Amazon Exam SAA-C03 Topic 3 Question 61 Discussion

Actual exam question for Amazon's SAA-C03 exam

Question #: 61
Topic #: 3

A company hosts its applications in multiple private and public subnets in a VPC. The applications in the private subnets need to access an API. The API is available on the internet and is hosted in the company's on-premises data center. A solutions architect needs to establish connectivity for applications in the private subnets.

Which solution will meet these requirements MOST cost-effectively?

ACreate a transit gateway to connect the VPC to the on-premises network. Use the transit gateway to route API calls from the private subnets to the on-premises data center.

BCreate a NAT gateway in the public subnet of the VPC. Use the NAT gateway to allow the private subnets to access the API over the internet.

CEstablish an AWS PrivateLink connection to connect the VPC to the on-premises network. Use PrivateLink to make API calls from the private subnets to the on-premises data center.

DImplement an AWS Site-to-Site VPN connection between the VPC and the on-premises data center. Use the VPN connection to make API calls from the private subnets to the on-premises data center.

Show Suggested Answer

Suggested Answer: D

AWS Site-to-Site VPN is a cost-effective way to securely connect your on-premises data center with AWS resources. In this scenario:

Applications in private subnetsrequire access to the API hosted in the on-premises data center.

ASite-to-Site VPN connectionis a secure and cost-efficient option to route traffic between the VPC and on-premises resources.

Transit GatewayandPrivateLinkare not cost-effective for this use case.

NAT Gatewayonly provides internet access for private subnets, which is not suitable for reaching an on-premises resource.

AWS Documentation Reference:

AWS Site-to-Site VPN

by Barney at Jul 08, 2025, 05:26 PM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Sherill

2 days ago

Option C seems the most cost-effective since it uses PrivateLink to establish a private connection between the VPC and on-premises network, avoiding the need for a NAT gateway or VPN.

upvoted 0 times

...

Patrick

4 days ago

I disagree, I believe option B is more cost-effective.

upvoted 0 times

...

Tiffiny

19 days ago

I think option A is the most cost-effective solution.

upvoted 0 times

...