Answer-first summary for fast verification
Answer: Add a second set of VPNs to the Management VPC from a second customer gateway device.
## Detailed Explanation Let's analyze the architecture and identify single points of failure: ### Current Architecture: 1. **Management VPC**: - Uses VPNs through a **single customer gateway device** in the data center - This is a single point of failure - if the customer gateway device fails, the Management VPC loses connectivity to the data center 2. **Production VPC**: - Uses a virtual private gateway with **two attached AWS Direct Connect connections** - This already has redundancy with two Direct Connect connections 3. **VPC Peering**: - Single VPC peering connection between Management and Production VPCs - VPC peering connections are inherently redundant and highly available within AWS infrastructure ### Analysis of Options: **A. Add a set of VPNs between the Management and Production VPCs.** - This doesn't address the actual single point of failure (the single customer gateway device) - It adds unnecessary complexity without solving the redundancy issue **B. Add a second virtual private gateway and attach it to the Management VPC.** - The Management VPC uses VPNs, not a virtual private gateway - This doesn't address the single customer gateway device issue **C. Add a second set of VPNs to the Management VPC from a second customer gateway device.** - **CORRECT**: This directly addresses the single point of failure - Adds redundancy by introducing a second customer gateway device - Provides failover capability if the primary customer gateway device fails - Follows AWS best practices for high availability **D. Add a second VPC peering connection between the Management VPC and the Production VPC.** - VPC peering connections are already highly available within AWS - AWS doesn't support multiple peering connections between the same two VPCs - This doesn't address the actual single point of failure ### Key Points: - The main single point of failure is the **single customer gateway device** in the Management VPC's VPN connection - AWS Direct Connect connections in the Production VPC already have redundancy (two connections) - VPC peering is inherently redundant within AWS infrastructure - The solution must provide redundancy at the customer gateway level for the Management VPC's VPN connection **Best Practice**: For mission-critical VPN connections, AWS recommends using multiple customer gateway devices with separate VPN tunnels to ensure high availability and eliminate single points of failure.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company has two VPCs named Management and Production. The Management VPC uses VPNs through a customer gateway to connect to a single device in the data center. The Production VPC uses a virtual private gateway with two attached AWS Direct Connect connections. The Management and Production VPCs both use a single VPC peering connection to allow communication between the applications.
What should a solutions architect do to mitigate any single point of failure in this architecture?
A
Add a set of VPNs between the Management and Production VPCs.
B
Add a second virtual private gateway and attach it to the Management VPC.
C
Add a second set of VPNs to the Management VPC from a second customer gateway device.
D
Add a second VPC peering connection between the Management VPC and the Production VPC.