SAP-C02 第 77 题
题目
Example Corp. has an on-premises data center and a VPC named VPC A in the Example Corp. AWS account. The on-premises network connects to VPC A through an AWS Site-To-Site VPN. The on-premises servers can properly access VPC A. Example Corp. just acquired AnyCompany, which has a VPC named VPC B. There is no IP address overlap among these networks. Example Corp. has peered VPC A and VPC B. Example Corp. wants to connect from its on-premise servers to VPC B. Example Corp. has properly set up the network ACL and security groups. Which solution will meet this requirement with the LEAST operational effort?
中文翻译:
Example Corp. 在 Example Corp. AWS 账户中拥有一个本地数据中心和一个名为 VPC A 的 VPC。本地网络通过 AWS Site-To-Site VPN 连接到 VPC A。本地服务器可以正常访问VPC A。Example Corp.刚刚收购了AnyCompany,该公司有一个名为VPC B的VPC。这些网络之间没有IP地址重叠。 Example Corp. 已对 VPC A 和 VPC B 建立对等关系。Example Corp. 希望从其本地服务器连接到 VPC B。Example Corp. 已正确设置网络 ACL 和安全组。哪种解决方案能够以最少的操作工作量满足此要求?
选项
A. Create a transit gateway. Attach the Site-to-Site VPN, VPC A, and VPC B to the transit gateway. Update the transit gateway route tables for all networks to add IP range routes for all other networks.
中文翻译:
创建中转网关。将 Site-to-Site VPN、VPC A 和 VPC B 连接到中转网关。更新所有网络的中转网关路由表,以添加所有其他网络的 IP 范围路由。
B. Create a transit gateway. Create a Site-to-Site VPN connection between the on-premises network and VPC B, and connect the VPN connection to the transit gateway. Add a route to direct traffic to the peered VPCs, and add an authorization rule to give clients access to the VPCs A and B.
中文翻译:
创建中转网关。在本地网络和 VPC B 之间创建 Site-to-Site VPN 连接,并将该 VPN 连接连接到中转网关。添加路由以将流量引导至对等 VPC,并添加授权规则以允许客户端访问 VPC A 和 B。
C. Update the route tables for the Site-to-Site VPN and both VPCs for all three networks. Configure BGP propagation for all three networks. Wait for up to 5 minutes for BGP propagation to finish.
中文翻译:
更新所有三个网络的 Site-to-Site VPN 和两个 VPC 的路由表。为所有三个网络配置 BGP 传播。等待最多 5 分钟,让 BGP 传播完成。
D. Modify the Site-to-Site VPN’s virtual private gateway definition to include VPC A and VPC B. Split the two routers of the virtual private getaway between the two VPCs.
中文翻译:
修改 Site-to-Site VPN 的虚拟专用网关定义以包括 VPC A 和 VPC B。在两个 VPC 之间拆分虚拟专用网关的两个路由器。
答案
A
解析
正确答案:A 解析: 本题应选择 A。 正确选项: A. 创建中转网关。将 Site-to-Site VPN、VPC A 和 VPC B 连接到中转网关。更新所有网络的中转网关路由表,以添加所有其他网络的 IP 范围路由。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词,例如最高性能、最低运维开销、成本效益、可靠性、可扩展性、安全性、RTO/RPO、合规要求等。本题相关考点主要包括...