Which two methods increases the fault tolerance of the …

A company has configured and peered two VPCs: VPC-1 and VPC-2. VPC-1 contains only private subnets, and
VPC-2 contains only public subnets. The company uses a single AWS Direct Connect connection and private
virtual interface to connect their on-premises network with VPC-1. Which two methods increases the fault
tolerance of the connection to VPC-1? Choose 2 answers

A company has configured and peered two VPCs: VPC-1 and VPC-2. VPC-1 contains only private subnets, and
VPC-2 contains only public subnets. The company uses a single AWS Direct Connect connection and private
virtual interface to connect their on-premises network with VPC-1. Which two methods increases the fault
tolerance of the connection to VPC-1? Choose 2 answers

A.
Establish a hardware VPN over the internet between VPC-2 ana the on-premises network.

B.
Establish a hardware VPN over the internet between VPC-1 and the on-premises network.

C.
Establish a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2.

D.
Establish a new AWS Direct Connect connection and private virtual interface in a different AWS region than
VPC-1.

E.
Establish a new AWS Direct Connect connection and private virtual interface in the same AWS region as
VPC-1



Leave a Reply 9

Your email address will not be published. Required fields are marked *


McEphine

McEphine

B makes sense, why C though? The question does not state that VPC1 and VPC2 have any connection between them. So connecting to VPC2 doesn’t necessarily provide any connection to VPC1. Seems to me that E would be the more logical answer? Thoughts?

Hank Mort

Hank Mort

Traffic from one VPC to another peered VPC doesn’t traverse. Therefore there is no point in connecting VPC2. B&E are correct

mike

mike

C is talking about VPC-2 so is wrong!

Hubery

Hubery

I agree with the answer B&C. B is certainly right. The confusing part is whether it is C or D.
As VPC-1 and VPC-2 are already peered, so VPC-1 and VPC-2 are actually in the same region ( otherwise, they can’t be peered ). The purpose here is to provide fault tolerance, means, if the current Direct Connection to VPC-1 fails, we can still connect to VPC-1. if we choose D, the connection failure will bring down the two direct connect at the same time. Again, since VPC-1 and VPC-2 are peered, from VPC-2 can reach VPC-1, so answer C is correct.

In terms of answer A, it is actually also an option if you can choose 3 answers, however, it is not as good as B which is to connect to VPC-1 directly.

Lukmaan

Lukmaan

This was on the AWS architect axam 18/02/2018. B & E