Exam AWS Certified Solutions Architect - Professional topic 1 question 548 discussion

D. Why almost everyone chose B. B is clearly wrong. Check below. "You cannot associate a virtual private gateway with more than one Direct Connect gateway" in https://docs.aws.amazon.com/directconnect/latest/UserGuide/virtualgateways.html

My answer is B - 2 DX connection to on-prem provides more reliable connectivity between AWS and data center https://aws.amazon.com/answers/networking/aws-multiple-data-center-ha-network-connectivity/ A - The ask is, Which design would provide a "reliable connection" to the backend API? not to re-design the backend implementation for High Availability. C - 2 DX connections from the same provider create a single point of failure D - VPN over the public internet is generally less reliable than a dedicated DX connection.

pls they said "reliable connection" so it's B not D

Im going B as there is no mention of secure

A VPN+DX is common because it is cheap, but it is not as reliable as two DX (add CGW hardware and different routing paths and it's messy). Two DX can be connected to one VGW.

Maybe the Question is not exactly. "a secure connection " => D maybe almost matching. But why we need VPN over internet while we have Direct Connect lol

The question is about security, hence VPN connection is needed and it is D

It's D.

Which architecture would be most likely to establish a secure connection to the backend API? - Did i miss anything here? i thought the question is about security

here is the correct link https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-vpn.html

I believe Answer should be D but its not worded correctly. Basically we can enable IPSec VPN on existing DX connection using Public VIF of DX to establish secure communication between AWS and On-Prem as the link below https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-aws-transit-gateway-vpn.html

Not A: thats HA. Not B: You cannot associate a virtual private gateway with more than one Direct Connect gateway and you cannot attach a private virtual interface to more than one Direct Connect gateway. C: same-same, so not dependable. D: provides secure and diverse route. So D is the answer

I would go for D

D: For a secure connection B: For a redundancy

"content and dependable" connection. It's definitively B. For encryption in transit via Direct Connect in case of REST the one could use HTTPS

Answer is D B is for redundancy question asked SECURE, which a VPN offers since it encrypts the networl

when its DX, it's secure by default because it's not internet comparatively - question also says as first condition " The application needs constant and dependable communication between its AWS application servers and a backend REST API housed on-premises." so its B people are saying Direct connect gateway I agree not mentioned answer so no question and normal DX will connect 2 connection on VPG as below https://aws.amazon.com/directconnect/resiliency-recommendation/?nc=sn&loc=4&dn=2 if anyone want to see a direct connect gateway, please see below URL https://www.stax.io/changelog/2020-10-06-new-direct-connect-functionality-for-stax-networks/