AWS Certified Solutions Architect – Associate (SAA-C02) — Question 483

A company is running several business applications in three separate VPCs within the us-east-1 Region. The applications must be able to communicate between
VPCs. The applications also must be able to consistently send hundreds of gigabytes of data each day to a latency-sensitive application that runs in a single on- premises data center.
A solutions architect needs to design a network connectivity solution that maximizes cost-effectiveness.
Which solution meets these requirements?

Answer options

• A. Configure three AWS Site-to-Site VPN connections from the data center to AWS. Establish connectivity by configuring one VPN connection for each VPC.
• B. Launch a third-party virtual network appliance in each VPC. Establish an IPsec VPN tunnel between the data center and each virtual appliance.
• C. Set up three AWS Direct Connect connections from the data center to a Direct Connect gateway in us-east-1. Establish connectivity by configuring each VPC to use one of the Direct Connect connections.
• D. Set up one AWS Direct Connect connection from the data center to AWS. Create a transit gateway, and attach each VPC to the transit gateway. Establish connectivity between the Direct Connect connection and the transit gateway.

Correct answer: D

Explanation

AWS Direct Connect is necessary to support the high-volume, latency-sensitive daily data transfers, as standard VPN connections (options A and B) run over the public internet and cannot guarantee consistent latency. To optimize costs and simplify administration, a single Direct Connect connection should be paired with an AWS Transit Gateway (option D) to route traffic between the on-premises network and all three VPCs. Provisioning three separate Direct Connect connections (option C) is unnecessarily expensive and redundant for this architecture.