Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SAP-C02 Exam - Topic 2 Question 62 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 62
Topic #: 2
[All SAP-C02 Questions]

A company uses AWS CloudFormation to deploy applications within multiple VPCs that are all attached to a transit gateway Each VPC that sends traffic to the public internet must send the traffic through a shared services VPC Each subnet within a VPC uses the default VPC route table and the traffic is routed to the transit gateway The transit gateway uses its default route table for any VPC attachment

A security audit reveals that an Amazon EC2 instance that is deployed within a VPC can communicate with an EC2 instance that is deployed in any of the company's other VPCs A solutions architect needs to limit the traffic between the VPCs. Each VPC must be able to communicate only with a predefined, limited set of authorized VPCs.

What should the solutions architect do to meet these requirements'?

Show Suggested Answer Hide Answer
Suggested Answer: C

You can segment your network by creating multiple route tables in an AWS Transit Gateway and associate Amazon VPCs and VPNs to them. This will allow you to create isolated networks inside an AWS Transit Gateway similar to virtual routing and forwarding (VRFs) in traditional networks. The AWS Transit Gateway will have a default route table. The use of multiple route tables is optional.


by Avery at Nov 20, 2025, 07:37 PM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Cecilia
4 days ago
D sounds risky. Changing the main route table could cause issues.
upvoted 0 times
...
Janey
10 days ago
I feel like B could be a good choice. Security groups are flexible.
upvoted 0 times
...
Marya
15 days ago
A is too broad. It might block other necessary traffic.
upvoted 0 times
...
Nada
20 days ago
I agree, C seems the best. Dedicated route tables are clear.
upvoted 0 times
...
Arthur
25 days ago
This question is tricky! I think option C makes sense.
upvoted 0 times
...
Roy
1 month ago
Definitely need to limit VPC communication, good call on this!
upvoted 0 times
...
Stefan
1 month ago
Option A could work, but it might be too restrictive.
upvoted 0 times
...
Cornell
2 months ago
Surprised that this wasn't caught earlier in the audit!
upvoted 0 times
...
Devorah
2 months ago
I disagree, I think updating the security groups (Option B) is more effective.
upvoted 0 times
...
Sheridan
2 months ago
Option C seems like the best choice for controlling traffic.
upvoted 0 times
...
Shawnta
2 months ago
C is the clear winner. Who wants to deal with the headache of manually updating a bunch of network ACLs? Not me!
upvoted 0 times
...
Jamie
2 months ago
Haha, imagine trying to keep track of all those security group rules. Option C is definitely the sanity-saving choice here.
upvoted 0 times
...
Linn
3 months ago
I agree, C is the way to go. Updating the route tables is a more comprehensive approach than trying to manage security groups or network ACLs.
upvoted 0 times
...
Georgeanna
3 months ago
I'm leaning towards the dedicated transit gateway route table, but I wonder if that complicates things too much.
upvoted 0 times
...
Jackie
3 months ago
I practiced a similar question where we had to limit traffic, and I think using network ACLs could be a viable option here.
upvoted 0 times
...
Royce
3 months ago
I think updating the security groups could work, but it feels like it might be too restrictive.
upvoted 0 times
...
Judy
3 months ago
I remember discussing how transit gateways work, but I'm not sure if creating a dedicated route table is the best approach.
upvoted 0 times
...
Stephaine
4 months ago
This is a good question to test our understanding of VPC networking and transit gateways. I'll make sure to read through the details carefully and consider the pros and cons of each option.
upvoted 0 times
...
Chu
4 months ago
I'm leaning towards option D. Updating the main route tables in each VPC to only allow traffic to authorized VPCs seems like a straightforward solution.
upvoted 0 times
...
Colene
4 months ago
Option C seems like the best solution. Isolating the VPCs through dedicated transit gateway route tables is a clean way to control the traffic flow.
upvoted 0 times
...
Bernardine
5 months ago
Option C seems like the most direct way to limit the VPC-to-VPC communication. I'll focus on understanding how to create and configure those dedicated transit gateway route tables.
upvoted 0 times
...
Arlette
5 months ago
But what about A? Updating network ACLs could work too.
upvoted 0 times
...
Hillary
5 months ago
Hmm, I'm a bit confused by the transit gateway setup. I'll need to review how that works before I can decide on the best approach.
upvoted 0 times
...
Lynette
5 months ago
This looks like a tricky networking question. I'll need to think through the different options carefully.
upvoted 0 times
Vanesa
4 months ago
Yeah, dedicated route tables could really help control traffic.
upvoted 0 times
...
Margarett
4 months ago
I think option C makes the most sense.
upvoted 0 times
...
...

Save Cancel