AWS Certified Solutions Architect – Professional (SAP-C02) — Question 502

A company operates a static content distribution platform that serves customers globally. The customers consume content from their own AWS accounts.

The company serves its content from an Amazon S3 bucket. The company uploads the content from its on-premises environment to the S3 bucket by using an S3 File Gateway.

The company wants to improve the platform’s performance and reliability by serving content from the AWS Region that is geographically closest to customers. The company must route the on-premises data to Amazon S3 with minimal latency and without public internet exposure.

Which combination of steps will meet these requirements with the LEAST operational overhead? (Choose two.)

Answer options

• A. Implement S3 Multi-Region Access Points
• B. Use S3 Cross-Region Replication (CRR) to copy content to different Regions
• C. Create an AWS Lambda function that tracks the routing of clients to Regions
• D. Use an AWS Site-to-Site VPN connection to connect to a Multi-Region Access Point.
• E. Use AWS PrivateLink and AWS Direct Connect to connect to a Multi-Region Access Point.

Correct answer: A, E

Explanation

S3 Multi-Region Access Points (Option A) automatically route client requests to the closest AWS Region, improving performance and reliability with minimal operational overhead. To transfer the on-premises data to S3 with low latency and without using the public internet, combining AWS Direct Connect with AWS PrivateLink (Option E) to access the Multi-Region Access Point is the most secure and high-performing solution. Other options like Site-to-Site VPN (Option D) rely on the public internet, and custom routing functions (Option C) introduce unnecessary complexity.