Exam SAP-C02 All QuestionsBrowse all questions from this exam
Go to Exam
Question 339

A company operates a fleet of servers on premises and operates a fleet of Amazon EC2 instances in its organization in AWS Organizations. The company's AWS accounts contain hundreds of VPCs. The company wants to connect its AWS accounts to its on-premises network. AWS Site-to-Site VPN connections are already established to a single AWS account. The company wants to control which VPCs can communicate with other VPCs.

Which combination of steps will achieve this level of control with the LEAST operational effort? (Choose three.)

    Correct Answer: A, B, C

    To achieve control over VPC communication with the least operational effort, the following combination of steps is necessary: First, create a transit gateway in an AWS account and share it across accounts using AWS Resource Access Manager (AWS RAM). This allows centralized control over network connectivity. Second, configure attachments to all VPCs and VPNs, which involves attaching each VPC and VPN to the transit gateway, thereby enabling connectivity through the gateway. Lastly, set up transit gateway route tables and associate the VPCs and VPNs with the route tables, which will allow fine-grained control over the routing between different VPCs and the on-premises network. This setup avoids the need for complex VPC peering arrangements and manual route table updates in individual VPCs.

Discussion
HappyPrinceOptions: ABC

As transit gateway follows a hub and spoke model connecting all VPCs and VPNs to it makes more sense. Moreover, between VPCs and VPNs is invalid.

HunkyBunkyOptions: ACE

I guess ACE. The company wants to control which VPC will communicate with other VPC, that means that we don't need to setup attachment for all VPCs

devalenzuela86

Option E proposes configuring attachments between the VPCs and VPNs. This option is necessary to connect the VPCs and VPNs to the transit gateway.

hogtroughOptions: ABC

E. You don't configure attachments between VPCs and VPNs, you configure attachments to both VPCs and VPN from the transit gateway, thus B.

career360guruOptions: ABC

Option A, B, C. Option E looks feasible instead of B but that is not a requirement as company only wants to control VPC to VPC communication.

devalenzuela86Options: ABC

ABC for sure

ayadmawlaOptions: ABC

ABC - we need to read the answers as a combination of steps.

ayadmawla

One issue though that in order to control which VPC talks to which one, we need to setup route tables on each VPC (E) and not on the transit VPC (C) as that need to be light. So I am thinking that the choice should be ABE and not ABC. The specific use case is not mentioned here but this link should give an idea of how route tables need to be configured. https://docs.aws.amazon.com/vpc/latest/tgw/TGW_Scenarios.html

ayadmawla

This article suggests the use of NACL to control inter-vpc traffic but that option is not available in the question (although there is another question that brings it up) https://intuitive.cloud/blog/securing-multi-vpc-connectivity-with-aws-transit-gateway-#:~:text=Use%20security%20groups%20and%20NACLs,connected%20to%20the%20Transit%20Gateway.

shaaam80Options: ABC

Answer - ABC

jpesOptions: ABC

i'd go for abc as well.

tmlong18Options: ABC

I go ABC

shaaam80Options: ACE

ACE. Option B mentions attaching 'all' VPCs, might not suggest control of what VPCs the company wants to include communcation

shaaam80

I stand corrected! Answer should be ABC. B- Configure attachments to all VPCs and VPNs. This is the TGW attachments to all VPCs and VPNs. E - Configure attachments between the VPCs and VPNs - WRONG!!

salazar35Options: ACE

I guess ACE

seetptOptions: ABC

ABC for me

VerRiOptions: ACE

We don't need "all"

053081fOptions: ACE

The question and opitons include (or lack) some typo errors. E should be "Configure 'transit gateway' attachments between the VPCs and VPNs." Then, I think ABE is correct, not ABC. The company wants to control "which VPCs can communicate with other VPCs." It doesn't say "all VPCs and VPNs.".

053081f

Sorry I think ACE is correct, not ABC.

arberodOptions: ACE

It is ACE

vibzr2023

My Answer "ACE" Why B is correct? The question asks "The company wants to control which VPCs can communicate with other VPCs" Saying that Option B is "Involves attaching every single VPC and VPN within the organization directly to the Transit Gateway" where as Option C focuses on "establishing attachments only between the VPCs that need to communicate with each other and the VPN gateway" Can one explain why B is correct?

vibzr2023

Typo... I mean Option E Option E... focuses on "establishing attachments only between the VPCs that need to communicate with each other and the VPN gateway" Can anyone explain why B is correct?