AWS Certified Security – Specialty (SCS-C02) — Question 2
A company is migrating one of its legacy systems from an on-premises data center to AWS. The application server will run on AWS, but the database must remain in the on-premises data center for compliance reasons. The database is sensitive to network latency. Additionally, the data that travels between the on-premises data center and AWS must have IPsec encryption.
Which combination of AWS solutions will meet these requirements? (Choose two.)
Answer options
- A. AWS Site-to-Site VPN
- B. AWS Direct Connect
- C. AWS VPN CloudHub
- D. VPC peering
- E. NAT gateway
Correct answer: A, B
Explanation
The correct options, AWS Site-to-Site VPN and AWS Direct Connect, provide secure and reliable connectivity between the on-premises data center and AWS, ensuring IPsec encryption for data in transit. AWS Site-to-Site VPN is suitable for creating a secure tunnel over the internet, while AWS Direct Connect offers a dedicated connection that minimizes latency. The other options do not meet both the encryption requirement and the sensitivity to network latency.