Answer-first summary for fast verification
Answer: Deploy an IPsec VPN connection between the corporate network and a new transit gateway. Connect all VPCs to the transit gateway. Associate the approved firewall with the transit gateway.
To meet the requirements of centrally filtering traffic with an approved firewall, enabling all VPCs to connect to each other, and ensuring a minimum bandwidth requirement of 2 Gbps between AWS and the corporate network, the most suitable solution is to use AWS Transit Gateway. This service simplifies network architecture by enabling users to connect their VPCs and on-premises networks through a central hub. Option A is the correct choice because it suggests deploying an IPsec VPN connection between the corporate network and a new transit gateway, connecting all VPCs to the transit gateway, and associating the approved firewall with the transit gateway. This approach not only meets the bandwidth requirement through the use of an IPsec VPN but also allows for centralized traffic filtering and inter-VPC connectivity. Options B, C, and D involve more complex setups with AWS Direct Connect and do not as straightforwardly meet the requirement for a minimum bandwidth of 2 Gbps or as efficiently enable centralized traffic filtering and inter-VPC connectivity as Option A does.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A network engineer is designing a hybrid network to connect a company's corporate network to its AWS environment, which includes 30 VPCs across 3 AWS Regions. The engineer must implement a solution that allows centralized traffic filtering using an approved firewall, enables inter-VPC connectivity, and ensures a minimum bandwidth of 2 Gbps for connectivity between AWS and the corporate network. Which solution meets these requirements?
A
Deploy an IPsec VPN connection between the corporate network and a new transit gateway. Connect all VPCs to the transit gateway. Associate the approved firewall with the transit gateway.
B
Deploy a single 10 Gbps AWS Direct Connect connection between the corporate network and virtual private gateway of each VPC. Connect the virtual private gateways to a Direct Connect gateway. Build an IPsec tunnel to a new transit VPC. Deploy the approved firewall to the transit VPC.
C
Deploy two 1 Gbps AWS Direct Connect connections in different Direct Connect locations to connect to the corporate network. Build a transit VIF on each connection to a Direct Connect gateway. Associate the Direct Connect gateway with a new transit gateway for each Region. Configure the VIFs to use equal-cost multipath (ECMP) routing. Connect all the VPCs in the three Regions to the transit gateway. Configure the transit gateway route table to route traffic to an inspection VPDeploy the approved firewall to the inspection VPC.
D
Deploy four 1 Gbps AWS Direct Connect connections in different Direct Connect locations to connect to the corporate network. Build a transit VIF on each connection to a Direct Connect gateway. Associate the Direct Connect gateway with a new transit gateway for each Region. Connect the transit gateways by using a transit gateway peering attachment. Configure the VIFs to use equal-cost multipath (ECMP) routing. Configure transit gateway route tables to route traffic to an inspection VPC. Deploy the approved firewall to the inspection VPC.