of a transit gateway (TGW) and attaching all the VPCs (one for each stage) to the TGW. This will enable the inter-VPC communication between the three stages of the web application. Option D specifies the creation of a customer gateway (CGW) and a VPN connection. The VPN connection will allow the IPsec connections from the company's main office location to the AWS Cloud through the TGW. The VPN connection should be attached to the TGW by specifying the CGW.
upvoted 2 times
hobokabobo
2 years, 3 months ago
D contradicts A.
upvoted 2 times
...
...
coolt2
2 years, 5 months ago
I think question not well phrased ,if you have a a transit gateway for VPN then why do we need a Virtual Private Gateway and also you dont apply security groups to a transit gateway ,i dont see best combination of 3 answers here.
upvoted 1 times
...
zozza2023
2 years, 5 months ago
Selected Answer: ABD
vpc+TGW+customer GW
upvoted 2 times
...
Kende
2 years, 6 months ago
Selected Answer: ABD
"ABD" are the ones.
upvoted 3 times
...
ggrodskiy
2 years, 6 months ago
Correct ABD
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel