SAP-C02 第 247 题
题目
A large company runs workloads in VPCs that are deployed across hundreds of AWS accounts. Each VPC consists of public subnets and private subnets that span across multiple Availability Zones. NAT gateways are deployed in the public subnets and allow outbound connectivity to the internet from the private subnets. A solutions architect is working on a hub-and-spoke design. All private subnets in the spoke VPCs must route traffic to the internet through an egress VPC. The solutions architect already has deployed a NAT gateway in an egress VPC in a central AWS account. Which set of additional steps should the solutions architect take to meet these requirements?
中文翻译:
一家大公司在跨数百个 AWS 账户部署的 VPC 中运行工作负载。每个 VPC 均由跨多个可用区的公有子网和私有子网组成。 NAT 网关部署在公共子网中,并允许从私有子网到 Internet 的出站连接。解决方案架构师正在研究中心辐射型设计。分支 VPC 中的所有私有子网必须通过出口 VPC 将流量路由到互联网。解决方案架构师已在中央 AWS 账户的出口 VPC 中部署了 NAT 网关。解决方案架构师应该采取哪一组附加步骤来满足这些要求?
选项
A. Create peering connections between the egress VPC and the spoke VPCs. Configure the required routing to allow access to the internet.
中文翻译:
在出口 VPC 和分支 VPC 之间创建对等连接。配置所需的路由以允许访问互联网。
B. Create a transit gateway, and share it with the existing AWS accounts. Attach existing VPCs to the transit gateway. Configure the required routing to allow access to the internet.
中文翻译:
创建中转网关,并将其与现有 AWS 账户共享。将现有 VPC 连接到中转网关。配置所需的路由以允许访问互联网。
C. Create a transit gateway in every account. Attach the NAT gateway to the transit gateways. Configure the required routing to allow access to the internet.
中文翻译:
在每个账户中创建一个中转网关。将 NAT 网关连接到中转网关。配置所需的路由以允许访问互联网。
D. Create an AWS PrivateLink connection between the egress VPC and the spoke VPCs. Configure the required routing to allow access to the internet.
中文翻译:
在出口 VPC 和分支 VPC 之间创建 AWS PrivateLink 连接。配置所需的路由以允许访问互联网。
答案
B
解析
正确答案:B 解析: 本题应选择 B。 正确选项: B. 创建中转网关,并将其与现有 AWS 账户共享。将现有 VPC 连接到中转网关。配置所需的路由以允许访问互联网。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词,例如最高性能、最低运维开销、成本效益、可靠性、可扩展性、安全性、RTO/RPO、合规要求等。本题相关考点主要包括:Transit Gateway、VPC、Config...