AWS Certified Solutions Architect – Associate (SAA-C02) — Question 414

A company has two VPCs named Management and Production. The Management VPC uses VPNs through a customer gateway to connect to a single device in the data center. The Production VPC uses a virtual private gateway with two attached AWS Direct Connect connections. The Management and Production VPCs both use a single VPC peering connection to allow communication between the applications.
What should a solutions architect do to mitigate any single point of failure in this architecture?

Answer options

• A. Add a set of VPNs between the Management and Production VPCs.
• B. Add a second virtual private gateway and attach it to the Management VPC.
• C. Add a second set of VPNs to the Management VPC from a second customer gateway device.
• D. Add a second VPC peering connection between the Management VPC and the Production VPC.

Correct answer: C

Explanation

The primary single point of failure in this architecture is the single customer gateway device used by the Management VPC to connect to the data center. Adding a second customer gateway device with its own set of VPNs ensures path redundancy and high availability. VPC peering is inherently highly available, and the Production VPC already uses redundant AWS Direct Connect connections, making the other options incorrect or redundant.