Neal Davis - Practice Test 1 - Incorrect Flashcards
Question 11: Incorrect
A web application runs in public and private subnets. The application architecture consists of a web tier and database tier running on Amazon EC2 instances. Both tiers run in a single Availability Zone (AZ).
Which combination of steps should a solutions architect take to provide high availability for this architecture? (Select TWO.)
A. Create new public and private subnets in the same AZ for high availability
B. Create an Amazon EC2 Auto Scaling group and Application Load Balancer (ALB) spanning multiple AZs
C. Create new public and private subnets in the same VPC, each in a new AZ. Migrate the database to an Amazon RDS multi-AZ deployment.
D. Add the existing web application instances to an Auto Scaling Group behind an Application Load Balancer (ALB)
E. Create new public and private subnets in a new AZ. Create a database using Amazon EC2 in one AZ.
Explanation
To add high availability to this architecture both the web tier and database tier require changes. For the web tier an Auto Scaling group across multiple AZs with an ALB will ensure there are always instances running and traffic is being distributed to them.
The database tier should be migrated from the EC2 instances to Amazon RDS to take advantage of a managed database with Multi-AZ functionality. This will ensure that if there is an issue preventing access to the primary database a secondary database can take over.
CORRECT: “Create an Amazon EC2 Auto Scaling group and Application Load Balancer (ALB) spanning multiple AZs” is the correct answer.
CORRECT: “Create new public and private subnets in the same VPC, each in a new AZ. Migrate the database to an Amazon RDS multi-AZ deployment” is the correct answer.
INCORRECT: “Create new public and private subnets in the same AZ for high availability” is incorrect as this would not add high availability.
INCORRECT: “Add the existing web application instances to an Auto Scaling group behind an Application Load Balancer (ALB)” is incorrect because the existing servers are in a single subnet. For HA we need to instances in multiple subnets.
INCORRECT: “Create new public and private subnets in a new AZ. Create a database using Amazon EC2 in one AZ” is incorrect because we also need HA for the database layer.
Question 12:
An application running on an Amazon ECS container instance using the EC2 launch type needs permissions to write data to Amazon DynamoDB.
How can you assign these permissions only to the specific ECS task that is running the application?
A. Use a security group to allow outbound connections to DynamoDB and assign it to the container instance.
B. Create an IAM policy with permissions to DynamoDB and assign it to a task using the taskRoleArn parameter
C. Create an IAM policy with permissions to DynamoDB and attach it to the container instance
D. Modify the AmazonECSTaskExecutionRolePolicy policy to add permissions for DynamoDB
Explanation
To specify permissions for a specific task on Amazon ECS you should use IAM Roles for Tasks. The permissions policy can be applied to tasks when creating the task definition, or by using an IAM task role override using the AWS CLI or SDKs. The taskRoleArn parameter is used to specify the policy.
CORRECT: “Create an IAM policy with permissions to DynamoDB and assign It to a task using the taskRoleArn parameter” is the correct answer.
INCORRECT: “Create an IAM policy with permissions to DynamoDB and attach it to the container instance” is incorrect. You should not apply the permissions to the container instance as they will then apply to all tasks running on the instance as well as the instance itself.
INCORRECT: “Use a security group to allow outbound connections to DynamoDB and assign it to the container instance” is incorrect. Though you will need a security group to allow outbound connections to DynamoDB, the question is asking how to assign permissions to write data to DynamoDB and a security group cannot provide those permissions.
INCORRECT: “Modify the AmazonECSTaskExecutionRolePolicy policy to add permissions for DynamoDB” is incorrect. The AmazonECSTaskExecutionRolePolicy policy is the Task Execution IAM Role. This is used by the container agent to be able to pull container images, write log file etc.
Question 15:
A company runs containerized applications for many application workloads in an on-premise data center. The company is planning to deploy containers to AWS and the chief architect has mandated that the same configuration and administrative tools must be used across all containerized environments. The company also wishes to remain cloud agnostic to safeguard against the impact of future changes in cloud strategy.
How can a Solutions Architect design a managed solution that will align with open-source software?
