SAP-C02 第 465 题
题目
A company uses an organization in AWS Organizations to manage multiple AWS accounts. The company hosts some applications in a VPC in the company's shared services account. The company has attached a transit gateway to the VPC in the shared services account. The company is developing a new capability and has created a development environment that requires access to the applications that are in the shared services account. The company intends to delete and recreate resources frequently in the development account. The company also wants to give a development team the ability to recreate the team's connection to the shared services account as required. Which solution will meet these requirements?
中文翻译:
公司使用 AWS Organizations 中的组织来管理多个 AWS 账户。该公司在公司共享服务帐户的 VPC 中托管一些应用程序。该公司已将中转网关附加到共享服务帐户中的 VPC。该公司正在开发一项新功能,并创建了一个需要访问共享服务帐户中的应用程序的开发环境。该公司打算频繁删除和重新创建开发帐户中的资源。该公司还希望让开发团队能够根据需要重新创建团队与共享服务帐户的连接。哪种解决方案可以满足这些要求?
选项
A. Create a transit gateway in the development account. Create a transit gateway peering request to the shared services account. Configure the shared services transit gateway to automatically accept peering connections.
中文翻译:
在开发账户中创建中转网关。创建对共享服务帐户的中转网关对等互连请求。配置共享服务中转网关以自动接受对等连接。
B. Turn on automatic acceptance for the transit gateway in the shared services account. Use AWS Resource Access Manager (AWS RAM) to share the transit gateway resource in the shared services account with the development account. Accept the resource in the development account. Create a transit gateway attachment in the development account.
中文翻译:
在共享服务帐户中启用中转网关的自动接受。使用 AWS Resource Access Manager (AWS RAM) 与开发账户共享共享服务账户中的中转网关资源。接受开发帐户中的资源。在开发帐户中创建中转网关附件。
C. Turn on automatic acceptance for the transit gateway in the shared services account. Create a VPC endpoint. Use the endpoint policy to grant permissions on the VPC endpoint for the development account. Configure the endpoint service to automatically accept connection requests. Provide the endpoint details to the development team.
中文翻译:
在共享服务帐户中启用中转网关的自动接受。创建 VPC 终端节点。使用终端节点策略为开发账户授予 VPC 终端节点的权限。配置端点服务以自动接受连接请求。向开发团队提供端点详细信息。
D. Create an Amazon EventBridge rule to invoke an AWS Lambda function that accepts the transit gateway attachment when the development account makes an attachment request. Use AWS Network Manager to share the transit gateway in the shared services account with the development account. Accept the transit gateway in the development account. gateway。
中文翻译:
创建 Amazon EventBridge 规则以调用 AWS Lambda 函数,该函数在开发账户发出附件请求时接受中转网关附件。使用 AWS Network Manager 将共享服务账户中的中转网关与开发账户共享。接受开发账户中的中转网关。网关。
答案
B
解析
正确答案:B 解析: 本题应选择 B。 正确选项: B. 在共享服务帐户中启用中转网关的自动接受。使用 AWS Resource Access Manager (AWS RAM) 与开发账户共享共享服务账户中的中转网关资源。接受开发帐户中的资源。在开发帐户中创建中转网关附件。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词,例如最高性能、最低运维开销、成本效益、可靠性、可扩展性、安...