ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 120 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 120
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A company has 20 service teams. Each service team is responsible for its own microservice. Each service team uses a separate AWS account for its microservice and a VPC with the 192.168.0.0/22 CIDR block. The company manages the AWS accounts with AWS Organizations.

Each service team hosts its microservice on multiple Amazon EC2 instances behind an Application Load Balancer. The microservices communicate with each other across the public Internet. The company's security team has issued a new guideline that all communication between microservices must use HTTPS over private network connections and cannot traverse the public Internet.

A DevOps engineer must implement a solution that fulfills these obligations and minimizes the number of changes for each service team.

Which solution will meet these requirements?

  • A. Create a new AWS account in AWS Organizations. Create a VPC in this account and use AWS Resource Access Manager to share the private subnets of this VPC with the organization. Instruct the service teams to launch a new Network Load Balancer (NLB) and EC2 instances that use the shared private subnets. Use the NLB DNS names for communication between microservices.
  • B. Create a Network Load Balancer (NLB) in each of the microservice VPCs. Use AWS PrivateLink to create VPC endpoints in each AWS account for the NLBs. Create subscriptions to each VPC endpoint in each of the other AWS accounts. Use the VPC endpoint DNS names for communication between microservices.
  • C. Create a Network Load Balancer (NLB) in each of the microservice VPCs. Create VPC peering connections between each of the microservice VPCs. Update the route tables for each VPC to use the peering links. Use the NLB DNS names for communication between microservices.
  • D. Create a new AWS account in AWS Organizations. Create a transit gateway in this account. and use AWS Resource Access Manager to share the transit gateway with the organization. In each of the microservice VPCs, create a transit gateway attachment to the shared transit gateway. Update the route tables of each VPC to use the transit gateway. Create a Network Load Balancer (NLB) in each of the microservice VPCs. Use the NLB DNS names for communication between microservices.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Imstack at Dec. 23, 2022, 2:22 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bulti
2 years, 3 months ago
Selected Answer: B
https://aws.amazon.com/blogs/networking-and-content-delivery/connecting-networks-with-overlapping-ip-ranges/ Private link is the best option because Transit Gateway doesn't support overlapping CIDR ranges.
upvoted 4 times
...
saeidp
2 years, 4 months ago
Selected Answer: B
I'll go with B. TGW cannot be used for vpc with overlapping ips. The same for vpc peering
upvoted 3 times
...
USalo
2 years, 4 months ago
Selected Answer: B
B. the link https://aws.amazon.com/blogs/networking-and-content-delivery/connecting-networks-with-overlapping-ip-ranges/ describes NAT + Private Links and Transit Gateways. In the article it is mentioned that TGW can be used when CIDR ranges don't overlap. So the possible solution is "B"
upvoted 1 times
DerekKey
2 years, 3 months ago
You can use TG with overlapping CIDRS but you also have to implement private nat. Read carefully.
upvoted 1 times
vn_thanhtung
1 year ago
no you can not use TGW with overlapping CIDRS. The link say subnets not overlapping
upvoted 1 times
...
...
...
Ace987
2 years, 4 months ago
Selected Answer: D
Transit Gateway fits better ; Connect Amazon VPCs, AWS accounts, and on-premises networks to a single gateway
upvoted 2 times
USalo
2 years, 4 months ago
If I am not mistaken Transit Gateway cannot have VPCs with overlapping IP addresses. So "D" is incorrect. "B" will definitely work
upvoted 4 times
...
...
Imstack
2 years, 4 months ago
B - private link fits well in this situation
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago