AWS Certified Solutions Architect – Professional — Question 748

A company is migrating an application from on-premises infrastructure to the AWS Cloud. During migration design meetings, the company expressed concerns about the availability and recovery options for its legacy Windows file server. The file server contains sensitive business-critical data that cannot be recreated in the event of data corruption or data loss. According to compliance requirements, the data must not travel across the public internet. The company wants to move to AWS managed services where possible.

The company decides to store the data in an Amazon FSx for Windows File Server file system. A solutions architect must design a solution that copies the data to another AWS Region for disaster recovery (DR) purposes.

Which solution will meet these requirements?

Answer options

• A. Create a destination Amazon S3 bucket in the DR Region. Establish connectivity between the FSx for Windows File Server file system in the primary Region and the S3 bucket in the DR Region by using Amazon FSx File Gateway. Configure the S3 bucket as a continuous backup source in FSx File Gateway.
• B. Create an FSx for Windows File Server file system in the DR Region. Establish connectivity between the VPC in the primary Region and the VPC in the DR Region by using AWS Site-to-Site VPN. Configure AWS DataSync to communicate by using VPN endpoints.
• C. Create an FSx for Windows File Server file system in the DR Region. Establish connectivity between the VPC in the primary Region and the VPC in the DR Region by using VPC peering. Configure AWS DataSync to communicate by using interface VPC endpoints with AWS PrivateLink.
• D. Create an FSx for Windows File Server file system in the DR Region Establish connectivity between the VPC in the primary Region and the VPC in the DR Region by using AWS Transit Gateway in each Region. Use AWS Transfer Family to copy files between the FSx for Windows File Server file system in the primary Region and the FSx for Windows File Server file system in the DR Region over the private AWS backbone network.

Correct answer: C

Explanation

Option C is correct because VPC peering establishes a private connection between VPCs across different AWS Regions, and AWS DataSync using interface VPC endpoints (AWS PrivateLink) ensures that data replication traffic remains entirely within the AWS private network, satisfying the compliance requirement. Option A is incorrect because FSx File Gateway is designed for on-premises caching, not cross-region FSx to S3 replication. Option B is incorrect because AWS Site-to-Site VPN typically routes traffic over the public internet unless established over AWS Direct Connect, which violates the compliance rule. Option D is incorrect because AWS Transfer Family is designed for SFTP/FTPS/FTP transfers and is not the native or optimal tool for synchronizing FSx for Windows File Server file systems compared to AWS DataSync.