Q72 — AWS ANS-C01 Ch.1

Question 72 of 100 | ← Chapter 1

A company's development team has created a new product recommendation web service. The web service is hosted in a VPC with a CIDR block of 192.168.224.0/19. The company has deployed the web service on Amazon EC2 instances and has configured an Auto Scaling group as the target Of a Network Load Balancer (NLB). The company wants to perform testing to determine whether users who receive product recommendations spend more money than users who do Not receive product recommendations. The company has a big sales event in 5 days and needs to integrate its existing production environment With the recommendation engine by then. The existing production environment is hosted in a VPC with a CIDR block of 192.168.128 0/17.A network engineer must integrate the systems by designing a solution that results in the least possible disruption to the existing environments. Which solution will meet these requirements?

Correct Answer: C. Create a VPC endpoint service. Associate the VPC endpoint service with the NLB for the web service. Create an interface VPC endpoint for The web service in the existing production VPC.

Explanation

该题考查VPC间安全通信的解决方案。根据AWS文档,VPC端点服务(Endpoint Service)允许通过NLB将服务暴露给其他VPC,无需公共互联网或VPC对等连接。选项C通过接口型VPC终端节点实现跨VPC通信,保持了网络隔离性且无需修改原有路由表结构。选项A可能存在CIDR重叠风险,选项B涉及架构重构,选项D虽可行但需要更复杂配置。选项C的方法最小化网络架构变更,符合"最小干扰"需求。AWS最佳实践推荐使用PrivateLink(VPC终端节点)进行跨VPC服务集成,确保流量不经过公网且避免路由表膨胀。