SAP-C02 · Question #119
SAP-C02 Question #119: Real Exam Question with Answer & Explanation
The correct answer is C: In the transit account, create a VPC prefix list with all of the internal IP address ranges.. Customer-managed prefix lists - Sets of IP address ranges that you define and manage. You can share your prefix list with other AWS accounts, enabling those accounts to reference the prefix list in their own resources. https://docs.aws.amazon.com/vpc/latest/userguide/managed-pref
Question
A company has an organization in AWS Organizations that has a large number of AWS accounts. One of the AWS accounts is designated as a transit account and has a transit gateway that is shared with all of the other AWS accounts AWS Site-to-Site VPN connections are configured between all of the company's global offices and the transit account. The company has AWS Config enacted on all of its accounts. The company's networking team needs to centrally manage a list of internal IP address ranges that belong to the global offices. Developers will reference this list to gain access to their applications Securely. Which solution meets these requirements with the LEAST amount of operational overhead?
Options
- ACreate a JSON file that is hosted in Amazon S3 and that lists all of the internal IP address ranges.
- BCreate a new AWS Config managed rule that contains all of the internal IP address ranges.
- CIn the transit account, create a VPC prefix list with all of the internal IP address ranges.
- DIn the transit account, create a security group with all of the internal IP address ranges.
Explanation
Customer-managed prefix lists - Sets of IP address ranges that you define and manage. You can share your prefix list with other AWS accounts, enabling those accounts to reference the prefix list in their own resources. https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html
Community Discussion
No community discussion yet for this question.