A. Launch the containers on Amazon Elastic Container Service (ECS) with Amazon EC2 instance worker nodes.
B. Launch the containers on Amazon Elastic Container Service (ECS) with AWS Fargate instances.
C. Launch the containers on Amazon Elastic Kubernetes Service and EKS worker nodes.
D. Launch the containers on a fleet of Amazon EC2 instances in a cluster placement group.
Explanation
Amazon EKS is a managed service that can be used to run Kubernetes on AWS. Kubernetes is an open-source system for automating the deployment, scaling, and management of containerized applications. Applications running on Amazon EKS are fully compatible with applications running on any standard Kubernetes environment, whether running in on-premises data centers or public clouds. This means that you can easily migrate any standard Kubernetes application to Amazon EKS without any code modification.
This solution ensures that the same open-source software is used for automating the deployment, scaling, and management of containerized applications both on-premises and in the AWS Cloud.
CORRECT: “Launch the containers on Amazon Elastic Kubernetes Service (EKS) and EKS worker nodes” is the correct answer.
INCORRECT: “Launch the containers on a fleet of Amazon EC2 instances in a cluster placement group” is incorrect
INCORRECT: “Launch the containers on Amazon Elastic Container Service (ECS) with AWS Fargate instances” is incorrect
INCORRECT: “Launch the containers on Amazon Elastic Container Service (ECS) with Amazon EC2 instance worker nodes” is incorrect
Question 17:
An eCommerce company runs an application on Amazon EC2 instances in public and private subnets. The web application runs in a public subnet and the database runs in a private subnet. Both the public and private subnets are in a single Availability Zone.
Which combination of steps should a solutions architect take to provide high availability for this architecture? (Select TWO.)
A. Create new public and private subnets in a different AZ. Create a database using Amazon EC2 in one AZ.
B. Create an EC2 Auto Scaling Group in the public subnet and use an Application Load Balancer.
C. Create new public and private subnets in the same AZ but in a different Amazon VPC.
D. Create an EC2 Auto Scaling Group and Application Load Balancer that spans across multiple AZs.
E. Create new public and private subnets in a different AZ. Migrate the database to an Amazon RDS multi-AZ deployment.
Explanation
High availability can be achieved by using multiple Availability Zones within the same VPC. An EC2 Auto Scaling group can then be used to launch web application instances in multiple public subnets across multiple AZs and an ALB can be used to distribute incoming load.
The database solution can be made highly available by migrating from EC2 to Amazon RDS and using a Multi-AZ deployment model. This will provide the ability to failover to another AZ in the event of a failure of the primary database or the AZ in which it runs.
CORRECT: “Create an EC2 Auto Scaling group and Application Load Balancer that spans across multiple AZs” is a correct answer.
CORRECT: “Create new public and private subnets in a different AZ. Migrate the database to an Amazon RDS multi-AZ deployment” is also a correct answer.
INCORRECT: “Create new public and private subnets in the same AZ but in a different Amazon VPC” is incorrect. You cannot use multiple VPCs for this solution as it would be difficult to manage and direct traffic (you can’t load balance across VPCs).
INCORRECT: “Create an EC2 Auto Scaling group in the public subnet and use an Application Load Balancer” is incorrect. This does not achieve HA as you need multiple public subnets across multiple AZs.
INCORRECT: “Create new public and private subnets in a different AZ. Create a database using Amazon EC2 in one AZ” is incorrect. The database solution is not HA in this answer option.
Question 18: Incorrect
A web application allows users to upload photos and add graphical elements to them. The application offers two tiers of service: free and paid. Photos uploaded by paid users should be processed before those submitted using the free tier. The photos are uploaded to an Amazon S3 bucket which uses an event notification to send the job information to Amazon SQS.
How should a Solutions Architect configure the Amazon SQS deployment to meet these requirements?
A. Use a seperate SQS Standard queue for each tier. Configure Amazon EC2 instances to prioritize polling for the paid queue over the free queue.
B. Use one SQS standard queue. Use batching for the paid photos and short polling for the free photos.
C. Use a separate SQS FIFO queue for each tier. Set the free queue to use short polling and the paid queue to use long polling.
D. Use one SQS FIFO queue. Assign a higher priority to the paid photos so that they are processed first.
Explanation
AWS recommend using separate queues when you need to provide prioritization of work. The logic can then be implemented at the application layer to prioritize the queue for the paid photos over the queue for the free photos.
CORRECT: “Use a separate SQS Standard queue for each tier. Configure Amazon EC2 instances to prioritize polling for the paid queue over the free queue” is the correct answer.
