AWS Certified Solutions Architect - Professional

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Establish a static AWS Site-to-Site VPN as a secondary path to secure data in transit and to provide resilience for the Direct Connect connection.

The correct answer is D because adding a static AWS Site-to-Site VPN as a secondary path provides a cost-effective solution for ensuring high availability and fault tolerance. A VPN connection can serve as a failover mechanism for the Direct Connect connection, thereby ensuring uninterrupted connectivity. Additionally, this approach secures data in transit, which addresses the security requirement. Options A and B involve more complex and potentially more expensive configurations with MACsec. Option C suggests load balancing with multiple VIFs, but it does not address the need for a cost-effective secondary path to secure data in transit.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Establish a static AWS Site-to-Site VPN as a secondary path to secure data in transit and to provide resilience for the Direct Connect connection.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company is designing an AWS environment for a manufacturing application that has seen a significant increase in its user base. The company has established a 1 Gbps AWS Direct Connect connection between their AWS environment and their on-premises data center, with BGP configured for this connection. To enhance the network connectivity solution, the company requires a highly available, fault-tolerant, and secure solution that is also cost-effective. Which of the following solutions would best meet these requirements?

Exam-Like

Last updated: January 9, 2026 at 14:03

Implement a dynamic private IP AWS Site-to-Site VPN as a secondary path to secure data in transit and provide resilience for the Direct Connect connection, while also configuring MACsec to encrypt traffic within the Direct Connect connection.

42.9%

Set up an additional Direct Connect connection between the company's on-premises data center and AWS to boost transfer speeds and provide resilience, with MACsec configured to encrypt traffic within the Direct Connect connection.

14.3%

Configure multiple private VIFs (Virtual Interface) and load balance data across these VIFs between the on-premises data center and AWS to ensure resilience.

Establish a static AWS Site-to-Site VPN as a secondary path to secure data in transit and to provide resilience for the Direct Connect connection.

42.9%