AWS Certified Solutions Architect – Professional (SAP-C02) — Question 422
To abide by industry regulations, a solutions architect must design a solution that will store a company's critical data in multiple public AWS Regions, including in the United States, where the company's headquarters is located. The solutions architect is required to provide access to the data stored in AWS to the company’s global WAN network. The security team mandates that no traffic accessing this data should traverse the public internet.
How should the solutions architect design a highly available solution that meets the requirements and is cost-effective?
Answer options
- A. Establish AWS Direct Connect connections from the company headquarters to all AWS Regions in use. Use the company WAN to send traffic over to the headquarters and then to the respective DX connection to access the data.
- B. Establish two AWS Direct Connect connections from the company headquarters to an AWS Region. Use the company WAN to send traffic over a DX connection. Use inter-region VPC peering to access the data in other AWS Regions.
- C. Establish two AWS Direct Connect connections from the company headquarters to an AWS Region. Use the company WAN to send traffic over a DX connection. Use an AWS transit VPC solution to access data in other AWS Regions.
- D. Establish two AWS Direct Connect connections from the company headquarters to an AWS Region. Use the company WAN to send traffic over a DX connection. Use Direct Connect Gateway to access data in other AWS Regions.
Correct answer: D
Explanation
Using an AWS Direct Connect Gateway with a redundant pair of Direct Connect connections allows on-premises networks to privately and cost-effectively access resources in any AWS Region (except China) without traversing the public internet. Establishing dedicated Direct Connect connections to every single region is cost-prohibitive and operationally complex. Utilizing transit VPCs or inter-region VPC peering for this purpose introduces unnecessary routing overhead and higher data transfer costs compared to the native Direct Connect Gateway solution.