A company is migrating a large database from its on-premises data center to AWS. The migration requires a dedicated, high-speed network connection. However, the company's security policy mandates that all data in transit must be encrypted using IPsec. How can a solutions architect meet both requirements?

Answer options:

Use AWS Direct Connect with MACsec encryption.

Configure an AWS Site-to-Site VPN over the public internet.

Configure an AWS Site-to-Site VPN over an AWS Direct Connect connection.

Use AWS DataSync with TLS encryption.

How to approach this question

Combine Direct Connect (dedicated/high-speed) with VPN (IPsec encryption).

Full Answer

C.Configure an AWS Site-to-Site VPN over an AWS Direct Connect connection.✓ Correct

Configure an AWS Site-to-Site VPN over an AWS Direct Connect connection.

AWS Direct Connect provides a dedicated, private network connection with consistent high performance. However, Direct Connect alone does not encrypt data in transit. To meet the IPsec requirement, you can configure an AWS Site-to-Site VPN connection over the Direct Connect link.

Common mistakes

Assuming Direct Connect is encrypted by default, or choosing MACsec when IPsec is explicitly requested.

Question 49 All questions Question 51

Practice the full AWS SAA-C03 Practice Exam 1

65 questions · hints · full answers · grading

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...Medium Q02A solutions architect is designing an application that will run on Amazon EC2 instances. The appl...Easy Q03A company wants to implement a federated identity solution for its employees to access the AWS Ma...Medium Q04A mobile application needs to access Amazon DynamoDB directly to read user-specific data. The app...Hard Q05A company is hosting a web application on Amazon EC2 instances. The application connects to an Am...Medium

View all 65 questions →