Q33 — AWS ANS-C01 Ch.1

Question 33 of 100 | ← Chapter 1

A company uses a 1 Gbps AWS Direct Connect connection to connect its AWS environment to its on-premises data center. The connection provides employees with access to an application VPC that is hosted on AWS. Many remote employees use a company-provided VPN to connect to the data center. These employees are reporting slowness when they access the application during business hours. On-premises users have started to report similar slowness while they are in the office. The company plans to build an additional application on AWS. On-site and remote employees will use the additional application. After the deployment of this additional application, the company will need 20% more bandwidth than the company currently uses. With the increased usage, the company wants to add resiliency to the AWS connectivity. A network engineer must review the current implementation and must make improvements within a limited budget. What should the network engineer do to meet these requirements MOST cost-effectively?

Correct Answer: B. Deploy an AWS Site-to-Site VPN connection to the application VPC. Configure the on-premises routing for the remote employees to connect to the Site-to-Site VPN connection.

Explanation

考虑到公司需要在有限的预算内增加带宽并提高AWS连接的韧性,网络工程师应选择最经济有效的方案。选项B提出部署一个AWSSite-to-SiteVPN连接到应用VPC,并配置内部路由,使远程员工连接到Site-to-SiteVPN。这种方法可以利用现有的网络基础设施,通过VPN隧道增加带宽,并且提供了一定的冗余性,因为VPN连接可以作为DirectConnect连接的一个备份或补充。相比其他选项,如增加新的DirectConnect连接或升级现有连接(选项A和D),或者部署全新的AmazonWorkspaces(选项C),Site-to-SiteVPN通常具有更低的成本,并且能更快地实施,因此是最符合题目要求的解决方案。 查看全部