Q8 — AWS ANS-C01 Ch.1
Question 8 of 100 | ← Chapter 1
A company has an application that runs on premises. The application needs to communicate with an application that runs in a VPC on AWS. The Communication between the applications must be encrypted and must use private IP addresses. The communication cannot travel across the Public internet. The company has established a 1 Gbps AWS Direct Connect connection between the on-premises location and AWS. Which solution will meet the connectivity requirements with the LEAST operational overhead?
- A. Configure a private VIF on the Direct Connect connection. Associate the private VIF with the VPC's virtual private gateway. Set up an AWS Site-to-Site VPN private IP VPN connection to the virtual private gateway.
- B. Create a transit gateway. Configure a transit VIF on the Direct Connect connection. Associate the transit VIF with a Direct Connect gateway. Associate the Direct Connect gateway with a new transit gateway. Set up an AWS Site-to-Site VPN private IP VPN connection to the transit Gateway. ✓
- C. Configure a public VIF on the Direct Connect connection. Associate the public VIF with a Direct Connect gateway. Associate the Direct Connect gateway with a new transit gateway. Set up an AWS Site-to-Site VPN private IP VPN connection to the transit gateway.
- D. Create a transit gateway. Configure a transit VIF on the Direct Connect connection. Associate the transit VIF with a Direct Connect gateway. Associate the Direct Connect gateway with a new transit gateway. Set up a third-party firewall in a new VPC that is attached to the transit Gateway. Set up a VPN connection to the third-party firewall.
Correct Answer: B. Create a transit gateway. Configure a transit VIF on the Direct Connect connection. Associate the transit VIF with a Direct Connect gateway. Associate the Direct Connect gateway with a new transit gateway. Set up an AWS Site-to-Site VPN private IP VPN connection to the transit Gateway.
Explanation
AWS Direct Connect与Transit Gateway的结合使用场景。AWS文档指出,使用Transit VIF通过Direct Connect Gateway连接到Transit Gateway,允许跨多个VPC和本地网络的路由管理。选项B配置Transit VIF关联到Direct Connect Gateway,再与Transit Gateway连接,同时通过Site-to-Site VPN建立加密隧道。此设计满足私有IP通信、加密需求,避免公网传输,且通过Transit Gateway集中管理网络连接,减少操作复杂性。选项A的私有VIF仅直接关联单个VPC,无法灵活扩展;选项C的公共VIF不适合私有通信;选项D引入第三方设备增加管理负担。