A company is setting up AWS Control Tower. They want to implement a shared services VPC for centralized Active Directory and security tools. Which TWO steps are required to integrate this with the Control Tower environment? (Select TWO)

Answer options:

Deploy the shared services in the Control Tower management account.

Create a new AWS account using the Control Tower Account Factory for the shared services.

Peer the shared services VPC with the VPCs in other member accounts using Transit Gateway.

Use AWS RAM to share the Active Directory servers directly.

Deploy the shared services in the Log Archive account.

Modify the Control Tower core CloudFormation templates.

How to approach this question

Follow AWS multi-account best practices for shared services.

Full Answer

Create a new AWS account using the Control Tower Account Factory for the shared services., Peer the shared services VPC with the VPCs in other member accounts using Transit Gateway.

Best practices dictate creating a dedicated Shared Services account and using a Transit Gateway to route traffic between the shared services VPC and workload VPCs.

Common mistakes

Putting workloads in the management or log archive accounts.

Question 52 All questions Question 54

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 3

75 questions · hints · full answers · grading

More questions from this exam

Q01An enterprise has 100 VPCs across 5 AWS Regions. They need to establish a highly available, trans...Hard Q02A company uses AWS Organizations. The CISO requires that no EC2 instances can be launched outside...Medium Q03An application uses Amazon Aurora PostgreSQL. To meet disaster recovery requirements, the databas...Hard Q04A company is setting up a new multi-account AWS environment. They want to automate the creation o...Medium Q05An organization wants to allocate AWS costs to specific departments. They use multiple AWS accoun...Medium

View all 75 questions →