Q10 — AWS SCS-C02 Ch.1

Question 10 of 100 | ← Chapter 1

A company is migrating one of its legacy systems from an on-premises data center to AWS. The application server will run on AWS, but the database must remain in the on-premises data center for compliance reasons. The database is sensitive to network latency. Additionally, the data that travels between the on-premises data center and AWS must have IPsec encryption. Which combination of AWS solutions will meet these requirements? (Choose two.)

Correct Answer: A. AWS Site-to-Site VPN, B. AWS Direct Connect

Explanation

本题考察混合云架构中连接本地数据中心与AWS的解决方案,结合网络性能与加密要求。AWS文档指出,AWS Site-to-Site VPN(A)通过IPsec加密建立安全隧道,满足加密合规需求。AWS Direct Connect(B)通过专用物理线路连接本地与AWS,降低网络延迟,适用于对延迟敏感的数据库。两者结合时,可通过Direct Connect建立高带宽、低延迟连接,并在其之上叠加VPN实现加密(如使用私有虚拟接口搭配VPN隧道)。其他选项中,VPN CloudHub(C)用于多站点互联,VPC peering(D)仅连接不同VPC,NAT网关(E)处理出站流量,均不满足题干具体要求。