Learn the best AWS solution to connect an on-premises data center to multiple regions and establish inter-VPC communication in this ANS-C01 certification exam question. Discover how to leverage AWS Direct Connect and transit gateways for seamless network connectivity.
Table of Contents
Question
A company is running business applications on AWS. The company uses 50 AWS accounts, thousands of VPCs, and 3 AWS Regions across the United States and Europe.
A network engineer needs to establish network connectivity between an on-premises data center and the Regions. The network engineer also must establish connectivity between the VPCs. On-premises: users and applications must be able to connect to applications that run in the VPCs.
The company has an existing AWS Direct Connect connection that the network engineer can use. The network engineer creates a transit gateway in each Region and configures the transit gateways as inter-Region peers.
Which solution will provide network connectivity from the on-premises data center to the Regions and will provide inter-VPC communications across the different Regions?
A. Create a private VIF with a gateway type of virtual private gateway. Configure the private VIF to use a virtual private gateway that is associated with one of the VPCs.
B. Create a private VIF to a new Direct Connect gateway. Associate the new Direct Connect gateway with a virtual private gateway in each VPC.
C. Create transit VIF with a gateway association to a new Direct Connect gateway. Associate each transit gateway with the new Direct Connect gateway.
D. Create an AWS Site-to-Site VPN connection that uses a public VIF for the Direct Connect connection. Attach the Site-to-Site VPN connection to the transit gateways.
Answer
C. Create transit VIF with a gateway association to a new Direct Connect gateway. Associate each transit gateway with the new Direct Connect gateway.
Explanation
To provide network connectivity from the on-premises data center to the AWS Regions and enable inter-VPC communications across different Regions, the network engineer should:
- Create a new AWS Direct Connect gateway. This will act as a central hub for the on-premises network to connect to the AWS Regions.
- Create a transit virtual interface (VIF) on the existing Direct Connect connection and associate it with the new Direct Connect gateway. The transit VIF allows the on-premises network to reach the Direct Connect gateway.
- Associate each transit gateway in the different Regions with the Direct Connect gateway. This establishes the connection between the on-premises network and the transit gateways in each Region.
- The transit gateways, which are already configured as inter-Region peers, will provide the necessary connectivity between the VPCs across the different Regions.
By implementing this solution, the on-premises users and applications will be able to connect to the applications running in the VPCs through the Direct Connect gateway and the associated transit gateways. Additionally, the inter-Region peering of the transit gateways will enable communication between the VPCs across the different Regions.
The other options are incorrect because:
A. Creating a private VIF with a virtual private gateway associated with a single VPC will not provide the required connectivity to all VPCs and Regions.
B. Associating a Direct Connect gateway with virtual private gateways in each VPC is not an efficient solution and does not leverage the transit gateways for inter-Region connectivity.
D. Using an AWS Site-to-Site VPN connection with a public VIF is not the most optimal solution when an AWS Direct Connect connection is already available. Moreover, it does not address the inter-Region connectivity requirement.
Amazon AWS Certified Advanced Networking – Specialty ANS-C01 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Advanced Networking – Specialty ANS-C01 exam and earn Amazon AWS Certified Advanced Networking – Specialty ANS-C01 certification.