AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 124

A company is growing rapidly. Data transfers between the company's on-premises systems and Amazon EC2 instances that run in VPCs are limited by the throughput of a single AWS Site-to-Site VPN connection between the company's on-premises data center firewall and an AWS Transit Gateway.

A network engineer must resolve the throttling by designing a solution that is highly available and secure. The solution also must scale the VPN throughput from on premises to the VPC resources to support the increase in traffic.

Which solution will meet these requirements?

Answer options

• A. Configure multiple dynamic BGP-based Site-to-Site VPN connections to the transit gateway. Configure equal-cost multi-path routing (ECMP).
• B. Configure multiple static routing-based Site-to-Site VPN connections to the transit gateway. Configure equal-cost multi-path routing (ECMP).
• C. Configure a new Site-to-Site VPN connection to the transit gateway. Enable acceleration for the Site-to-Site VPN connection.
• D. Configure a software appliance-based VPN connection over the internet from the on-premises firewall to an EC2 instance that has a large instance size and networking capabilities.

Correct answer: A

Explanation

Option A is correct because configuring multiple dynamic BGP-based Site-to-Site VPN connections allows for greater throughput and redundancy, while ECMP optimizes traffic distribution. Option B is incorrect as static routing does not provide the same level of flexibility and scalability as dynamic routing. Option C lacks the necessary multiple connections required for high availability and does not address throughput scaling adequately. Option D may introduce unnecessary complexity and does not guarantee the same level of performance as the BGP-based solution.