INCORRECT: “Use one SQS FIFO queue. Assign a higher priority to the paid photos so they are processed first” is incorrect. FIFO queues preserve the order of messages but they do not prioritize messages within the queue. The orders would need to be placed into the queue in a priority order and there’s no way of doing this as the messages are sent automatically through event notifications as they are received by Amazon S3.
INCORRECT: “Use one SQS standard queue. Use batching for the paid photos and short polling for the free photos” is incorrect. Batching adds efficiency but it has nothing to do with ordering or priority.
INCORRECT: “Use a separate SQS FIFO queue for each tier. Set the free queue to use short polling and the paid queue to use long polling” is incorrect. Short polling and long polling are used to control the amount of time the consumer process waits before closing the API call and trying again. Polling should be configured for efficiency of API calls and processing of messages but does not help with message prioritization.
Question 20:
A company requires that all AWS IAM user accounts have specific complexity requirements and minimum password length.
How should a Solutions Architect accomplish this?
A. Create an IAM policy that enforces the requirements and apply it to all users.
B. Set a password policy for each IAM user in the AWS account.
C. Use an AWS Config rule to enforce the requirements when creating user accounts.
D. Set a password policy for the entire AWS account.
Explanation
The easiest way to enforce this requirement is to update the password policy that applies to the entire AWS account. When you create or change a password policy, most of the password policy settings are enforced the next time your users change their passwords. However, some of the settings are enforced immediately such as the password expiration period.
CORRECT: “Set a password policy for the entire AWS account” is the correct answer.
INCORRECT: “Set a password policy for each IAM user in the AWS account” is incorrect. There’s no need to set an individual password policy for each user, it will be easier to set the policy for everyone.
INCORRECT: “Create an IAM policy that enforces the requirements and apply it to all users” is incorrect. As there is no specific targeting required it is easier to update the account password policy.
INCORRECT: “Use an AWS Config rule to enforce the requirements when creating user accounts” is incorrect. You cannot use AWS Config to enforce the password requirements at the time of creating a user account.
Question 33:
A company offers an online product brochure that is delivered from a static website running on Amazon S3. The company’s customers are mainly in the United States, Canada, and Europe. The company is looking to cost-effectively reduce the latency for users in these regions.
What is the most cost-effective solution to these requirements?
A. Create an Amazon CloudFront distribution and set the price class to use all Edge Locations for best performance.
B. Create an Amazon CloudFront distribution that uses origins in U.S, Canada, and Europe.
C. Create an Amazon CloudFront distribution and set the price class to use only U.S, Canada, and Europe.
D. Create an Amazon CloudFront distribution and use Lambda@Edge to run the website’s data processing closer to users.
Explanation
With Amazon CloudFront you can set the price class to determine where in the world the content will be cached. One of the price classes is “U.S, Canada and Europe” and this is where the company’s users are located. Choosing this price class will result in lower costs and better performance for the company’s users.
CORRECT: “Create an Amazon CloudFront distribution and set the price class to use only U.S, Canada and Europe.” is the correct answer.
INCORRECT: “Create an Amazon CloudFront distribution and set the price class to use all Edge Locations for best performance” is incorrect. This will be more expensive as it will cache content in Edge Locations all over the world.
INCORRECT: “Create an Amazon CloudFront distribution that uses origins in U.S, Canada and Europe” is incorrect. The origin can be in one place, there’s no need to add origins in different Regions. The price class should be used to limit the caching of the content to reduce cost.
INCORRECT: “Create an Amazon CloudFront distribution and use Lambda@Edge to run the website’s data processing closer to the users” is incorrect. Lambda@Edge will not assist in this situation as there is no data processing required, the content from the static website must simply be cached at an edge location.
Question 43:
A company runs a web application that serves weather updates. The application runs on a fleet of Amazon EC2 instances in a Multi-AZ Auto scaling group behind an Application Load Balancer (ALB). The instances store data in an Amazon Aurora database. A solutions architect needs to make the application more resilient to sporadic increases in request rates.
Which architecture should the solutions architect implement? (Select TWO.)
A. Add an AWS Transit Gateway to the Availability Zones
B. Add an Amazon CloudFront distribution in front of the ALB
C. Add Amazon Aurora Replicas
D. Add an AWS WAF in front of the ALB.
E. Add an AWS Global Accelerator endpoint
Explanation
The architecture is already highly resilient but the may be subject to performance degradation if there are sudden increases in request rates. To resolve this situation Amazon Aurora Read Replicas can be used to serve read traffic which offloads requests from the main database. On the frontend an Amazon CloudFront distribution can be placed in front of the ALB and this will cache content for better performance and also offloads requests from the backend.
