Q12 — AWS SAP-C02 Ch.1

Question 12 of 75 | ← Chapter 1

Q87. A company is migrating some of its applications to AWS. The company wants to migrate and modernize the applications quickly after it finalizes networking and security strategies. The company has set up an AWS Direct Connect connection in a central network account. The company expects to have hundreds of AWS accounts and VPCs in the near future. The corporate network must be able to access the resources on AWS seamlessly and also must be able to communicate with all the VPCs The company also wants to route its cloud resources to the internet through its on- premises data center. Which combination of steps will meet these requirements? (Select THREE.)

Correct Answer: B. Create a Direct Connect gateway and a transit gateway in the central network account Attach the transit gateway to the Direct Connect gateway by using a transit VIF, D. Share the transit gateway with other accounts. Attach VPCs to the transit gateway, F. Provision only private subnets. Open the necessary route on the transit gateway and customer gateway to allow outbound internet traffic from AWS to flow through NAT services that run in the data center

Explanation

The combination of steps that will meet the requirements described in the question are: B. Create a Direct Connect gateway and a transit gateway in the central network account. Attach the transit gateway to the Direct Connect gateway using a transit VIF. D. Share the transit gateway with other accounts. Attach VPCs to the transit gateway. F. Provision only private subnets. Open the necessary route on the transit gateway and customer gateway to allow outbound internet traffic from AWS to flow through NAT services that run in the data center. Explanation: Option B: Creating a Direct Connect gateway and a transit gateway in the central network account allows for seamless connectivity between the corporate network and AWS resources. The transit gateway acts as a hub for connecting multiple VPCs and VPN connections. Attaching the transit gateway to the Direct Connect gateway using a transit VIF ensures that the on-premises network can communicate with all the VPCs. Option D: Sharing the transit gateway with other accounts allows for the attachment of VPCs from multiple AWS accounts to the transit gateway. This enables communication between the corporate network and all the VPCs in different accounts, providing a centralized connectivity solution. Option F: Provisioning only private subnets and opening the necessary route on the transit gateway and customer gateway to allow outbound internet traffic through NAT services in the data center ensures that cloud resources can access the internet through the on-premises data center. Option A is incorrect because creating a Direct Connect gateway and association proposals with virtual private gateways in each account is not necessary for achieving the desired connectivity and routing requirements. Option C is incorrect because provisioning an internet gateway and allowing internet traffic through it does not directly address the requirements of seamless connectivity between the corporate network and AWS resources and routing cloud resources to the internet through the on-premises data center. Option E is incorrect because VPC peering is not mentioned as a specific requirement in the question and does not directly address the requirements of seamless connectivity and routing through the on-premises data center. Therefore, the correct combination of steps is B, D, and F.