AWS Certified Security – Specialty (SCS-C03) — Question 53

A company is migrating one of its legacy systems from an on-premises data center to AWS. The application server will run on AWS, but the database must remain in the on-premises data center for compliance reasons. The database is sensitive to network latency. Additionally, the data that travels between the on-premises data center and AWS must have IPsec encryption.
Which combination of AWS solutions will meet these requirements? (Choose two.)

Answer options

• A. AWS Site-to-Site VPN
• B. AWS Direct Connect
• C. AWS VPN CloudHub
• D. VPC peering
• E. NAT gateway

Correct answer: A, B

Explanation

AWS Site-to-Site VPN provides a secure IPsec-encrypted tunnel for data transmission, making it suitable for the compliance requirement. AWS Direct Connect offers a dedicated connection that minimizes latency, which is essential for the sensitive database, and also supports IPsec encryption, making both A and B the correct choices. The other options do not fulfill both requirements of low latency and IPsec encryption.