Exam SAP-C02 All QuestionsBrowse all questions from this exam
Go to Exam
Question 374

A company runs an intranet application on premises. The company wants to configure a cloud backup of the application. The company has selected AWS Elastic Disaster Recovery for this solution.

The company requires that replication traffic does not travel through the public internet. The application also must not be accessible from the internet. The company does not want this solution to consume all available network bandwidth because other applications require bandwidth.

Which combination of steps will meet these requirements? (Choose three.)

    Correct Answer: A, D, E

    To meet the company's requirements, which include ensuring that replication traffic does not travel through the public internet and avoiding the consumption of all available network bandwidth, the following steps are recommended. First, create a VPC with at least two private subnets and a virtual private gateway to ensure the application remains inaccessible from the internet. AWS Direct Connect should be used to establish a dedicated, private connection between the on-premises network and the AWS network, thereby avoiding potential bandwidth competition with other applications. During the configuration of the replication servers, selecting the option to use private IP addresses for data replication will ensure that the replication traffic remains within the private network.

Discussion
heatblurOptions: ADE

ADE Option D: Create an AWS Direct Connect connection and a Direct Connect gateway between the on-premises network and the target AWS network. Option E: During configuration of the replication servers, select the option to use private IP addresses for data replication. Option A: could be considered if the private subnets are used without the NAT gateways, ensuring internal-only network access

MegalodonBoladoOptions: DEF

https://docs.aws.amazon.com/drs/latest/userguide/quick-start-guide-gs.html (E) Data routing and throttling controls how data flows from the external server to the replication servers. If you choose not to use a private IP, your replication servers will be automatically assigned a public IP and data will flow over the public internet. Check "Use private IP for data replication". (F) On Default DRS launch settings, check "Copy private IP". This way all other servers can transparently reach the recovered server. (D) Architects could use VPN or AWS DC, but "...The company does not want this solution to consume all available network bandwidth because other applications require bandwidth.", preferably use AWS Direct Connect.

J0n102Options: ADE

DX is needed as it Provides a dedicated, private network connection that can be managed to avoid consuming all available network bandwidth

ftaws

We don't need to connect internet, why we need NAT gateway in A?

marszalekm

https://docs.aws.amazon.com/drs/latest/userguide/Network-Requirements.html There are two ways to establish direct connectivity to the Internet for the VPC of the staging area, as described in the VPC FAQ 1. Public IP address + Internet gateway 2. Private IP address + NAT instance

marszalekm

Thats the only info I found, however this doesn't exactly answer your question.

drake2020

the question says not accessible from internet NAT gateway is for inbound to internet and not internet -> inbound

zhooon

How about A,C,E? A. Create an intranet application and other application in a private subnet. Intranet applications connect to a private gateway(one). Other applications connect to the NAT gateway(one). Eliminates traffic interference. C. Site-to-Site VPN connect to private gateway. E. Replicates private IP.

zhooon

Can other applications communicate with the Internet through the NAT gateway?

zhooon

Can not backup for other application through Site-to-Site VPN. It is correct Option D. 'Direct Connect gateway' A, D, E

career360guruOptions: ADE

A, D and E

shaaam80Options: ADE

Answer ADE

vip2Options: DEF

replication traffic does not travel through the public internet. --> Not A must not be accessible from the internet --> Not B The company does not want this solution to consume all available network bandwidth --> not C, it requires D as dedicated network E and F during the Disaster Recovery step 3 and 4 as described as link below, https://docs.aws.amazon.com/drs/latest/userguide/quick-start-guide-gs.html

yuliaqwerty

Answer ADE

SHASHANK32Options: BDE

Not Option - A, I don't see the point of creating NAT gateways.

SHASHANK32

mb, answer should A,D,E

shaaam80

Answer - ACE VPC with 2 private subnets and 2 NAT gateways for application and replication traffic which has to be private Site to Site VPN - for secure connection between Onprem and Customer VPC so both replication and application traffic does not flow over public internet Choosing private IP address for replication.

shaaam80

Direct connect not needed as there is no ask for a dedicated connection or high speed.

heatblur

Question states: "The company does not want this solution to consume all available network bandwidth because other applications require bandwidth." Usage of a VPN relies on the companies bandwidth and could very easily consume most of it. They'd need a dedicated connection (aka Direct Connect) to meet this requirement.

shaaam80

Correction - ADE Direct Connect needed for this solution. VPN is not needed

HunkyBunkyOptions: ADE

I guess ADE

devalenzuela86Options: AEF

Creating a VPC with at least two public subnets and an internet gateway (Option B) would allow the application to be accessible from the internet, which is not a requirement. Creating an AWS Site-to-Site VPN connection (Option C) or an AWS Direct Connect connection (Option D) would allow the replication traffic to be routed through a private network, but these options are not required since Option A already provides a private network 1. answer AEF

devalenzuela86Options: ACE

ACE for sure

cypkirOptions: BDE

Answer: B D E