Examice

Exam ANS-C01 All QuestionsBrowse all questions from this exam

Question 179

A company hosts infrastructure services in multiple VPCs across multiple accounts in the us-west-2 Region. The VPC CIDR blocks do not overlap. The company wants to connect the VPCs to its data centers by using AWS Site-to-Site VPN tunnels.

The connections must be encrypted in transit. Additionally, the connection from each data center must route to the closest AWS edge location. The connections must be highly available and must accommodate automatic failover.

Which solution will meet these requirements?

Deploy a transit gateway. Share the transit gateway with each of the other accounts by using AWS Resource Access Manager (AWS RAM). Create VPC attachments to the transit gateway from each service account. Add routes to the on-premises subnet in each of the service VPC route tables by using the attachment as the gateway. Create Site-to-Site VPN tunnel attachments with dynamic routing to the transit gateway. Enable the acceleration feature for the Site-to-Site VPN connection. Configure the VPN tunnels on the on-premises equipment. Configure BGP peering.

Deploy VPN gateways to each account. Enable the acceleration feature for VPN gateways on each account. Add routes to the on-premises subnet in each of the service VPC route tables. Use the VPNs as the gateway. Configure the VPN tunnels on the on-premises equipment. Configure BGP peering.

Correct Answer: A

The correct solution requires encryption in transit, optimal routing through the nearest AWS edge location, high availability, and automatic failover. Deploying a transit gateway and sharing it with each of the other accounts using AWS Resource Access Manager (AWS RAM) fits the requirement of connecting multiple VPCs across multiple accounts. Creating Site-to-Site VPN tunnel attachments with dynamic routing and enabling acceleration for the Site-to-Site VPN connection ensures that connections are optimized and encrypted in transit. Configuring BGP peering is crucial for ensuring automatic failover and high availability. Therefore, the solution involving a transit gateway with dynamic routing and BGP peering is the most appropriate.

Discussion

Kayceetalks

A - correct

KobDragoonOption: A

Looks good, A over C just due to dynamic routing with BGP peering instead of static routing.

Blitz1Option: A

automatic failover = BGP -> so we exclude static acceleration is not possible in Virtual private gateway -> and this is how we remain with (A)

psou7

I agree with A