Q28 — AWS ANS-C01 Ch.1
Question 28 of 100 | ← Chapter 1
A company is growing rapidly. Data transfers between the company's on-premises systems and Amazon EC2 instances that run in VPCs are limited by the throughput of a single AWS Site-to-Site VPN connection between the company's on-premises data center firewall and an AWS Transit Gateway. A network engineer must resolve the throttling by designing a solution that is highly available and secure. The solution also must scale the VPN throughput from on premises to the VPC resources to support the increase in traffic. Which solution will meet these requirements?
- A. Configure multiple dynamic BGP-based Site-to-Site VPN connections to the transit gateway. Configure equal-cost multi-path routing (ECMP). ✓
- B. Configure multiple static routing-based Site-to-Site VPN connections to the transit gateway. Configure equal-cost multi-path routing (ECMP).
- C. Configure a new Site-to-Site VPN connection to the transit gateway. Enable acceleration for the Site-to-Site VPN connection.
- D. Configure a software appliance-based VPN connection over the internet from the on-premises firewall to an EC2 instance that has a large instance size and networking capabilities.
Correct Answer: A. Configure multiple dynamic BGP-based Site-to-Site VPN connections to the transit gateway. Configure equal-cost multi-path routing (ECMP).
Explanation
为了满足公司数据传输的高可用性、安全性和可扩展性要求,最佳方案是A。通过配置多个基于BGP的动态Site-to-SiteVPN连接到AWSTransitGateway,并利用等成本多路径路由(ECMP),可以确保数据传输的负载均衡和高可用性。这种方法允许流量通过多个VPN隧道分发,从而提高吞吐量和可靠性。其他选项要么不支持动态路由(如B选项的静态路由),要么不能有效扩展VPN吞吐量(如C选项的单一VPN连接加速),或者不符合安全性要求(如D选项的通过互联网传输数据的软件VPN)。 查看全部