Q4 — AWS SAP-C02 Ch.1
Question 4 of 75 | ← Chapter 1
Q79. A company has introduced a new policy that allows employees to work remotely from their homes if they connect by using a VPN. The company is hosting internal applications with VPCS in multiple AWS accounts Currently, the applications are accessible from the Company's on-premises office network through an AWS Site-to-Site VPN connection The VPC in the company's main AWS account has peering connections established with VPCS in other AWS accounts.A solutions architect must design a scalable AWS Client VPN solution for employees to use while they work from homeWhat is the MOST cost-effective solution that meets these requirements?
- A. Create a Client VPN endpoint in each AWS account. Configure required routing that allows access to internal applications
- B. Create a client VPN endpoint in the main AWS account Configure required routing that allows access to internalapplications ✓
- C. Create a Client VPN endpoint in the main AWS account Provision a transit gateway that is connected to each AWSaccount Configure required routing that allows access to internal applications
- D. Create a Client VPN endpoint in the main AWS account. Establish connectivity between the Client VPN endpoint and the AWS Site-to-Site VPN
Correct Answer: B. Create a client VPN endpoint in the main AWS account Configure required routing that allows access to internalapplications
Explanation
To design a cost-effective AWS Client VPN solution that meets the requirements of allowing employees to work remotely from home, the recommended option is: B. Create a client VPN endpoint in the main AWS account. Configure required routing that allows access to internal applications. Explanation: Option B provides a cost-effective solution by creating a single client VPN endpoint in the main AWS account: 1. Client VPN endpoint: By creating a client VPN endpoint in the main AWS account, employees can establish a secure connection to the AWS environment from their homes using a VPN client. This allows them to access internal applications hosted in the VPCs. 2. Required routing: Configure the necessary routing within the VPC to allow access to internal applications. This typically involves setting up appropriate security groups and network ACLs to control traffic flow between the VPN clients and the VPC. This option is cost-effective because it requires the creation of a single client VPN endpoint in the main AWS account, reducing the operational and maintenance overhead compared to creating multiple client VPN endpoints in each AWS account (Option A). It also eliminates the need for additional infrastructure components like transit gateways (Option C) or establishing connectivity between the Client VPN endpoint and the AWS Site-to-Site VPN (Option D). Therefore, option B provides a cost-effective solution by creating a single client VPN endpoint in the main AWS account and configuring the necessary routing to access internal applications.