AWS Certified Solutions Architect – Professional (SAP-C02) — Question 211

A solutions architect is designing an AWS account structure for a company that consists of multiple teams. All the teams will work in the same AWS Region. The company needs a VPC that is connected to the on-premises network. The company expects less than 50 Mbps of total traffic to and from the on-premises network.

Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)

Answer options

• A. Create an AWS CloudFormation template that provisions a VPC and the required subnets. Deploy the template to each AWS account.
• B. Create an AWS CloudFormation template that provisions a VPC and the required subnets. Deploy the template to a shared services account. Share the subnets by using AWS Resource Access Manager.
• C. Use AWS Transit Gateway along with an AWS Site-to-Site VPN for connectivity to the on-premises network. Share the transit gateway by using AWS Resource Access Manager.
• D. Use AWS Site-to-Site VPN for connectivity to the on-premises network.
• E. Use AWS Direct Connect for connectivity to the on-premises network.

Correct answer: B, D

Explanation

The correct answer includes B and D because creating a CloudFormation template in a shared services account allows for efficient management and sharing of resources, while the AWS Site-to-Site VPN provides a cost-effective solution for the expected traffic levels. Options A and C are less effective as they either complicate resource management or introduce unnecessary complexity and costs, while E is more expensive than necessary for the given traffic requirements.