A company hosts a legacy application that runs on an Amazon EC2 instance inside a VPC without internet access. Users access the application with a desktop program installed on their corporate laptops. Communication between the laptops and the VPC flows through AWS Direct Connect (DX). A new requirement states that all data in transit must be encrypted between users and the VPC.
Which strategy should a solutions architect use to maintain consistent network performance while meeting this new requirement?

A. Create a client VPN endpoint and configure the laptops to use an AWS client VPN to connect to the VPC over the internet.

B. Create a new public virtual interface for the existing DX connection, and create a new VPN that connects to the VPC over the DX public virtual interface.

C. Create a new Site-to-Site VPN that connects to the VPC over the internet.

D. Create a new private virtual interface for the existing DX connection, and create a new VPN that connects to the VPC over the DX private virtual interface.








 

Suggested Answer: D

Community Answer: B




This question is in SAP-C01 AWS Certified Solutions Architect – Professional Exam
For getting AWS Certified Solutions Architect – Professional Certificate



Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.