ExpertAWS SAP-C02 · Question 06 · Domain 1.1: Network Connectivity
An architecture team is designing a hybrid network. They have two on-premises data centers and three AWS Regions. They need encrypted, high-throughput connectivity between all on-premises locations and all AWS Regions. The solution must support dynamic routing and minimize the number of point-to-point VPN connections to manage. Which architecture is BEST?
An architecture team is designing a hybrid network. They have two on-premises data centers and three AWS Regions. They need encrypted, high-throughput connectivity between all on-premises locations and all AWS Regions. The solution must support dynamic routing and minimize the number of point-to-point VPN connections to manage. Which architecture is BEST?
Answer options:
Deploy AWS Cloud WAN. Create a global core network. Attach AWS Site-to-Site VPN connections from the data centers to the closest Cloud WAN edge locations. Attach regional VPCs to the core network.
Deploy a Transit Gateway in each Region. Peer all Transit Gateways. Create Site-to-Site VPNs from each data center to every Transit Gateway.
Use AWS Direct Connect with MACsec encryption. Connect each data center to a Direct Connect Gateway. Associate the Direct Connect Gateway with Virtual Private Gateways in each Region.
Deploy software SD-WAN appliances on EC2 instances in a central transit VPC. Route all global traffic through this VPC using VPC peering.
How to approach this question
Full Answer
Common mistakes
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 5
75 questions · hints · full answers · grading