CORRECT: “Add Amazon Aurora Replicas” is the correct answer.
CORRECT: “Add an Amazon CloudFront distribution in front of the ALB” is the correct answer.
INCORRECT: “Add and AWS WAF in front of the ALB” is incorrect. A web application firewall protects applications from malicious attacks. It does not improve performance.
INCORRECT: “Add an AWS Transit Gateway to the Availability Zones” is incorrect as this is used to connect on-premises networks to VPCs.
INCORRECT: “Add an AWS Global Accelerator endpoint” is incorrect as this service is used for directing users to different instances of the application in different regions based on latency.
Question 46:
The database tier of a web application is running on a Windows server on-premises. The database is a Microsoft SQL Server database. The application owner would like to migrate the database to an Amazon RDS instance.
How can the migration be executed with minimal administrative effort and downtime?
A. Use the AWS Server MIgration Service (SMS) to migrate the server to Amazon EC2. Use AWS Database Migration Service (DMS) to migrate the database to RDS
B. Use the AWS Database MIgration Service (DMS) to directly migrate the database to RDS
C. Use AWS DataSync to migrate the data from the database to Amazon S3. Use AWS Database Migration Service (DMS) to migrate the database to RDS
D. Use the AWS Database MIgration Service (DMS) to directly migrate the database to RDS. Use the Schema Conversion Tool (SCT) to enable conversion from MIcrosoft SQL Server to Amazon RDS.
Explanation
You can directly migrate Microsoft SQL Server from an on-premises server into Amazon RDS using the Microsoft SQL Server database engine. This can be achieved using the native Microsoft SQL Server tools, or using AWS DMS as depicted below:
CORRECT: “Use the AWS Database Migration Service (DMS) to directly migrate the database to RDS” is the correct answer.
INCORRECT: “Use the AWS Server Migration Service (SMS) to migrate the server to Amazon EC2. Use AWS Database Migration Service (DMS) to migrate the database to RDS” is incorrect. You do not need to use the AWS SMS service to migrate the server into EC2 first. You can directly migrate the database online with minimal downtime.
INCORRECT: “Use AWS DataSync to migrate the data from the database to Amazon S3. Use AWS Database Migration Service (DMS) to migrate the database to RDS” is incorrect. AWS DataSync is used for migrating data, not databases.
INCORRECT: “Use the AWS Database Migration Service (DMS) to directly migrate the database to RDS. Use the Schema Conversion Tool (SCT) to enable conversion from Microsoft SQL Server to Amazon RDS” is incorrect. You do not need to use the SCT as you are migrating into the same destination database engine (RDS is just the platform).
Question 48:
An application running on Amazon EC2 needs to asynchronously invoke an AWS Lambda function to perform data processing. The services should be decoupled.
Which service can be used to decouple the compute services?
A. Amazon SNS
B. AWS Config
C. Amazon MQ
D. AWS Step Functions
Explanation
You can use a Lambda function to process Amazon Simple Notification Service notifications. Amazon SNS supports Lambda functions as a target for messages sent to a topic. This solution decouples the Amazon EC2 application from Lambda and ensures the Lambda function is invoked.
CORRECT: “Amazon SNS” is the correct answer.
INCORRECT: “AWS Config” is incorrect. AWS Config is a service that is used for continuous compliance, not application decoupling.
INCORRECT: “Amazon MQ” is incorrect. Amazon MQ is similar to SQS but is used for existing applications that are being migrated into AWS. SQS should be used for new applications being created in the cloud.
INCORRECT: “AWS Step Functions” is incorrect. AWS Step Functions is a workflow service. It is not the best solution for this scenario.
Question 52:
A company has deployed a new website on Amazon EC2 instances behind an Application Load Balancer (ALB). Amazon Route 53 is used for the DNS service. The company has asked a Solutions Architect to create a backup website with support contact details that users will be directed to automatically if the primary website is down.
How should the Solutions Architect deploy this solution cost-effectively?
A. Create the backup website on EC2 and ALB in another Region and create an AWS Global Accelerator endpoint.
B. Deploy the backup website on EC2 and ALB in another Region and use Route 53 health checks for failover routing.
C. Configure a static website using Amazon S3 and create a Route 53 weighted routing policy.
D. Configure a static website using Amazon S3 and create a Route 53 failover routing policy.
Explanation
The most cost-effective solution is to create a static website using an Amazon S3 bucket and then use a failover routing policy in Amazon Route 53. With a failover routing policy users will be directed to the main website as long as it is responding to health checks successfully.
