New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SAP-C02 Exam - Topic 2 Question 62 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 62
Topic #: 2
[All SAP-C02 Questions]

A company uses AWS CloudFormation to deploy applications within multiple VPCs that are all attached to a transit gateway Each VPC that sends traffic to the public internet must send the traffic through a shared services VPC Each subnet within a VPC uses the default VPC route table and the traffic is routed to the transit gateway The transit gateway uses its default route table for any VPC attachment

A security audit reveals that an Amazon EC2 instance that is deployed within a VPC can communicate with an EC2 instance that is deployed in any of the company's other VPCs A solutions architect needs to limit the traffic between the VPCs. Each VPC must be able to communicate only with a predefined, limited set of authorized VPCs.

What should the solutions architect do to meet these requirements'?

Show Suggested Answer Hide Answer
Suggested Answer: C

You can segment your network by creating multiple route tables in an AWS Transit Gateway and associate Amazon VPCs and VPNs to them. This will allow you to create isolated networks inside an AWS Transit Gateway similar to virtual routing and forwarding (VRFs) in traditional networks. The AWS Transit Gateway will have a default route table. The use of multiple route tables is optional.


by Avery at Nov 20, 2025, 07:37 PM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Cornell
5 hours ago
Surprised that this wasn't caught earlier in the audit!
upvoted 0 times
...
Devorah
5 days ago
I disagree, I think updating the security groups (Option B) is more effective.
upvoted 0 times
...
Sheridan
11 days ago
Option C seems like the best choice for controlling traffic.
upvoted 0 times
...
Shawnta
16 days ago
C is the clear winner. Who wants to deal with the headache of manually updating a bunch of network ACLs? Not me!
upvoted 0 times
...
Jamie
21 days ago
Haha, imagine trying to keep track of all those security group rules. Option C is definitely the sanity-saving choice here.
upvoted 0 times
...
Linn
26 days ago
I agree, C is the way to go. Updating the route tables is a more comprehensive approach than trying to manage security groups or network ACLs.
upvoted 0 times
...
Georgeanna
1 month ago
I'm leaning towards the dedicated transit gateway route table, but I wonder if that complicates things too much.
upvoted 0 times
...
Jackie
1 month ago
I practiced a similar question where we had to limit traffic, and I think using network ACLs could be a viable option here.
upvoted 0 times
...
Royce
1 month ago
I think updating the security groups could work, but it feels like it might be too restrictive.
upvoted 0 times
...
Judy
2 months ago
I remember discussing how transit gateways work, but I'm not sure if creating a dedicated route table is the best approach.
upvoted 0 times
...
Stephaine
2 months ago
This is a good question to test our understanding of VPC networking and transit gateways. I'll make sure to read through the details carefully and consider the pros and cons of each option.
upvoted 0 times
...
Chu
2 months ago
I'm leaning towards option D. Updating the main route tables in each VPC to only allow traffic to authorized VPCs seems like a straightforward solution.
upvoted 0 times
...
Colene
2 months ago
Option C seems like the best solution. Isolating the VPCs through dedicated transit gateway route tables is a clean way to control the traffic flow.
upvoted 0 times
...
Bernardine
3 months ago
Option C seems like the most direct way to limit the VPC-to-VPC communication. I'll focus on understanding how to create and configure those dedicated transit gateway route tables.
upvoted 0 times
...
Arlette
3 months ago
But what about A? Updating network ACLs could work too.
upvoted 0 times
...
Hillary
3 months ago
Hmm, I'm a bit confused by the transit gateway setup. I'll need to review how that works before I can decide on the best approach.
upvoted 0 times
...
Lynette
3 months ago
This looks like a tricky networking question. I'll need to think through the different options carefully.
upvoted 0 times
Vanesa
2 months ago
Yeah, dedicated route tables could really help control traffic.
upvoted 0 times
...
Margarett
2 months ago
I think option C makes the most sense.
upvoted 0 times
...
...

Save Cancel