AWS Certified Solutions Architect – Professional (SAP-C02) — Question 96

A company has introduced a new policy that allows employees to work remotely from their homes if they connect by using a VPN. The company is hosting internal applications with VPCs in multiple AWS accounts. Currently, the applications are accessible from the company's on-premises office network through an AWS Site-to-Site VPN connection. The VPC in the company's main AWS account has peering connections established with VPCs in other AWS accounts.

A solutions architect must design a scalable AWS Client VPN solution for employees to use while they work from home.

What is the MOST cost-effective solution that meets these requirements?

Answer options

• A. Create a Client VPN endpoint in each AWS account. Configure required routing that allows access to internal applications.
• B. Create a Client VPN endpoint in the main AWS account. Configure required routing that allows access to internal applications.
• C. Create a Client VPN endpoint in the main AWS account. Provision a transit gateway that is connected to each AWS account. Configure required routing that allows access to internal applications.
• D. Create a Client VPN endpoint in the main AWS account. Establish connectivity between the Client VPN endpoint and the AWS Site-to-Site VPN.

Correct answer: B

Explanation

The correct choice, B, is the most cost-effective solution as it centralizes the Client VPN endpoint in the main AWS account, reducing the complexity and costs associated with managing multiple endpoints across several accounts. Options A and C increase costs and complexity by requiring multiple endpoints and additional infrastructure like a transit gateway, while option D does not provide the necessary routing capabilities for accessing internal applications efficiently.