AWS Certified Solutions Architect – Associate (SAA-C03) — Question 940

A company hosts its core network services, including directory services and DNS, in its on-premises data center. The data center is connected to the AWS Cloud using AWS Direct Connect (DX). Additional AWS accounts are planned that will require quick, cost-effective, and consistent access to these network services.

What should a solutions architect implement to meet these requirements with the LEAST amount of operational overhead?

Answer options

• A. Create a DX connection in each new account. Route the network traffic to the on-premises servers.
• B. Configure VPC endpoints in the DX VPC for all required services. Route the network traffic to the on-premises servers.
• C. Create a VPN connection between each new account and the DX VPRoute the network traffic to the on-premises servers.
• D. Configure AWS Transit Gateway between the accounts. Assign DX to the transit gateway and route network traffic to the on-premises servers.

Correct answer: D

Explanation

AWS Transit Gateway acts as a centralized cloud router, allowing multiple AWS accounts and VPCs to easily connect to a single AWS Direct Connect (DX) gateway, which minimizes operational overhead and simplifies network management. Establishing individual DX connections (Option A) or VPNs (Option C) for each account introduces significant administrative overhead and higher costs. VPC endpoints (Option B) do not provide the necessary routing capabilities for on-premises directory and DNS services in this multi-account setup.