Examice

Exam SAP-C02 All QuestionsBrowse all questions from this exam

Question 198

A company is building a hybrid environment that includes servers in an on-premises data center and in the AWS Cloud. The company has deployed Amazon EC2 instances in three VPCs. Each VPC is in a different AWS Region. The company has established an AWS Direct. Connect connection to the data center from the Region that is closest to the data center.

The company needs the servers in the on-premises data center to have access to the EC2 instances in all three VPCs. The servers in the on-premises data center also must have access to AWS public services.

Which combination of steps will meet these requirements with the LEAST cost? (Choose two.)

Create a Direct Connect gateway in the Region that is closest to the data center. Attach the Direct Connect connection to the Direct Connect gateway. Use the Direct Connect gateway to connect the VPCs in the other two Regions.

Set up additional Direct Connect connections from the on-premises data center to the other two Regions.

Create a private VIF. Establish an AWS Site-to-Site VPN connection over the private VIF to the VPCs in the other two Regions.

Create a public VIF. Establish an AWS Site-to-Site VPN connection over the public VIF to the VPCs in the other two Regions.

Use VPC peering to establish a connection between the VPCs across the Regions Create a private VIF with the existing Direct Connect connection to connect to the peered VPCs.

Correct Answer: A, E

To meet the requirements with the least cost, you should create a Direct Connect gateway and use VPC peering. The Direct Connect gateway allows global access and can connect multiple VPCs across different regions to your on-premises data center, reducing the need for additional Direct Connect connections. VPC peering enables you to establish connections between VPCs across regions. This combination leverages existing connections and reduces the need for extra infrastructure, meeting the requirements cost-effectively.

Discussion

cmoreiraOptions: AD

There is no correct answer. NONE. A.Direct Connect gateway are global. You dont create them in a "region" B. Not needed, since you have DX-GW. C. Cant establish site-to-site VPN over private VIF. You do it over public or transit (recommended). D. Yes, should use private VIF, but for access to AWS public resources, not the other VPCs. E. VPC peering wont allow Onprem to access other VPCs via peering. Best Answer is DX-Gateway AND Public VIF (A and D). However they're both wrong. https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-gateways-intro.html

Roontha

Answer : A, D https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-site-to-site-vpn.html

Jesuisleon

Agree Roontha. For E, "Create a private VIF with the existing Direct Connect connection to connect to the peered VPCs" is wrong. private VIF can only connect to the vpc which is in the same region with direct connection, you can't extend private VIF to the VPCs in other 2 regions.

rbm2023Options: AD

agree with A and D tks to Roontha

pupsikOptions: AD

got to use Public VIN in order to connect to AWS Services via Direct Connect.

gfhbox0083Options: AD

A, D for sure. Must have access to AWS public services.

career360guruOptions: AD

A and D

NikkyDickyOptions: AD

its AD

SkyZeroZxOptions: AD

Answer : A, D https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-site-to-site-vpn.html

easytoo

a-d-a-d-a-d-a-d

andreituguiOptions: AD

Answer is A,D