Q8 — AWS ANS-C01 Ch.1

Question 8 of 100 | ← Chapter 1

A company has an application that runs on premises. The application needs to communicate with an application that runs in a VPC on AWS. The Communication between the applications must be encrypted and must use private IP addresses. The communication cannot travel across the Public internet. The company has established a 1 Gbps AWS Direct Connect connection between the on-premises location and AWS. Which solution will meet the connectivity requirements with the LEAST operational overhead?

Correct Answer: B. Create a transit gateway. Configure a transit VIF on the Direct Connect connection. Associate the transit VIF with a Direct Connect gateway. Associate the Direct Connect gateway with a new transit gateway. Set up an AWS Site-to-Site VPN private IP VPN connection to the transit Gateway.

Explanation

AWS Direct Connect与Transit Gateway的结合使用场景。AWS文档指出,使用Transit VIF通过Direct Connect Gateway连接到Transit Gateway,允许跨多个VPC和本地网络的路由管理。选项B配置Transit VIF关联到Direct Connect Gateway,再与Transit Gateway连接,同时通过Site-to-Site VPN建立加密隧道。此设计满足私有IP通信、加密需求,避免公网传输,且通过Transit Gateway集中管理网络连接,减少操作复杂性。选项A的私有VIF仅直接关联单个VPC,无法灵活扩展;选项C的公共VIF不适合私有通信;选项D引入第三方设备增加管理负担。