ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 906 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 906
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company wants to use a hybrid cloud architecture between an on-premises data center and AWS. The company already has deployed a multi-account structure in AWS Organizations while following the AWS Well-Architected Framework.
Due to strict security requirements, connectivity between the data center and AWS must be encrypted in transit. Only a single entry point into AWS is permitted from the data center. The data center must be able to access all the AWS accounts.
Which solution meets these requirements?

  • A. Connect the AWS accounts with AWS Transit Gateway. Establish an AWS Site-to-Site VPN connection with the data center, and attach the connection to the transit gateway. Route traffic from the data center to all AWS accounts.
  • B. Connect the AWS accounts with VPC peering. Establish an AWS Site-to-Site VPN connection with the data center. Route traffic from the data center to all AWS accounts.
  • C. Connect the AWS accounts with VPC peering. Establish an AWS Direct Connect connection to the closest AWS Region. Route traffic from the data center to all AWS accounts.
  • D. Connect the AWS accounts with AWS Transit Gateway. Establish an AWS Direct Connect connection to the closest AWS Region, and attach the connection to the transit gateway. Route traffic from the data center to all AWS accounts.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by RVD at Sept. 2, 2022, 8:23 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AwsBRFan
Highly Voted 2 years, 8 months ago
Selected Answer: A
A. https://docs.aws.amazon.com/directconnect/latest/UserGuide/encryption-in-transit.html
upvoted 6 times
...
devilman222
Most Recent 8 months, 3 weeks ago
Selected Answer: A
traffic goes from on prem -> direct connect -> transit gateway and then the transit gateway routing tables decide on account D is wrong. If its marked as the correct answer, good chance its wrong for exam topics.
upvoted 2 times
...
WhyIronMan
9 months, 4 weeks ago
Selected Answer: A
A) as need encryption and it is not mention in D) as direct connect uses no encryption by default
upvoted 1 times
...
zdlt
2 years, 6 months ago
Selected Answer: A Because of transit encryption, site to site vpn (using IPSec) should be created instead of direct connect, mentioned in D
upvoted 1 times
...
ToanVN1988
2 years, 6 months ago
Selected Answer: A
A or D but need to encrypt in transit . Directconnect not correct. Answer is A
upvoted 2 times
...
rajvee
2 years, 8 months ago
A. 1. For the transit to be encrypted, Site to Site VPN is required i.e. IPSec. 2. For the single point of entry from DC, only Transit GW will work. Because VPC Peering does not allow traffic to transit i.e. https://docs.aws.amazon.com/vpc/latest/peering/invalid-peering-configurations.html
upvoted 2 times
...
pixepe
2 years, 8 months ago
Answer - A. Requirement - "connectivity between the data center and AWS must be encrypted in transit" means it's VPN. VPN: "VPN connections use IPsec to establish encrypted network connectivity between your intranet and an Amazon VPC over the public internet." Direct connect: By DEFAULT traffic is unencrypted. Of course, we can encrypt by additional step, but it's NOT mentioned in answer-D. Hence, correct answer is A.
upvoted 2 times
...
Rocketeer
2 years, 8 months ago
VPN goes through internet and hence need encryption. DX is direct connection from on-prem to AWS. Using https provided the needed encryption. My answer is D
upvoted 1 times
...
RVD
2 years, 8 months ago
Selected Answer: A
Encryption in transit is possible by ipsec not DX
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago