Answer: Provision an AWS Direct Connect connection to a Region. Provision a VPN connection as a backup if the primary Direct Connect connection fails.

## Explanation **Correct Answer: A** **Why Option A is correct:** 1. **Direct Connect for primary connection**: AWS Direct Connect provides dedicated, low-latency, high-bandwidth network connections between on-premises infrastructure and AWS. This meets the requirement for "consistent low latency" and "highly available connection." 2. **VPN as backup**: Using a VPN connection as a backup is cost-effective compared to provisioning a second Direct Connect connection. While VPN connections have higher latency and lower bandwidth, they are acceptable as a backup solution when the company is "willing to accept slower traffic if the primary connection fails." 3. **Cost minimization**: This approach minimizes costs by avoiding the expense of a second Direct Connect connection while still providing redundancy. **Why other options are incorrect:** **Option B**: VPN connections alone don't provide the consistent low latency required. VPN connections over the public internet are subject to variable latency and bandwidth constraints. **Option C**: While this provides high availability with two Direct Connect connections, it doesn't minimize costs as required. A second Direct Connect connection is significantly more expensive than a VPN backup. **Option D**: There is no "Direct Connect failover attribute" in the AWS CLI that automatically creates backup connections. This is not a valid AWS feature. **Key AWS Services:** - **AWS Direct Connect**: Dedicated network connection from on-premises to AWS - **AWS Site-to-Site VPN**: Encrypted VPN connection over the public internet **Best Practice**: For hybrid architectures requiring high availability with cost optimization, use Direct Connect as the primary connection with VPN backup. This provides the best balance of performance, reliability, and cost-effectiveness.

Author: LeetQuiz Editorial Team