Q67 — AWS SAP-C02 Ch.3
Question 67 of 75 | ← Chapter 3
Q292. A company is building a hybrid environment that includes servers in an on-premises data center and in the AWS Cloud. The company has deployed Amazon EC2 instances in three VPCs. Each VPC is in a different AWS Region. The company has established an AWS Direct Connect connection to the data center from the Region that is closest to the data center.The company needs the servers in the on-premises data center to have access to the EC2 instances in all three VPCs. The servers in the on-premises data center also must have access to AWS public services Which combination of steps will meet these requirements with the LEAST cost? (Select TWO.)
- A. Create a Direct Connect gateway in the Region that is closest to the data center. Attach the Direct Connect connection to the Direct Connect gateway. ✓
- B. Use the Direct Connect gateway to connect the VPCs in the other two Regions Set up additional Direct Connect connections from the on-premises data center to the other two Regions
- C. Create a private VIF. Establish an AWS Site-to-Site VPN connection over the private VIF to the VPCs in the other two Regions
- D. Create a public VIF. Establish an AWS Site-to-Site VPN connection over the public VIF to the VPCs in the other two Regions ✓
- E. Use VPC peering to establish a connection between the VPCs across the Regions. Create a private VIF with the existing Direct Connect connection to connect to the peered VPCs
Correct Answer: A. Create a Direct Connect gateway in the Region that is closest to the data center. Attach the Direct Connect connection to the Direct Connect gateway., D. Create a public VIF. Establish an AWS Site-to-Site VPN connection over the public VIF to the VPCs in the other two Regions
Explanation
The combination of steps that will meet the requirements with the least cost is: A. Create a Direct Connect gateway in the Region that is closest to the data center. Attach the Direct Connect connection to the Direct Connect gateway. Use the Direct Connect gateway to connect the VPCs in the other two Regions.D. Create a public VIF. Establish an AWS Site-to-Site VPN connection over the public VIF to the VPCs in the other two Regions. Here's an explanation of why this combination of steps is the least costly option: A. Create a Direct Connect gateway in the Region that is closest to the data center. Attach the Direct Connect connection to the Direct Connect gateway. Use the Direct Connect gateway to connect the VPCs in the other two Regions: By creating a Direct Connect gateway in the Region closest to the data center, you can leverage the existing Direct Connect connection to establish connectivity between the on-premises data center and the VPCs in the other two Regions. This eliminates the need for additional Direct Connect connections, reducing the cost. D. Create a public VIF. Establish an AWS Site-to-Site VPN connection over the public VIF to the VPCs in the other two Regions: By creating a public Virtual Interface (VIF) and establishing VPN connections over the public VIF, you can provide access from the on-premises data center to the EC2 instances in the VPCs. This leverages the existing Direct Connect connection and does not require additional private VIFs or VPN connections, reducing the cost. The other options are not as cost-effective: B. Setting up additional Direct Connect connections from the on-premises data center to the other two Regions would incur additional costs for the additional Direct Connect circuits. C. Creating a private VIF and establishing a VPN connection over the private VIF would require additional private VIF provisioning and incur additional costs. E. Using VPC peering to establish a connection between the VPCs across the Regions would not provide connectivity to the servers in the on-premises data center. VPC peering is limited to connecting VPCs within the AWS environment. Therefore, the combination of steps A and D provides the solution with the least cost while meeting the requirements effectively.