An enterprise wants to establish a dedicated, private connection to AWS. They require high availability and encryption in transit. Which THREE components are required to build a highly available, encrypted hybrid network? (Select THREE)

Answer options:

Two AWS Direct Connect connections in different locations.

AWS Site-to-Site VPN configured over the Direct Connect connections.

An AWS Transit Gateway or Virtual Private Gateway.

AWS Client VPN.

A single Direct Connect connection with MACsec.

AWS PrivateLink.

How to approach this question

Combine DX for private connectivity with VPN for encryption.

Full Answer

Two AWS Direct Connect connections in different locations., AWS Site-to-Site VPN configured over the Direct Connect connections., An AWS Transit Gateway or Virtual Private Gateway.

To achieve a highly available, encrypted connection, you provision redundant Direct Connect connections and run IPsec VPNs over them (Public VIF or Transit VIF) terminating at a TGW or VGW.

Common mistakes

Thinking Direct Connect is encrypted by default (it is not, unless MACsec is used).

Question 71 All questions Question 73

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 3

75 questions · hints · full answers · grading

More questions from this exam

Q01An enterprise has 100 VPCs across 5 AWS Regions. They need to establish a highly available, trans...Hard Q02A company uses AWS Organizations. The CISO requires that no EC2 instances can be launched outside...Medium Q03An application uses Amazon Aurora PostgreSQL. To meet disaster recovery requirements, the databas...Hard Q04A company is setting up a new multi-account AWS environment. They want to automate the creation o...Medium Q05An organization wants to allocate AWS costs to specific departments. They use multiple AWS accoun...Medium

View all 75 questions →