Amazon Exam SAP-C02 Topic 6 Question 25 Discussion

Actual exam question for Amazon's SAP-C02 exam

Question #: 25
Topic #: 6

A company has many services running in its on-premises data center. The data center is connected to AWS using AWS Direct Connect (DX)and an IPsec VPN. The service data is sensitive and connectivity cannot traverse the interne. The company wants to expand to a new market segment and begin offering Is services to other companies that are using AWS.

Which solution will meet these requirements?

ACreate a VPC Endpoint Service that accepts TCP traffic, host it behind a Network Load Balancer, and make the service available over DX.

BCreate a VPC Endpoint Service that accepts HTTP or HTTPS traffic, host it behind an Application Load Balancer, and make the service available over DX.

CAttach an internet gateway to the VPC. and ensure that network access control and security group rules allow the relevant inbound and outbound traffic.

DAttach a NAT gateway to the VPC. and ensue that network access control and security group rules allow the relevant inbound and outbound traffic.

Show Suggested Answer

Suggested Answer: B

To offer services to other companies using AWS without traversing the internet, creating a VPC Endpoint Service hosted behind an Application Load Balancer (ALB) and making it available over AWS Direct Connect (DX) is the most suitable solution. This approach ensures that the service traffic remains within the AWS network, adhering to the requirement that connectivity must not traverse the internet. An ALB is capable of handling HTTP/HTTPS traffic, making it appropriate for web-based services. Utilizing DX for connectivity between the on-premises data center and AWS further secures and optimizes the network path.

AWS Direct Connect Documentation: Explains how to set up DX for private connectivity between AWS and an on-premises network.

Amazon VPC Endpoint Services (AWS PrivateLink) Documentation: Provides details on creating and configuring endpoint services for private, secure access to services hosted in AWS.

AWS Application Load Balancer Documentation: Offers guidance on configuring ALBs to distribute HTTP/HTTPS traffic efficiently.

by Brett at Mar 08, 2024, 03:50 AM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Keneth

11 days ago

Okay, let's think this through. Option A sounds like it could work, since a Network Load Balancer can provide private access over Direct Connect. But I'm not sure if TCP is the best protocol for this use case, maybe HTTPS would be better?

upvoted 0 times

...

Ernie

12 days ago

Haha, imagine if they just said 'Make it work over the internet, who cares about the sensitive data!' That would be a disaster waiting to happen.

upvoted 0 times

...

Narcisa

13 days ago

Yeah, I agree. Options C and D don't really meet the requirements since they involve using the internet. But I'm not sure if a VPC Endpoint Service is the right solution either, since that's usually used for private access to AWS services, not for exposing your own services.

upvoted 0 times

...

Rima

14 days ago

Hmm, this is a tricky one. The key requirements here are that the data is sensitive and the connectivity cannot go through the internet, so I'm leaning towards options A or B.

upvoted 0 times

...