SAP-C02 第 181 题
题目
A company is designing its network configuration in the AWS Cloud. The company uses AWS Organizations to manage a multi- account setup. The company has three OUs. Each OU contains more than 100 AWS accounts. Each account has a single VPC, and all the VPCs in each OU are in the same AWS Region. The CIDR ranges for all the AWS accounts do not overlap. The company needs to implement a solution in which VPCs in the same OU can communicate with each other but cannot communicate with VPCs in other OUs. Which solution will meet these requirements with the LEAST operational overhead?
中文翻译:
一家公司正在 AWS 云中设计其网络配置。该公司使用 AWS Organizations 来管理多账户设置。该公司拥有三个 OU。每个 OU 包含 100 多个 AWS 账户。每个账户都有一个 VPC,并且每个 OU 中的所有 VPC 都位于同一 AWS 区域。所有 AWS 账户的 CIDR 范围不重叠。公司需要实现一个解决方案,同一OU内的VPC可以互相通信,但不能与其他OU内的VPC通信。哪种解决方案能够以最少的运营开销满足这些要求?
选项
A. Create an AWS CloudFormation stack set that establishes VPC peering between accounts in each OU. Provision the stack set in each OU.
中文翻译:
创建一个 AWS CloudFormation 堆栈集,在每个 OU 中的账户之间建立 VPC 对等互连。在每个 OU 中配置堆栈集。
B. In each OU, create a dedicated networking account that has a single VPC. Share this VPC with all the other accounts in the OU by using AWS Resource Access Manager (AWS RAM). Create a VPC peering connection between the networking account and each account in the OU.
中文翻译:
在每个 OU 中,创建一个具有单个 VPC 的专用网络帐户。使用 AWS Resource Access Manager (AWS RAM) 与 OU 中的所有其他账户共享此 VPC。在网络帐户和 OU 中的每个帐户之间创建 VPC 对等连接。
C. Provision a transit gateway in an account in each OU. Share the transit gateway across the organization by using AWS Resource Access Manager (AWS RAM). Create transit gateway VPC attachments for each VPC.
中文翻译:
在每个 OU 的帐户中配置中转网关。使用 AWS Resource Access Manager (AWS RAM) 在整个组织中共享中转网关。为每个 VPC 创建中转网关 VPC 连接。
D. In each OU, create a dedicated networking account that has a single VPC. Establish a VPN connection between the networking account and the other accounts in the OU. Use third-party routing software to route transitive traffic between the VPCs.
中文翻译:
在每个 OU 中,创建一个具有单个 VPC 的专用网络帐户。在网络帐户与 OU 中的其他帐户之间建立 VPN 连接。使用第三方路由软件在 VPC 之间路由传输流量。
答案
C
解析
正确答案:C 解析: 本题应选择 C。 正确选项: C. 在每个 OU 的帐户中配置中转网关。使用 AWS Resource Access Manager (AWS RAM) 在整个组织中共享中转网关。为每个 VPC 创建中转网关 VPC 连接。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词,例如最高性能、最低运维开销、成本效益、可靠性、可扩展性、安全性、RTO/RPO、合规要求...