AWS Certified Solutions Architect – Associate (SAA-C03) — Question 921

A company needs to design a hybrid network architecture. The company's workloads are currently stored in the AWS Cloud and in on-premises data centers. The workloads require single-digit latencies to communicate. The company uses an AWS Transit Gateway transit gateway to connect multiple VPCs.

Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)

Answer options

• A. Establish an AWS Site-to-Site VPN connection to each VPC.
• B. Associate an AWS Direct Connect gateway with the transit gateway that is attached to the VPCs.
• C. Establish an AWS Site-to-Site VPN connection to an AWS Direct Connect gateway.
• D. Establish an AWS Direct Connect connection. Create a transit virtual interface (VIF) to a Direct Connect gateway.
• E. Associate AWS Site-to-Site VPN connections with the transit gateway that is attached to the VPCs.

Correct answer: B, D

Explanation

To achieve single-digit millisecond latency between on-premises environments and AWS VPCs connected via AWS Transit Gateway, a dedicated AWS Direct Connect connection is required, which is initiated by creating a transit virtual interface (VIF) to a Direct Connect gateway (Option D). This Direct Connect gateway must then be associated with the AWS Transit Gateway to route traffic to the connected VPCs (Option B). AWS Site-to-Site VPN options (Options A, C, and E) utilize the public internet and cannot consistently guarantee the required single-digit latencies.