SAP-C02 · Question #42
SAP-C02 Question #42: Real Exam Question with Answer & Explanation
Sign in or unlock SAP-C02 to reveal the answer and full explanation for question #42. The question stem and answer options stay visible for context.
Question
A company has multiple AWS accounts as part of an organization created with AWS Organizations. Each account has a VPC in the us-east-2 Region and is used for either production or development workloads. Amazon EC2 instances across production accounts need to communicate with each other, and EC2 instances across development accounts need to communicate with each other, but production and development instances should not be able to communicate with each other. To facilitate connectivity, the company created a common network account. The company used AWS Transit Gateway to create a transit gateway in the us-east-2 Region in the network account and shared the transit gateway with the entire organization by using AWS Resource Access Manager. Network administrators then attached VPCs in each account to the transit gateway, after which the EC2 instances were able to communicate across accounts. However, production and development accounts were also able to communicate with one another. Which set of steps should a solutions architect take to ensure production traffic and development traffic are completely isolated?
Options
- AModify the security groups assigned to development EC2 instances to block traffic from
- BCreate a tag on each VPC attachment with a value of either production or development,
- CCreate separate route tables for production and development traffic. Delete each account's
- DCreate a tag on each VPC attachment with a value of either production or development,
Unlock SAP-C02 to see the answer
You've previewed enough free SAP-C02 questions. Unlock SAP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.