AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 315

Your Amazon Kinesis application receives data streams from thousands of devices. The data is then stored in an on-premises Hadoop cluster. You are concerned about historical data that shows periods of sustained traffic between 1 Gbps and 2 Gbps during peaks. You must ensure that you have secure, fault- tolerant connectivity between Amazon Kinesis and your data center.
What should you implement to address these needs?

Answer options

• A. Deploy a single 1-Gbps Direct Connect connection with a VPN backup.
• B. Deploy three 1-Gbps Direct Connect connections.
• C. Deploy two 1-Gbps Direct Connect connections.
• D. Set up an IPsec VPN connection over Direct Connect with two tunnels.

Correct answer: D

Explanation

Setting up an IPsec VPN over AWS Direct Connect provides encryption in transit, satisfying the security requirement, while the dual tunnels deliver the necessary fault tolerance. Standard Direct Connect connections on their own do not encrypt data by default, meaning options A, B, and C do not meet the strict security criteria. This configuration combines the consistent, high-bandwidth performance of Direct Connect with the secure, redundant encryption of an IPsec VPN.