SAP-C02 Exam QuestionsBrowse all questions from this exam
Go to Exam

SAP-C02 Exam - Question 339

A company operates a fleet of servers on premises and operates a fleet of Amazon EC2 instances in its organization in AWS Organizations. The company's AWS accounts contain hundreds of VPCs. The company wants to connect its AWS accounts to its on-premises network. AWS Site-to-Site VPN connections are already established to a single AWS account. The company wants to control which VPCs can communicate with other VPCs.

Which combination of steps will achieve this level of control with the LEAST operational effort? (Choose three.)

Show Answer
Correct Answer: ABC

To achieve control over VPC communication with the least operational effort, the following combination of steps is necessary: First, create a transit gateway in an AWS account and share it across accounts using AWS Resource Access Manager (AWS RAM). This allows centralized control over network connectivity. Second, configure attachments to all VPCs and VPNs, which involves attaching each VPC and VPN to the transit gateway, thereby enabling connectivity through the gateway. Lastly, set up transit gateway route tables and associate the VPCs and VPNs with the route tables, which will allow fine-grained control over the routing between different VPCs and the on-premises network. This setup avoids the need for complex VPC peering arrangements and manual route table updates in individual VPCs.

Discussion

16 comments
Sign in to comment
HappyPrinceOptions: ABC
Dec 20, 2023

As transit gateway follows a hub and spoke model connecting all VPCs and VPNs to it makes more sense. Moreover, between VPCs and VPNs is invalid.

HunkyBunkyOptions: ACE
Nov 23, 2023

I guess ACE. The company wants to control which VPC will communicate with other VPC, that means that we don't need to setup attachment for all VPCs

devalenzuela86
Nov 25, 2023

Option E proposes configuring attachments between the VPCs and VPNs. This option is necessary to connect the VPCs and VPNs to the transit gateway.

devalenzuela86Options: ABC
Nov 21, 2023

ABC for sure

career360guruOptions: ABC
Jan 9, 2024

Option A, B, C. Option E looks feasible instead of B but that is not a requirement as company only wants to control VPC to VPC communication.

hogtroughOptions: ABC
Mar 6, 2024

E. You don't configure attachments between VPCs and VPNs, you configure attachments to both VPCs and VPN from the transit gateway, thus B.

jpesOptions: ABC
Nov 26, 2023

i'd go for abc as well.

shaaam80Options: ABC
Dec 6, 2023

Answer - ABC

ayadmawlaOptions: ABC
Dec 9, 2023

ABC - we need to read the answers as a combination of steps.

ayadmawla
Dec 19, 2023

One issue though that in order to control which VPC talks to which one, we need to setup route tables on each VPC (E) and not on the transit VPC (C) as that need to be light. So I am thinking that the choice should be ABE and not ABC. The specific use case is not mentioned here but this link should give an idea of how route tables need to be configured. https://docs.aws.amazon.com/vpc/latest/tgw/TGW_Scenarios.html

ayadmawla
Dec 19, 2023

This article suggests the use of NACL to control inter-vpc traffic but that option is not available in the question (although there is another question that brings it up) https://intuitive.cloud/blog/securing-multi-vpc-connectivity-with-aws-transit-gateway-#:~:text=Use%20security%20groups%20and%20NACLs,connected%20to%20the%20Transit%20Gateway.

salazar35Options: ACE
Nov 25, 2023

I guess ACE

shaaam80Options: ACE
Nov 28, 2023

ACE. Option B mentions attaching 'all' VPCs, might not suggest control of what VPCs the company wants to include communcation

shaaam80
Dec 6, 2023

I stand corrected! Answer should be ABC. B- Configure attachments to all VPCs and VPNs. This is the TGW attachments to all VPCs and VPNs. E - Configure attachments between the VPCs and VPNs - WRONG!!

tmlong18Options: ABC
Jan 15, 2024

I go ABC

VerRiOptions: ACE
Mar 20, 2024

We don't need "all"

seetptOptions: ABC
May 3, 2024

ABC for me

vibzr2023
Jan 11, 2024

My Answer "ACE" Why B is correct? The question asks "The company wants to control which VPCs can communicate with other VPCs" Saying that Option B is "Involves attaching every single VPC and VPN within the organization directly to the Transit Gateway" where as Option C focuses on "establishing attachments only between the VPCs that need to communicate with each other and the VPN gateway" Can one explain why B is correct?

vibzr2023
Jan 11, 2024

Typo... I mean Option E Option E... focuses on "establishing attachments only between the VPCs that need to communicate with each other and the VPN gateway" Can anyone explain why B is correct?

arberodOptions: ACE
Feb 12, 2024

It is ACE

053081fOptions: ACE
Jul 6, 2024

The question and opitons include (or lack) some typo errors. E should be "Configure 'transit gateway' attachments between the VPCs and VPNs." Then, I think ABE is correct, not ABC. The company wants to control "which VPCs can communicate with other VPCs." It doesn't say "all VPCs and VPNs.".

053081f
Jul 6, 2024

Sorry I think ACE is correct, not ABC.