AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 72

An organization has created a web application inside a VPC and wants to make it available to 200 client VPCs. The client VPCs are in the same Region but are owned by other business units within the organization.
What is the best way to meet this requirement, without making the application publicly available?

Answer options

• A. Configure the application as an AWS PrivateLink-powered service, and have the client VPCs connect to the endpoint service by using an interface VPC endpoint.
• B. Enable VPC peering between the web application VPC and all client VPCs.
• C. Deploy the web application behind an internet-facing Application Load Balancer and control which clients have access by using security groups.
• D. Deploy the web application behind an internal Application Load Balancer and control which clients have access by using security groups.

Correct answer: C

Explanation

The correct answer is D because it allows for secure access to the application without exposing it to the public internet. Options A and B do not meet the requirement of keeping the application private while C incorrectly suggests using an internet-facing load balancer, which would expose the application to the public.