Examice

Exam SAP-C02 All QuestionsBrowse all questions from this exam

Question 215

A solutions architect is designing an AWS account structure for a company that consists of multiple teams. All the teams will work in the same AWS Region. The company needs a VPC that is connected to the on-premises network. The company expects less than 50 Mbps of total traffic to and from the on-premises network.

Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)

Create an AWS CloudFormation template that provisions a VPC and the required subnets. Deploy the template to each AWS account.

Create an AWS CloudFormation template that provisions a VPC and the required subnets. Deploy the template to a shared services account. Share the subnets by using AWS Resource Access Manager.

Use AWS Transit Gateway along with an AWS Site-to-Site VPN for connectivity to the on-premises network. Share the transit gateway by using AWS Resource Access Manager.

Use AWS Site-to-Site VPN for connectivity to the on-premises network.

Use AWS Direct Connect for connectivity to the on-premises network.

Correct Answer: B, D

To meet the requirements cost-effectively, the best approach includes creating a shared VPC for all teams and using AWS Site-to-Site VPN for connectivity to the on-premises network. Sharing the VPC and subnets simplifies management and optimizes resource utilization across teams, while AWS Site-to-Site VPN provides a cost-effective means of connecting to the on-premises network at the expected traffic levels without incurring the higher costs associated with AWS Direct Connect or the complexity of AWS Transit Gateway.

Discussion

NikkyDickyOptions: BD

BD they need a (one) VPC, no need for TGW. Use case for subnet sharing via RAM

ayadmawlaOptions: BC

B+C in my humble opinion. Reason for C is that this is a design for a company with "multiple teams" so it is only logical that these teams will want to have at some stage independent accounts from one another and different accounts within the same teams. Thinking about a single VPC would be a bit short sighted.

SK_TyagiOptions: BD

Direct Connect may be an overkill with 1GBPs

ggrodskiy

Correct AD. I think A is correct because you can connect the VPN to each VPC by using a VPN connection resource in each AWS account. You do not need a shared network account for that. You can refer to this documentation for more details: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html B is not correct because it will create a single VPC for all the AWS accounts, which will reduce the isolation and security for the different teams. It will also require sharing the subnets by using AWS Resource Access Manager, which will add complexity and overhead.

SmileyCloudOptions: BC

BC. There are multiple teams and accounts.

career360guruOptions: BD

B and D is right choice.

gfhbox0083

B, D for sure. No need for a TGW

bacharbhouri

Selected Answer: BE Why is nobody considering Direct Connect, it is cheaper than Site to Site VPN.

bacharbhouri

the ask here is for most cost effectively choice.

YOUSSEFSWAID

If you have one VPC why you need to share the subnets ?

TonytheTigerOptions: BD

Option BC & NOT C - The MOST cost effective option: AWS Site-to-Site VPN connection pricing still applies in addition to AWS Transit Gateway VPN attachment pricing. So you will be additional cost with both option https://aws.amazon.com/transit-gateway/pricing/

ftaws

The problem did not say how many VPC. @@@

lghoshino78Options: AD

Most Cost Effective...

nublitOptions: AD

You need to create a singe VPC and a single Account.

kebmiockey

Other problem with VPN is 1.25 Gb limitation.

Christina666Options: BD

Tgw is for VPCs communication.

SkyZeroZxOptions: BD

BD? dont think we need tgw here.

easytoo

b-d...b-d