A company has configured and peered two VPCs: VPC-1 and VPC-2. VPC-1 contains only private subnets, and
VPC-2 contains only public subnets. The company uses a single AWS Direct Connect connection and private
virtual interface to connect their on-premises network with VPC-1. Which two methods increases the fault
tolerance of the connection to VPC-1? Choose 2 answers
A.
Establish a hardware VPN over the internet between VPC-2 ana the on-premises network.
B.
Establish a hardware VPN over the internet between VPC-1 and the on-premises network.
C.
Establish a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2.
D.
Establish a new AWS Direct Connect connection and private virtual interface in a different AWS region than
VPC-1.
E.
Establish a new AWS Direct Connect connection and private virtual interface in the same AWS region as
VPC-1
B makes sense, why C though? The question does not state that VPC1 and VPC2 have any connection between them. So connecting to VPC2 doesn’t necessarily provide any connection to VPC1. Seems to me that E would be the more logical answer? Thoughts?
Strike that, peered two VPCs: VPC-1 and VPC-2
I agree that B & C are right
B, E
http://www.aiotestking.com/amazon/which-two-methods-increases-the-fault-tolerance-of-the-connection-to-vpc-1/
For me B & E seems to be more logical as per AWS documentations.
http://docs.aws.amazon.com/directconnect/latest/UserGuide/getting_started.html#RedundantConnections
Traffic from one VPC to another peered VPC doesn’t traverse. Therefore there is no point in connecting VPC2. B&E are correct
C is talking about VPC-2 so is wrong!
AC
I agree with the answer B&C. B is certainly right. The confusing part is whether it is C or D.
As VPC-1 and VPC-2 are already peered, so VPC-1 and VPC-2 are actually in the same region ( otherwise, they can’t be peered ). The purpose here is to provide fault tolerance, means, if the current Direct Connection to VPC-1 fails, we can still connect to VPC-1. if we choose D, the connection failure will bring down the two direct connect at the same time. Again, since VPC-1 and VPC-2 are peered, from VPC-2 can reach VPC-1, so answer C is correct.
In terms of answer A, it is actually also an option if you can choose 3 answers, however, it is not as good as B which is to connect to VPC-1 directly.
This was on the AWS architect axam 18/02/2018. B & E