AWS Certified Security – Specialty — Question 48
An organization is moving non-business-critical applications to AWS while maintaining a mission-critical application in an on-premises data center. An on-premises application must share limited confidential information with the applications in AWS. The internet performance is unpredictable.
Which configuration will ensure continued connectivity between sites MOST securely?
Answer options
- A. VPN and a cached storage gateway
- B. AWS Snowball Edge
- C. VPN Gateway over AWS Direct Connect
- D. AWS Direct Connect
Correct answer: C
Explanation
The correct answer is C, as using a VPN Gateway over AWS Direct Connect provides a secure and stable connection between the on-premises data center and AWS, which is essential for sharing confidential information. Option A is less secure because a cached storage gateway does not guarantee the same level of encryption and reliability. Option B, AWS Snowball Edge, is used for data transfer rather than ongoing connectivity. Option D, AWS Direct Connect alone, does not provide the added security of a VPN connection.