Q52 — AWS SAP-C02 Ch.3

Question 52 of 75 | ← Chapter 3

Q277. A solutions architect is designing an AWS account structure for a company that consists of multiple teams. All the teams will work in the same AWS Region. The company needs a VPC that is connected to the on- premises network. The company expects less than 50 Mbps of total traffic to and from the on-premises network. Which combination of steps will meet these requirements MOST cost-effectively? (Select TWO.)

Correct Answer: B. Create an AWS CloudFormation template that provisions a VPC and the required subnets. Deploy the template to a shared services account. Share the subnets by using AWS Resource Access Manager., D. Use AWS Site-to-Site VPN for connectivity to the on-premises network

Explanation

B. Create an AWS CloudFormation template that provisions a VPC and the required subnets. Deploy the template to a shared services account. Share the subnets by using AWS Resource Access Manager. This solution involves creating a centralized, shared services account for the VPC and deploying a CloudFormation template that provisions the VPC and its subnets. The subnets can be shared with other accounts in the organization using AWS Resource Access Manager (RAM). This approach can optimize costs by reducing the number of resources needed to manage and maintain the VPC and its connectivity. D. Use AWS Site-to-Site VPN for connectivity to the on-premises network. This solution uses AWS Site-to-Site VPN to enable secure communication between the on-premises network and the AWS VPC. This option is cost-effective since it does not require any additional hardware or equipment to establish the connection. Additionally, it enables the organization to leverage existing internet connections to connect to AWS instead of requiring additional dedicated lines. A, C, and E are not optimal solutions: A. Create an AWS CloudFormation template that provisions a VPC and the required subnets. Deploy the template to each AWS account. This solution results in duplicated effort and administrative overhead, as each team has to provision their own VPC. It also leads to increased maintenance costs and may result in inconsistent configurations and security risks. C. Use AWS Transit Gateway along with an AWS Site-to-Site VPN for connectivity to the on-premises network. Share the transit gateway by using AWS Resource Access Manager. While AWS Transit Gateway can simplify network management and reduce operational overhead, it may not be the most cost-effective option for this use case. Since the company only expects less than 50 Mbps of traffic, it might not need the scalability features of AWS Transit Gateway, making direct connection through Site-to-Site VPN more cost-effective. E. Use AWS Direct Connect for connectivity to the on-premises network. AWS Direct Connect is a dedicated network connection between an on-premises data center and AWS, which can provide companies with a more reliable and consistent connection than Site-to-Site VPN. However, this option also requires additional hardware, such as a Direct Connect router, and it may not be cost-effective for organizations with less than 50 Mbps of total traffic.