SAP-C02 Exam QuestionsBrowse all questions from this exam
Go to Exam

SAP-C02 Exam - Question 374

A company runs an intranet application on premises. The company wants to configure a cloud backup of the application. The company has selected AWS Elastic Disaster Recovery for this solution.

The company requires that replication traffic does not travel through the public internet. The application also must not be accessible from the internet. The company does not want this solution to consume all available network bandwidth because other applications require bandwidth.

Which combination of steps will meet these requirements? (Choose three.)

Show Answer
Correct Answer: ADE

To meet the company's requirements, which include ensuring that replication traffic does not travel through the public internet and avoiding the consumption of all available network bandwidth, the following steps are recommended. First, create a VPC with at least two private subnets and a virtual private gateway to ensure the application remains inaccessible from the internet. AWS Direct Connect should be used to establish a dedicated, private connection between the on-premises network and the AWS network, thereby avoiding potential bandwidth competition with other applications. During the configuration of the replication servers, selecting the option to use private IP addresses for data replication will ensure that the replication traffic remains within the private network.

Discussion

15 comments
Sign in to comment
heatblurOptions: ADE
Nov 25, 2023

ADE Option D: Create an AWS Direct Connect connection and a Direct Connect gateway between the on-premises network and the target AWS network. Option E: During configuration of the replication servers, select the option to use private IP addresses for data replication. Option A: could be considered if the private subnets are used without the NAT gateways, ensuring internal-only network access

J0n102Options: ADE
Dec 4, 2023

DX is needed as it Provides a dedicated, private network connection that can be managed to avoid consuming all available network bandwidth

MegalodonBoladoOptions: DEF
Jan 3, 2024

https://docs.aws.amazon.com/drs/latest/userguide/quick-start-guide-gs.html (E) Data routing and throttling controls how data flows from the external server to the replication servers. If you choose not to use a private IP, your replication servers will be automatically assigned a public IP and data will flow over the public internet. Check "Use private IP for data replication". (F) On Default DRS launch settings, check "Copy private IP". This way all other servers can transparently reach the recovered server. (D) Architects could use VPN or AWS DC, but "...The company does not want this solution to consume all available network bandwidth because other applications require bandwidth.", preferably use AWS Direct Connect.

zhooon
Jan 24, 2024

How about A,C,E? A. Create an intranet application and other application in a private subnet. Intranet applications connect to a private gateway(one). Other applications connect to the NAT gateway(one). Eliminates traffic interference. C. Site-to-Site VPN connect to private gateway. E. Replicates private IP.

zhooon
Jan 24, 2024

Can other applications communicate with the Internet through the NAT gateway?

zhooon
Jan 26, 2024

Can not backup for other application through Site-to-Site VPN. It is correct Option D. 'Direct Connect gateway' A, D, E

ftaws
Jan 31, 2024

We don't need to connect internet, why we need NAT gateway in A?

marszalekm
Feb 14, 2024

https://docs.aws.amazon.com/drs/latest/userguide/Network-Requirements.html There are two ways to establish direct connectivity to the Internet for the VPC of the staging area, as described in the VPC FAQ 1. Public IP address + Internet gateway 2. Private IP address + NAT instance

marszalekm
Feb 14, 2024

Thats the only info I found, however this doesn't exactly answer your question.

drake2020
Apr 13, 2024

the question says not accessible from internet NAT gateway is for inbound to internet and not internet -> inbound

shaaam80Options: ADE
Dec 6, 2023

Answer ADE

career360guruOptions: ADE
Jan 10, 2024

A, D and E

cypkirOptions: BDE
Nov 22, 2023

Answer: B D E

devalenzuela86Options: ACE
Nov 22, 2023

ACE for sure

devalenzuela86Options: AEF
Nov 24, 2023

Creating a VPC with at least two public subnets and an internet gateway (Option B) would allow the application to be accessible from the internet, which is not a requirement. Creating an AWS Site-to-Site VPN connection (Option C) or an AWS Direct Connect connection (Option D) would allow the replication traffic to be routed through a private network, but these options are not required since Option A already provides a private network 1. answer AEF

HunkyBunkyOptions: ADE
Nov 27, 2023

I guess ADE

shaaam80
Nov 29, 2023

Answer - ACE VPC with 2 private subnets and 2 NAT gateways for application and replication traffic which has to be private Site to Site VPN - for secure connection between Onprem and Customer VPC so both replication and application traffic does not flow over public internet Choosing private IP address for replication.

shaaam80
Nov 29, 2023

Direct connect not needed as there is no ask for a dedicated connection or high speed.

heatblur
Nov 30, 2023

Question states: "The company does not want this solution to consume all available network bandwidth because other applications require bandwidth." Usage of a VPN relies on the companies bandwidth and could very easily consume most of it. They'd need a dedicated connection (aka Direct Connect) to meet this requirement.

shaaam80
Dec 6, 2023

Correction - ADE Direct Connect needed for this solution. VPN is not needed

SHASHANK32Options: BDE
Dec 1, 2023

Not Option - A, I don't see the point of creating NAT gateways.

SHASHANK32
Dec 3, 2023

mb, answer should A,D,E

yuliaqwerty
Dec 22, 2023

Answer ADE

vip2Options: DEF
Jul 9, 2024

replication traffic does not travel through the public internet. --> Not A must not be accessible from the internet --> Not B The company does not want this solution to consume all available network bandwidth --> not C, it requires D as dedicated network E and F during the Disaster Recovery step 3 and 4 as described as link below, https://docs.aws.amazon.com/drs/latest/userguide/quick-start-guide-gs.html