Q73 — AWS ANS-C01 Ch.1
Question 73 of 100 | ← Chapter 1
A company's development team has created a new product recommendation web service. The web service is hosted in a VPC with a CIDR block of 192 168.224.0/19. The company has deployed the web service on Amazon EC2 instances and has con¦gured an Auto Scaling group as the target Of a Network Load Balancer (NLB). The company wants to perform testing to determine whether users who receive product recommendations spend more money than users who do Not receive product recommendations. The company has a big sales event in 5 days and needs to integrate its existing production environment With the recommendation engine by then. The existing production environment is hosted in a VPC with a CIDR block of 192.168.128 0/17. A network engineer must integrate the systems by designing a solution that results in the least possible disruption to the existing environments. Which solution will meet these requirements?
- A. Create a VPC peering connection between the web service VPC and the existing production VPC. Add a routing rule to the appropriate route Table to allow data to §ow to 192.168.224.0/19 from the existing production environment and to §ow to 192.168.128.0/17 from the web Service environment. Con¦gure the relevant security groups and ACLs to allow the systems to communicate.
- B. Ask the development team of the web service to redeploy the web service into the production VPC and integrate the systems there.
- C. Create a VPC endpoint service. Associate the VPC endpoint service with the NLB for the web service. Create an interface VPC endpoint for The web service in the existing production VPC. ✓
- D. Create a transit gateway in the existing production environment. Create attachments to the production VPC and the web service VPC. Con¦gure appropriate routing rules in the transit gateway and VPC route tables for 192.168.224.0/19 and 192.168.128.0/17. Con¦gure the Relevant security groups and ACLs to allow the systems to communicate.
Correct Answer: C. Create a VPC endpoint service. Associate the VPC endpoint service with the NLB for the web service. Create an interface VPC endpoint for The web service in the existing production VPC.
Explanation
C选项提供了一个低干扰的解决方案,通过创建VPC端点服务并关联到网络服务的NLB,然后在现有生产VPC中创建接口VPC端点,实现了两个VPC之间的安全通信,无需直接暴露NLB到公网或修改现有生产环境的网络配置。这种方式减少了对现有环境的潜在影响,并允许在不影响生产环境稳定性的情况下测试新的推荐引擎。其他选项要么需要直接修改生产环境(B),要么可能引入额外的网络复杂性(A和D)。 查看全部