If the main website fails to respond to health checks (its down), Route 53 will begin to direct users to the backup website running on the Amazon S3 bucket. It’s important to set the TTL on the Route 53 records appropriately to ensure that users resolve the failover address within a short time.
CORRECT: “Configure a static website using Amazon S3 and create a Route 53 failover routing policy” is the correct answer.
INCORRECT: “Configure a static website using Amazon S3 and create a Route 53 weighted routing policy” is incorrect. Weighted routing is used when you want to send a percentage of traffic between multiple endpoints. In this case all traffic should go to the primary until if fails, then all should go to the backup.
INCORRECT: “Deploy the backup website on EC2 and ALB in another Region and use Route 53 health checks for failover routing” is incorrect. This is not a cost-effective solution for the backup website. It can be implemented using Route 53 failover routing which uses health checks but would be an expensive option.
INCORRECT: “Create the backup website on EC2 and ALB in another Region and create an AWS Global Accelerator endpoint” is incorrect. Global Accelerator is used for performance as it directs traffic to the nearest healthy endpoint. It is not useful for failover in this scenario and is also a very expensive solution.
Question 53:
A company delivers content to subscribers distributed globally from an application running on AWS. The application uses a fleet of Amazon EC2 instance in a private subnet behind an Application Load Balancer (ALB). Due to an update in copyright restrictions, it is necessary to block access for specific countries.
What is the EASIEST method to meet this requirement?
A. Use Amazon CloudFront to serve the application and deny access to blocked countries
B. Modify the security group for EC2 instances to deny incoming traffic from blocked countries
C. Use a network ACL to block the IP address ranges associated with the specific coutnries
D. Modify the ALB security group to deny incoming traffic from blocked countries
Explanation
When a user requests your content, CloudFront typically serves the requested content regardless of where the user is located. If you need to prevent users in specific countries from accessing your content, you can use the CloudFront geo restriction feature to do one of the following:
Allow your users to access your content only if they’re in one of the countries on a whitelist of approved countries.
Prevent your users from accessing your content if they’re in one of the countries on a blacklist of banned countries.
For example, if a request comes from a country where, for copyright reasons, you are not authorized to distribute your content, you can use CloudFront geo restriction to block the request.
This is the easiest and most effective way to implement a geographic restriction for the delivery of content.
CORRECT: “Use Amazon CloudFront to serve the application and deny access to blocked countries” is the correct answer.
INCORRECT: “Use a Network ACL to block the IP address ranges associated with the specific countries” is incorrect as this would be extremely difficult to manage.
INCORRECT: “Modify the ALB security group to deny incoming traffic from blocked countries” is incorrect as security groups cannot block traffic by country.
INCORRECT: “Modify the security group for EC2 instances to deny incoming traffic from blocked countries” is incorrect as security groups cannot block traffic by country.
Question 58: Incorrect
A Solutions Architect has deployed an application on several Amazon EC2 instances across three private subnets. The application must be made accessible to internet-based clients with the least amount of administrative effort.
How can the Solutions Architect make the application available on the internet?
A. Create an Application Load Balancer and associate three private subnets from the same Availability Zones as the private instances. Add the private instances to the ALB.
B. Create a NAT gateway in a public subnet. Add a route to the NAT gateway to the route tables of the three private subnets.
C. Create an Application Load Balancer and associate three public subnets from the same Availability Zones as the private instances. Add the private instances to the ALB.
D. Create an Amazon Machine Image (AMI) of the instances in the private subnet and launch new instances from the AMI in public subnets. Create an Application Load Balancer and add the public instances to the ALB.
Explanation
To make the application instances accessible on the internet the Solutions Architect needs to place them behind an internet-facing Elastic Load Balancer. The way you add instances in private subnets to a public facing ELB is to add public subnets in the same AZs as the private subnets to the ELB. You can then add the instances and to the ELB and they will become targets for load balancing.
An example of this architecture is shown below:
CORRECT: “Create an Application Load Balancer and associate three public subnets from the same Availability Zones as the private instances. Add the private instances to the ALB” is the correct answer.
