SAP-C02 第 431 题
题目
A company provides a centralized Amazon EC2 application hosted in a single shared VPC. The centralized application must be accessible from client applications running in the VPCs of other business units. The centralized application front end is configured with a Network Load Balancer (NLB) for scalability. Up to 10 business unit VPCs will need to be connected to the shared VPC. Some of the business unit VPC CIDR blocks overlap with the shared VPC, and some overlap with each other Network connectivity to the centralized application in the shared VPC should be allowed from authorized business unit VPCs only. Which network configuration should a solutions architect use to provide connectivity from the client applications in the business unit VPCs to the centralized application in the shared VPC?
中文翻译:
一家公司提供托管在单个共享 VPC 中的集中式 Amazon EC2 应用程序。集中式应用程序必须可从其他业务部门的 VPC 中运行的客户端应用程序访问。集中式应用程序前端配置有网络负载均衡器 (NLB) 以实现可扩展性。最多需要将 10 个业务部门 VPC 连接到共享 VPC。某些业务单元 VPC CIDR 块与共享 VPC 重叠,某些业务单元 VPC CIDR 块彼此重叠 应仅允许授权业务单元 VPC 与共享 VPC 中的集中式应用程序建立网络连接。解决方案架构师应使用哪种网络配置来提供从业务部门 VPC 中的客户端应用程序到共享 VPC 中的集中式应用程序的连接?
选项
A. Create an AWS Transit Gateway. Attach the shared VPC and the authorized business unit VPCs to the transit gateway. Create a single transit gateway route table and associate it with all of the attached VPCs. Allow automatic propagation of routes from the attachments into the route table. Configure VPC routing tables to send traffic to the transit gateway. Gateway。
中文翻译:
创建 AWS Transit Gateway。将共享 VPC 和授权业务部门 VPC 连接到中转网关。创建单个中转网关路由表并将其与所有附加的 VPC 关联。允许将路由从附件自动传播到路由表中。配置 VPC 路由表以将流量发送到中转网关。网关。
B. Create a VPC endpoint service using the centralized application NLB and enable the option to require endpoint acceptance. Create a VPC endpoint in each of the business unit VPCs using the service name of the endpoint service. Accept authorized endpoint requests from the endpoint service console.
中文翻译:
使用集中式应用程序 NLB 创建 VPC 端点服务,并启用要求端点接受的选项。使用端点服务的服务名称在每个业务部门 VPC 中创建 VPC 端点。接受来自端点服务控制台的授权端点请求。
C. Create a VPC peering connection from each business unit VPC to the shared VPAccept the VPC peering connections from the shared VPC console. Configure VPC routing tables to send traffic to the VPC peering connection.
中文翻译:
创建从每个业务部门 VPC 到共享 VP 的 VPC 对等连接 从共享 VPC 控制台接受 VPC 对等连接。配置 VPC 路由表以将流量发送到 VPC 对等连接。
D. Configure a virtual private gateway for the shared VPC and create customer gateways for each of the authorized business unit VPCs. Establish a Site-to-Site VPN connection from the business unit VPCs to the shared VPC. Configure VPC routing tables to send traffic to the VPN connection.
中文翻译:
为共享 VPC 配置虚拟专用网关,并为每个授权业务部门 VPC 创建客户网关。建立从业务部门 VPC 到共享 VPC 的 Site-to-Site VPN 连接。配置 VPC 路由表以将流量发送到 VPN 连接。
答案
B
解析
正确答案:B 解析: 本题应选择 B。 正确选项: B. 使用集中式应用程序 NLB 创建 VPC 端点服务,并启用要求端点接受的选项。使用端点服务的服务名称在每个业务部门 VPC 中创建 VPC 端点。接受来自端点服务控制台的授权端点请求。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词,例如最高性能、最低运维开销、成本效益、可靠性、可扩展性、安全性、RTO/RPO、合规要求等。...