nerdexam
ExamsANS-C01Questions#252
AmazonAmazon

ANS-C01 · Question #252

ANS-C01 Question #252: Real Exam Question with Answer & Explanation

The correct answer is C: Provision two AWS Direct Connect connections from two Direct Connect locations that serve us-. To establish secure hybrid connectivity from two on-premises data centers to multiple VPCs across two AWS Regions, both AWS Direct Connect and AWS Site-to-Site VPN via a Transit Gateway are suitable options.

Submitted by paula_co· Mar 6, 2026Network Design

Question

A retail company is migrating its on-premises application to the AWS Cloud. Currently, the company has two on-premises data center locations. One data center is on the east coast of the United States, and one data center is on the west coast. Each data center hosts four database systems. The largest database system stores 500 GB of data. The data centers are interconnected by two 10 GbE circuits for data synchronization. Each data center has two separate 1 GbE upstream internet connections. The company plans to have eight total VPCs to service its multiple business units. Four VPCs will be in the us-east-1 Region, and four will be in the us-west-2 Region. A network engineer needs to design a connectivity solution that allows VPC-to-VPC connectivity. The solution must also allow secure connections between the on-premises data centers and AWS during the migration process. The company expects spikes in traffic among the VPCs during database synchronization. The company wants to run the migration plan during one weekend and as soon as technically possible. The company also wants to minimize long-term operational and human resources costs. Which combination of steps will meet these requirements? (Choose two.)

Options

  • ADeploy one transit gateway and attach all VPCs to it. Update the transit gateway and VPC route
  • BConfigure VPC peering between all the VPCs. Update the VPC route tables to allow connectivity.
  • CProvision two AWS Direct Connect connections from two Direct Connect locations that serve us-
  • DProvision one transit gateway VPN attachment for each data center to build connectivity between
  • EProvision one AWS Site-to-Site VPN connection for each data center and for each VPC to build

Explanation

To establish secure hybrid connectivity from two on-premises data centers to multiple VPCs across two AWS Regions, both AWS Direct Connect and AWS Site-to-Site VPN via a Transit Gateway are suitable options.

Common mistakes.

  • A. While deploying a Transit Gateway and attaching all VPCs provides scalable VPC-to-VPC connectivity, this option does not directly address the requirement for secure connectivity from on-premises data centers to AWS.
  • B. VPC peering is not scalable for 8 VPCs across two regions due to its mesh-like nature and lack of transitive routing, which would require a complex setup for full VPC-to-VPC connectivity.
  • E. Provisioning an AWS Site-to-Site VPN for each data center and for each VPC would result in a complex, unmanageable, and non-scalable mesh of VPN connections, rather than leveraging a centralized hub.

Concept tested. On-premises to AWS Hybrid Connectivity Solutions

Reference. https://docs.aws.amazon.com/whitepapers/latest/aws-hybrid-cloud-connectivity/aws-direct-connect.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full ANS-C01 PracticeBrowse All ANS-C01 Questions