Q99 — AWS ANS-C01 Ch.1

Question 99 of 100 | ← Chapter 1

A global company operates all its non-production environments out of three AWS Regions: eu-west-1, us-east-1, and us-west-1. The company Hosts all its production workloads in two on-premises data centers. The company has 60 AWS accounts and each account has two VPCs in each Region. Each VPC has a virtual private gateway where two VPN connections terminate for resilient connectivity to the data centers. The company Has 360 VPN tunnels to each data center, resulting in high management overhead. The total VPN throughput for each Region is 500 Mbps. The company wants to migrate the production environments to AWS. The company needs a solution that will simplify the network architecture and Allow for future growth. The production environments will generate an additional 2 Gbps of traffic per Region back to the data centers. This traffic Will increase over time. Which solution will meet these requirements?

Correct Answer: C. Create a transit gateway in each Region with multiple newly commissioned VPN connections from each data center. Share the transit Gateways with each account by using AWS Resource Access Manager (AWS RAM). In each Region, attach the transit gateway to each VPRemove the existing VPN connections that are attached directly to the virtual private gateways.

Explanation

AWS Transit Gateway设计用于集中管理VPC和VPN连接,减少复杂性和管理开销。每个区域单独部署Transit Gateway可确保本地化处理流量,避免跨区域延迟。AWS文档指出,Transit Gateway支持跨账户共享(通过RAM)和多个VPN隧道聚合带宽。原有每个VPC的双VPN连接导致360条隧道,迁移至每个区域一个Transit Gateway后,仅需少量高带宽VPN连接,满足2Gbps及未来增长需求。选项B的单Transit Gateway无法处理多区域流量,而选项C的每区域部署可独立扩展。选项A的Direct Connect需物理连接且扩展性不足,选项D的VPC peering存在路由限制,复杂性较高。答案C符合简化架构、扩展性及吞吐要求。