A company is running a line-of-business (LOB) application on AWS to support its users. Th…

Question

A company is running a line-of-business (LOB) application on AWS to support its users. The application runs in one VPC, with a backup copy in a second VPC in a different AWS Region for disaster recovery. The company has a single AWS Direct Connect connection between its on-premises network and AWS. The connection terminates at a Direct Connect gateway.
All access to the application must originate from the company's on-premises network and traffic must be encrypted in transit through the use of IPsec. The company is routing traffic through a VPN tunnel over the Direct Connect connection to provide the required encryption.
A business continuity audit determines that the Direct Connect connection represents a potential single point of failure for access to the application. The company needs to remediate this issue as quickly as possible.
Which approach will meet these requirements?

Accepted Answer

Correct answer: C. C. Create a transit gateway. Attach the VPCs to the transit gateway, and connect the transit gateway to the Direct Connect gateway. Configure an AWS Site-to- Site VPN connection, and terminate it at the transit gateway. — To quickly eliminate the single point of failure, configuring an AWS Site-to-Site VPN over the public internet as a backup path is the fastest approach. By using AWS Transit Gateway, the company can interconnect both VPCs and terminate the VPN connection centrally, ensuring encrypted backup routing to both the primary and disaster recovery regions. Ordering a second Direct Connect connection (as in options A and D) is not a rapid solution because provisioning a new physical line typically takes weeks or months.

AWS Certified Solutions Architect – Professional — Question 581

Answer options

Correct answer: C

Explanation