Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 77 discussion

https://docs.aws.amazon.com/pt_br/whitepapers/latest/aws-vpc-connectivity-options/aws-transit-gateway-vpn.html Transit gateway is an AWS managed high availability and scalability regional network transit hub used to interconnect VPCs and customer networks. AWS Transit Gateway + VPN, using the Transit Gateway VPN Attachment, provides the option of creating an IPsec VPN connection between your remote network and the Transit Gateway over the internet, as shown in the following picture. https://docs.aws.amazon.com/images/whitepapers/latest/aws-vpc-connectivity-options/images/image4.png Option A is the correct answer since the transit gateway will allow both VPCs to connect to the on premises network. Option B suggests the same feature but is using the Transit Gateway in a incorrect way. The soul purpose of the gateway is to have point for interconnectivity.

For those that have written SAP-C02, how relevant are these questions to the real exam questions? After adequate preparation, I wanted to truly test my knowledge before dabbling into the exam and would really appreciate anyone's candid opinion. Thanks.

A. Create a transit gateway. Attach the Site-to-Site VPN, VPC A, and VPC B to the transit gateway. Update the transit gateway route tables for all networks to add IP range routes for all other networks.

After all, what is the right answer A or D ?

A, Transit Gateway

Option A is the most straightforward and effective solution. A transit gateway acts as a cloud router that simplifies network topology and connectivity between on-premises networks, VPCs, and other AWS services. By attaching both VPCs (A and B) and the Site-to-Site VPN to a single transit gateway and updating the route tables accordingly, Example Corp. can enable seamless communication between its on-premises network and both VPCs. This approach minimizes operational effort by centralizing network management and eliminating the need for complex routing configurations or multiple VPN connections. Option D proposes modifying the Site-to-Site VPN’s virtual private gateway to include both VPC A and VPC B. However, a virtual private gateway cannot be directly shared or split between VPCs in the manner described. This option misunderstands the architecture of AWS networking components and their capabilities.

A = correct B = if you setup a second VPN you do not need a TGW C = peering does not allow edge-to-edge routing (aka VPC B cannot access on-premise via VPC A and vice versa) D = Virtual Private Gateway is specific to a single VPC

reluctantly selecting option A. these answers do not take into consideration that the On-promises already has a peered connection to VPC A through the existing site to site

I think A is right, I do not know why other guys select D

surely A

A is the best option. Creating a transit gateway and attaching Site-to-Site VPN, VPC A, and VPC B to the transit gateway would enable the on-premise servers to access VPC B with minimal operational effort. The transit gateway route tables would need to be updated with IP range routes for all the other networks to enable communication between the VPCs and the on-premises servers.

Solution A is the only one possible solution

A. Create a transit gateway. Attach the Site-to-Site VPN

A makes sense to me

A for me

A has this wierd wording - attaching S-S VPN ? transit gateway attaches to VPCs only not S-S vpn. A is wrong. Since VPC A and VPC B are already peered, the easiest solution to connect from the on-premises servers to VPC B would be to create another Site-to-Site VPN connection between the on-premises data center and VPC B. This would require minimal operational effort, as the existing VPN connection with VPC A can remain unchanged.

TGW is the solutions