Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SAP-C02 Topic 5 Question 41 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 41
Topic #: 5
[All SAP-C02 Questions]

A software as a service (SaaS) company provides a media software solution to customers The solution is hosted on 50 VPCs across various AWS Regions and AWS accounts One of the VPCs is designated as a management VPC The compute resources in the VPCs work independently

The company has developed a new feature that requires all 50 VPCs to be able to communicate with each other. The new feature also requires one-way access from each customer's VPC to the company's management VPC The management VPC hosts a compute resource that validates licenses for the media software solution

The number of VPCs that the company will use to host the solution will continue to increase as the solution grows

Which combination of steps will provide the required VPC connectivity with the LEAST operational overhead'' (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: A, C

Create a Transit Gateway:

Step 1: In the AWS Management Console, navigate to the VPC Dashboard.

Step 2: Select 'Transit Gateways' and click on 'Create Transit Gateway'.

Step 3: Configure the transit gateway by providing a name and setting the options for Amazon side ASN and VPN ECMP support as needed.

Step 4: Attach each of the company's VPCs and relevant subnets to the transit gateway. This centralizes the network management and simplifies the routing configurations, supporting scalable and flexible network architecture.

Set Up AWS PrivateLink:

Step 1: Create a Network Load Balancer (NLB) in the management VPC that points to the compute resource responsible for license validation.

Step 2: Create an AWS PrivateLink endpoint service pointing to this NLB.

Step 3: Allow each customer's VPC to create an interface endpoint to this PrivateLink service. This setup enables secure and private communication between the customer VPCs and the management VPC, ensuring one-way access from each customer's VPC to the management VPC for license validation.

This combination leverages the benefits of AWS Transit Gateway for scalable and centralized routing, and AWS PrivateLink for secure and private service access, meeting the requirement with minimal operational overhead.

Reference

Amazon VPC-to-Amazon VPC Connectivity Options

AWS PrivateLink - Building a Scalable and Secure Multi-VPC AWS Network Infrastructure

Connecting Your VPC to Other VPCs and Networks Using a Transit Gateway


Contribute your Thoughts:

Onita
2 days ago
Nah, Site-to-Site VPN is way too much work for this use case. Who has time to set up a VPN appliance in 50+ customer VPCs? Not this guy!
upvoted 0 times
...
Peggy
5 days ago
I like the idea of using PrivateLink to create a managed endpoint service for the license validation. That way, the customers can access it securely without needing to manage a VPN connection.
upvoted 0 times
...
Tyisha
19 days ago
I agree with Ailene. Option A and C seem to be the most efficient in terms of connectivity and reducing operational overhead.
upvoted 0 times
...
Virgilio
19 days ago
I'm not sure about option B. Creating VPC peering connections between all VPCs might become cumbersome as the company scales.
upvoted 0 times
...
Ailene
28 days ago
I think option A and C would be the best choices. Transit gateway for VPC connectivity and NLB with PrivateLink for license validation.
upvoted 0 times
...
Dante
1 months ago
The transit gateway seems like the most scalable and maintainable option here. Creating individual VPC peering connections between 50+ VPCs sounds like a headache.
upvoted 0 times
Desiree
11 days ago
A) Create a transit gateway Attach all the company's VPCs and relevant subnets to the transit gateway
upvoted 0 times
...
...

Save Cancel