AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 247

You have an application that is processing confidential data. The data is currently stored in your data center. You are moving workloads to AWS, and you need to ensure confidentiality and integrity of the data in transit to your VPC. Your company has an existing AWS Direct Connect connection.
What combination of steps should you perform to set up the most cost-effective connection between your on-premises data center and AWS? (Choose three.)

Answer options

• A. Set up a VPC with a virtual private gateway.
• B. Set up a VPC with an Internet gateway.
• C. Configure a public virtual interface on your Direct Connect connection.
• D. Configure a private virtual interface to the virtual private gateway.
• E. Set up an IPsec tunnel between your customer gateway and a software VPN on Amazon EC2 in the VPC.
• F. Set up an IPsec tunnel between your customer gateway appliance and the virtual private gateway.

Correct answer: A, C, F

Explanation

The correct steps to ensure a secure and cost-effective connection are to set up a VPC with a virtual private gateway (A), configure a public virtual interface on your Direct Connect (C), and create an IPsec tunnel between your customer gateway appliance and the virtual private gateway (F). Options B and D are not suitable because an Internet gateway does not provide the required confidentiality and integrity, and a private virtual interface is unnecessary when a public one suffices for the existing Direct Connect setup. Option E is also not ideal as it adds unnecessary complexity compared to using the virtual private gateway directly.