AWS Certified Solutions Architect – Associate (SAA-C02) — Question 768

A company's workload is running in an on-premises data center and on AWS in the ap-south-1 Region. The company wants to use the ap-southeast-1 Region as its secondary site for disaster recovery. The company needs to have a single, dedicated connection with 4 Gbps of bandwidth throughput from its data center to both AWS Regions.
What should a solutions architect do to meet this requirement?

Answer options

• A. Create one AWS Site-to-Site VPN connection in ap-south-1. Connect the company's data center to the virtual private gateway.
• B. Create two AWS Site-to-Site VPN connections: one in ap-south-1 and one in ap-southeast-1. Connect the company's data center to both virtual private gateways.
• C. Create one AWS Direct Connect gateway. Provision a 4 Gbps Direct Connect hosted connection from an AWS Direct Connect Partner. Associate the connection with the Direct Connect gateway.
• D. Create two AWS Direct Connect gateways: one in ap-south-1 and one in ap-southeast-1. Provision a 4 Gbps Direct Connect hosted connection from an AWS Direct Connect Partner. Associate the connection with both Direct Connect gateways.

Correct answer: C

Explanation

An AWS Direct Connect gateway allows a single Direct Connect connection to access VPCs across multiple AWS Regions, perfectly meeting the requirement for a single dedicated connection. Options A and B are incorrect because AWS Site-to-Site VPN connections do not provide dedicated physical connections and are limited to 1.25 Gbps of bandwidth per tunnel. Option D is incorrect because a single Direct Connect gateway can span multiple regions, making two separate gateways unnecessary and misconfigured.