AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 205
A company is running business applications on AWS. The company uses 50 AWS accounts, thousands of VPCs, and 3 AWS Regions across the United States and Europe.
A network engineer needs to establish network connectivity between an on-premises data center and the Regions. The network engineer also must establish connectivity between the VPCs. On-premises: users and applications must be able to connect to applications that run in the VPCs.
The company has an existing AWS Direct Connect connection that the network engineer can use. The network engineer creates a transit gateway in each Region and configures the transit gateways as inter-Region peers.
Which solution will provide network connectivity from the on-premises data center to the Regions and will provide inter-VPC communications across the different Regions?
Answer options
- A. Create a private VIF with a gateway type of virtual private gateway. Configure the private VIF to use a virtual private gateway that is associated with one of the VPCs.
- B. Create a private VIF to a new Direct Connect gateway. Associate the new Direct Connect gateway with a virtual private gateway in each VPC.
- C. Create transit VIF with a gateway association to a new Direct Connect gateway. Associate each transit gateway with the new Direct Connect gateway.
- D. Create an AWS Site-to-Site VPN connection that uses a public VIF for the Direct Connect connection. Attach the Site-to-Site VPN connection to the transit gateways.
Correct answer: C
Explanation
Option C is correct because creating a transit VIF with a new Direct Connect gateway allows for efficient inter-Region connectivity and supports the transit gateways established for VPC communication. Options A and B are incorrect as they do not provide the necessary inter-Region connectivity needed for multiple VPCs. Option D, while it creates a VPN connection, does not utilize the benefits of Direct Connect for inter-VPC communications across Regions.