SAP-C02 Question #18: Real Exam Question with Answer & Explanation

Question

A company provides a centralized Amazon EC2 application hosted in a single shared VPC. The centralized application must be accessible from client applications running in the VPCs of other business units. The centralized application front end is configured with a Network Load Balancer (NLB) for scalability. Up to 10 business unit VPCs will need to be connected to the shared VPC. Some of the business unit VPC CIDR blocks overlap with the shared VPC. and some overlap with each other. Network connectivity to the centralized application in the shared VPC should be allowed from authorized business unit VPCs only. Which network configuration should a solutions architect use to provide connectivity from the client applications in the business unit VPCs to the centralized application in the shared VPC?

Options

• ACreate an AW5 Transit Gateway. Attach the shared VPC and the authorized business unit VPCs
• BCreate a VPC endpoint service using the centralized application NLB and enable (he option to
• CCreate a VPC peering connection from each business unit VPC to Ihe shared VPC. Accept the
• DConfigure a virtual private gateway for the shared VPC and create customer gateways for each of

Explanation

Amazon Transit Gateway doesn't support routing between Amazon VPCs with overlapping CIDRs. If you attach a new Amazon VPC that has a CIDR which overlaps with an already attached Amazon VPC, Amazon Transit Gateway will not propagate the new Amazon VPC route into the Amazon Transit Gateway route table. https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target- groups.html#client-ip-preservation

No community discussion yet for this question.