Q10 — AWS SCS-C02 Ch.1
Question 10 of 100 | ← Chapter 1
A company is migrating one of its legacy systems from an on-premises data center to AWS. The application server will run on AWS, but the database must remain in the on-premises data center for compliance reasons. The database is sensitive to network latency. Additionally, the data that travels between the on-premises data center and AWS must have IPsec encryption. Which combination of AWS solutions will meet these requirements? (Choose two.)
- A. AWS Site-to-Site VPN ✓
- B. AWS Direct Connect ✓
- C. AWS VPN CloudHub
- D. VPC peering
- E. NAT gateway
Correct Answer: A. AWS Site-to-Site VPN, B. AWS Direct Connect
Explanation
本题考察混合云架构中连接本地数据中心与AWS的解决方案,结合网络性能与加密要求。AWS文档指出,AWS Site-to-Site VPN(A)通过IPsec加密建立安全隧道,满足加密合规需求。AWS Direct Connect(B)通过专用物理线路连接本地与AWS,降低网络延迟,适用于对延迟敏感的数据库。两者结合时,可通过Direct Connect建立高带宽、低延迟连接,并在其之上叠加VPN实现加密(如使用私有虚拟接口搭配VPN隧道)。其他选项中,VPN CloudHub(C)用于多站点互联,VPC peering(D)仅连接不同VPC,NAT网关(E)处理出站流量,均不满足题干具体要求。