SAP-C02 第 172 题
题目
A company has multiple business units that each have separate accounts on AWS. Each business unit manages its own network with several VPCs that have CIDR ranges that overlap. The company’s marketing team has created a new internal application and wants to make the application accessible to all the other business units. The solution must use private IP addresses only. Which solution will meet these requirements with the LEAST operational overhead?
中文翻译:
一家公司有多个业务部门,每个部门在 AWS 上都有单独的账户。每个业务部门都通过多个 VPC 管理自己的网络,这些 VPC 的 CIDR 范围重叠。该公司的营销团队创建了一个新的内部应用程序,并希望所有其他业务部门都可以访问该应用程序。该解决方案必须仅使用私有 IP 地址。哪种解决方案能够以最少的运营开销满足这些要求?
选项
A. Instruct each business unit to add a unique secondary CIDR range to the business unit's VPC. Peer the VPCs and use a private NAT gateway in the secondary range to route traffic to the marketing team.
中文翻译:
指示每个业务部门向该业务部门的 VPC 添加唯一的辅助 CIDR 范围。对 VPC 进行对等并使用辅助范围中的私有 NAT 网关将流量路由到营销团队。
B. Create an Amazon EC2 instance to serve as a virtual appliance in the marketing account's VPC. Create an AWS Site-to-Site VPN connection between the marketing team and each business unit's VPC. Perform NAT where necessary.
中文翻译:
创建一个 Amazon EC2 实例以充当营销账户的 VPC 中的虚拟设备。在营销团队和每个业务部门的 VPC 之间创建 AWS 站点到站点 VPN 连接。必要时执行 NAT。
C. Create an AWS PrivateLink endpoint service to share the marketing application. Grant permission to specific AWS accounts to connect to the service. Create interface VPC endpoints in other accounts to access the application by using private IP addresses.
中文翻译:
创建 AWS PrivateLink 终端节点服务以共享营销应用程序。向特定 AWS 账户授予连接到服务的权限。在其他账户中创建接口VPC端点,以使用私有IP地址访问应用程序。
D. Create a Network Load Balancer (NLB) in front of the marketing application in a private subnet. Create an API Gateway API. Use the Amazon API Gateway private integration to connect the API to the NLB. Activate IAM authorization for the API. Grant access to the accounts of the other business units.
中文翻译:
在私有子网中的营销应用程序前面创建网络负载均衡器 (NLB)。创建 API 网关 API。使用 Amazon API Gateway 私有集成将 API 连接到 NLB。激活API的IAM授权。授予对其他业务部门帐户的访问权限。
答案
C
解析
正确答案:C 解析: 本题应选择 C。 正确选项: C. 创建 AWS PrivateLink 终端节点服务以共享营销应用程序。向特定 AWS 账户授予连接到服务的权限。在其他账户中创建接口VPC端点,以使用私有IP地址访问应用程序。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词,例如最高性能、最低运维开销、成本效益、可靠性、可扩展性、安全性、RTO/RPO、合规要求等。本题相关...