Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

🚀 25% OFF All Practice Exams, Video Courses, & eBooks – Cyber Sale Extension!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Professional Review Mode Practice Test 2 – Q68 Reply To: Review Mode Practice Test 2 – Q68

  • Kenneth-Samonte-Tutorials-Dojo

    Member
    May 27, 2021 at 9:18 pm

    Hi ClaireS,

    Thank you for your feedback.

    I understand that there is no “Hybrid architecture” mentioned on the question to merit an answer which requires VPN.

    However, please note that questions in the actual AWS exam are difficult, tricky, and ambiguous. This is the style that we are trying to mimic in our practice tests so revising questions will need to retain a level of difficulty without explicitly showing the obvious keywords such “Hybrid architecture”

    The scenario for this question, you can refer to this AWS document (scroll to the lower part of the page): https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/centralized-egress-to-internet.html

    That being said, here is how I would approach this question.

    The question states “the company wants to monitor outbound traffic so it is required to have a centralized and controlled egress Internet connection for all accounts” which can indicate that all traffic going to the internet will be monitored by the company using a custom solution (or firewall). Although AWS has NACLs and routing configurations that allow you to do this for egress traffic, these options are limited.

    As from the above AWS link, there are Firewall instances that will filter the egress traffic of other VPCs.

    “If the vendor you choose for egress traffic inspection doesn’t support automation for failure detection, or if you need horizontal scaling, you can use an alternative design. In this design (Figure 13), we don’t create a VPC attachment on the transit gateway for egress VPC, instead, we create an IPsec VPN attachment and create an IPsec VPN from Transit Gateway to the EC2 instances leveraging BGP to exchanges routes. “

    Using a VPN connection is not just limited to Hybrid architecture scenarios. VPNs can still be used on AWS to AWS scenarios too.

    Hope this helps.

    Let us know if you need further assistance. The Tutorials Dojo team is dedicated to helping you pass your AWS exam!

    Regards,

    Kenneth Samonte @ Tutorials Dojo

Skip to content