New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SAP-C02 Exam - Topic 8 Question 40 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 40
Topic #: 8
[All SAP-C02 Questions]

A company has many AWS accounts and uses AWS Organizations to manage all of them. A solutions architect must implement a solution that the company can use to share a common network across multiple accounts.

The company's infrastructure team has a dedicated infrastructure account that has a VPC. The infrastructure team must use this account to manage the network. Individual accounts cannot have the ability to manage their own networks. However, individual accounts must be able to create AWS resources within subnets.

Which combination of actions should the solutions architect perform to meet these requirements? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: C

Store the PGP Private Key:

Step 1: In the AWS Management Console, navigate to AWS Secrets Manager.

Step 2: Store the PGP private key in Secrets Manager. Ensure the key is encrypted and properly secured.

Set Up the Transfer Family Managed Workflow:

Step 1: In the AWS Transfer Family console, create a new managed workflow.

Step 2: Add a nominal step to the workflow that includes the decryption of the files. Configure this step with the PGP decryption parameters, referencing the PGP private key stored in Secrets Manager.

Step 3: Associate this workflow with the Transfer Family SFTP server, ensuring that incoming files are automatically decrypted upon receipt.

This solution ensures that the data is securely decrypted as it is transferred from the SFTP server to the S3 bucket, automating the decryption process and leveraging AWS Secrets Manager for key management.

Reference

AWS Transfer Family Documentation

Using AWS Secrets Manager for Managing Secrets

AWS Transfer Family Managed Workflows


by Lashonda at Sep 18, 2024, 03:30 PM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Nohemi
3 months ago
Resource Access Manager is definitely the way to go for sharing subnets!
upvoted 0 times
...
Edelmira
3 months ago
Peering VPCs sounds complicated, not sure that's the best route.
upvoted 0 times
...
Tamesha
3 months ago
Wait, can individual accounts really not manage their own networks?
upvoted 0 times
...
Lonny
4 months ago
I think enabling resource sharing is a must here!
upvoted 0 times
...
Merilyn
4 months ago
A transit gateway is a solid choice for connecting VPCs.
upvoted 0 times
...
Delfina
4 months ago
I’m a bit confused about whether we should create VPCs in each account or just use the existing VPC in the infrastructure account. I need to think this through more.
upvoted 0 times
...
Tamekia
4 months ago
I practiced a similar question where we had to manage VPCs across accounts, and I feel like creating a resource share in AWS Resource Access Manager might be the way to go.
upvoted 0 times
...
Anthony
4 months ago
I think enabling resource sharing from the AWS Organizations management account could be important, but I can't recall if it directly applies to this scenario.
upvoted 0 times
...
Moira
5 months ago
I remember something about using a transit gateway for connecting multiple VPCs, but I'm not entirely sure if that's the right choice here.
upvoted 0 times
...
Bobbye
5 months ago
This seems like a classic use case for AWS Organizations and resource sharing. The transit gateway in the infrastructure account will act as the central hub, and then we can use RAM to selectively share the VPC subnets with the other accounts. Feels like a straightforward solution if we follow the requirements closely.
upvoted 0 times
...
Alecia
5 months ago
I'm a bit confused about the requirement that individual accounts can't manage their own networks. Does that mean they can only create resources within the shared subnets, but not modify the network configuration itself? I'll need to double-check that to make sure I'm interpreting it correctly.
upvoted 0 times
...
Lottie
5 months ago
Okay, let's think this through step-by-step. First, we need to create a transit gateway in the infrastructure account to enable cross-account networking. Then, we'll need to use AWS Resource Access Manager to share the VPC subnets with the other accounts. Sounds like a good approach to me.
upvoted 0 times
...
Helene
5 months ago
This question seems straightforward, but I want to make sure I understand the requirements correctly. The key is that the infrastructure team needs to manage the network, but individual accounts should be able to create resources within the shared subnets.
upvoted 0 times
...
Cherry
5 months ago
Hmm, this seems like a tricky one. I'll need to carefully review the details about the Shipments object and its relationships to make sure I understand the configuration requirements.
upvoted 0 times
...
Nichelle
10 months ago
Wait, so the individual accounts can't manage their own networks? That's like being a grown-up and still having your parents tell you how to tie your shoes. *sigh* Anyway, B and D it is.
upvoted 0 times
Lorrine
8 months ago
Exactly, it's all about finding the right balance of control and access.
upvoted 0 times
...
Virgina
8 months ago
I agree, those options should help us share the network without giving individual accounts too much control.
upvoted 0 times
...
Elizabeth
9 months ago
Yeah, it's like having your hands tied. But B and D seem like the way to go.
upvoted 0 times
...
...
Alecia
10 months ago
Haha, imagine the poor infrastructure team having to manage the network for all the individual accounts. No thanks, I'll take the easy way out with B and D!
upvoted 0 times
Sabrina
9 months ago
I agree, B and D seem like the most efficient options to share the network across multiple accounts.
upvoted 0 times
...
Eden
9 months ago
D) Create a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each subnet to associate with the resource share.
upvoted 0 times
...
Cassie
9 months ago
B) Enable resource sharing from the AWS Organizations management account.
upvoted 0 times
...
...
Ahmed
10 months ago
I agree with Tanja. Option C sounds like a lot of manual work, and E doesn't seem relevant to the problem statement.
upvoted 0 times
...
Delisa
10 months ago
I believe we should create VPCs in each AWS account within the organization and peer them with the VPC in the infrastructure account.
upvoted 0 times
...
Adelle
10 months ago
I agree with that. We also need to enable resource sharing from the AWS Organizations management account.
upvoted 0 times
...
Tanja
11 months ago
Option B and D seem like the way to go. Enabling resource sharing from the organization account and creating a resource share in the infrastructure account should do the trick.
upvoted 0 times
Janessa
9 months ago
E) Create a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each prefix list to associate with the resource share.
upvoted 0 times
...
Jeanice
9 months ago
That sounds like a solid plan. Sharing resources from the organization account and setting up a resource share in the infrastructure account should work well.
upvoted 0 times
...
Arlean
10 months ago
D) Create a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each subnet to associate with the resource share.
upvoted 0 times
...
Aretha
10 months ago
B) Enable resource sharing from the AWS Organizations management account.
upvoted 0 times
...
...
William
11 months ago
I think we should create a transit gateway in the infrastructure account.
upvoted 0 times
...

Save Cancel