INCORRECT: “Create an Application Load Balancer and associate three private subnets from the same Availability Zones as the private instances. Add the private instances to the ALB” is incorrect. Public subnets in the same AZs as the private subnets must be added to make this configuration work.
INCORRECT: “Create an Amazon Machine Image (AMI) of the instances in the private subnet and launch new instances from the AMI in public subnets. Create an Application Load Balancer and add the public instances to the ALB” is incorrect. There is no need to use an AMI to create new instances in a public subnet. You can add instances in private subnets to a public-facing ELB.
INCORRECT: “Create a NAT gateway in a public subnet. Add a route to the NAT gateway to the route tables of the three private subnets” is incorrect. A NAT gateway is used for outbound traffic not inbound traffic and cannot make the application available to internet-based clients.
Question 62:
A company’s application is running on Amazon EC2 instances in a single Region. In the event of a disaster, a solutions architect needs to ensure that the resources can also be deployed to a second Region.
Which combination of actions should the solutions architect take to accomplish this? (Select TWO.)
A. Detach a volume on an EC2 instance and copy it to an Amazon S3 bucket in the second region
B. Copy an Amazon Machine Image (AMI) of an EC2 instance and specify the second Region for the destination
C. Copy an Amazon Elastic Block Store (Amazon EBS) volume from Amazon S3 and launch an EC2 instance in the second Region using that EBS volume.
D. Launch a new EC2 instance in the second Region and copy a volume from Amazon S3 to the new instance
E. Launch a new EC2 instance from an Amazon Machine Image (AMI) in the second region
Explanation
You can copy an Amazon Machine Image (AMI) within or across AWS Regions using the AWS Management Console, the AWS Command Line Interface or SDKs, or the Amazon EC2 API, all of which support the CopyImage action.
Using the copied AMI the solutions architect would then be able to launch an instance from the same EBS volume in the second Region.
Note: the AMIs are stored on Amazon S3, however you cannot view them in the S3 management console or work with them programmatically using the S3 API.
CORRECT: “Copy an Amazon Machine Image (AMI) of an EC2 instance and specify the second Region for the destination” is a correct answer.
CORRECT: “Launch a new EC2 instance from an Amazon Machine Image (AMI) in the second Region” is also a correct answer.
INCORRECT: “Detach a volume on an EC2 instance and copy it to an Amazon S3 bucket in the second Region” is incorrect. You cannot copy EBS volumes directly from EBS to Amazon S3.
INCORRECT: “Launch a new EC2 instance in the second Region and copy a volume from Amazon S3 to the new instance” is incorrect. You cannot create an EBS volume directly from Amazon S3.
INCORRECT: “Copy an Amazon Elastic Block Store (Amazon EBS) volume from Amazon S3 and launch an EC2 instance in the second Region using that EBS volume” is incorrect. You cannot create an EBS volume directly from Amazon S3.
Question 63:
A company has two accounts for perform testing and each account has a single VPC: VPC-TEST1 and VPC-TEST2. The operations team require a method of securely copying files between Amazon EC2 instances in these VPCs. The connectivity should not have any single points of failure or bandwidth constraints.
Which solution should a Solutions Architect recommend?
A. Attach a virtual private gateway to VPC-TEST1 and VPC-TEST2 and enable routing
B. Create a VPC gateway endpoint for each EC2 instance and update the route tables.
C. Create a VPC peering connection between VPC-TEST1 and VPC-TEST2
D. Attach a Direct Connect Gateway to VPC-TEST1 and VPC-TEST2 and enable routing
Explanation
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network.
You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The VPCs can be in different regions (also known as an inter-region VPC peering connection).
CORRECT: “Create a VPC peering connection between VPC-TEST1 and VPC-TEST2” is the correct answer.
INCORRECT: “Create a VPC gateway endpoint for each EC2 instance and update route tables” is incorrect. You cannot create VPC gateway endpoints for Amazon EC2 instances. These are used with DynamoDB and S3 only.
INCORRECT: “Attach a virtual private gateway to VPC-TEST1 and VPC-TEST2 and enable routing” is incorrect. You cannot create an AWS Managed VPN connection between two VPCs.
INCORRECT: “Attach a Direct Connect gateway to VPC-TEST1 and VPC-TEST2 and enable routing” is incorrect. Direct Connect gateway is used to connect a Direct Connect connection to multiple VPCs, it is not useful in this scenario as there is no Direct Connect connection.
