AWS Certified Solutions Architect – Associate (SAA-C03) — Question 467

A company has two VPCs named Management and Production. The Management VPC uses VPNs through a customer gateway to connect to a single device in the data center. The Production VPC uses a virtual private gateway with two attached AWS Direct Connect connections. The Management and Production VPCs both use a single VPC peering connection to allow communication between the applications.

What should a solutions architect do to mitigate any single point of failure in this architecture?

Answer options

• A. Add a set of VPNs between the Management and Production VPCs.
• B. Add a second virtual private gateway and attach it to the Management VPC.
• C. Add a second set of VPNs to the Management VPC from a second customer gateway device.
• D. Add a second VPC peering connection between the Management VPC and the Production VPC.

Correct answer: C

Explanation

The current architecture contains a single point of failure at the on-premises data center because the Management VPC's VPN connection relies on only one customer gateway device. Implementing a second customer gateway device with a new set of VPNs mitigates this risk by providing hardware redundancy. The Production VPC's dual Direct Connect links and the VPC peering connection are already designed for high availability and do not represent single points of failure.