ANS-C01 Exam QuestionsBrowse all questions from this exam
Go to Exam

ANS-C01 Exam - Question 179

A company hosts infrastructure services in multiple VPCs across multiple accounts in the us-west-2 Region. The VPC CIDR blocks do not overlap. The company wants to connect the VPCs to its data centers by using AWS Site-to-Site VPN tunnels.

The connections must be encrypted in transit. Additionally, the connection from each data center must route to the closest AWS edge location. The connections must be highly available and must accommodate automatic failover.

Which solution will meet these requirements?

Show Answer
Correct Answer: A

The correct solution requires encryption in transit, optimal routing through the nearest AWS edge location, high availability, and automatic failover. Deploying a transit gateway and sharing it with each of the other accounts using AWS Resource Access Manager (AWS RAM) fits the requirement of connecting multiple VPCs across multiple accounts. Creating Site-to-Site VPN tunnel attachments with dynamic routing and enabling acceleration for the Site-to-Site VPN connection ensures that connections are optimized and encrypted in transit. Configuring BGP peering is crucial for ensuring automatic failover and high availability. Therefore, the solution involving a transit gateway with dynamic routing and BGP peering is the most appropriate.

Discussion

4 comments
Sign in to comment
Kayceetalks
Mar 21, 2024

A - correct

KobDragoonOption: A
Mar 31, 2024

Looks good, A over C just due to dynamic routing with BGP peering instead of static routing.

psou7
Mar 21, 2024

I agree with A

Blitz1Option: A
Jul 16, 2024

automatic failover = BGP -> so we exclude static acceleration is not possible in Virtual private gateway -> and this is how we remain with (A)