A solutions architect must connect the corporate network to a VPC so on-premises systems can access AWS resources. The solution must encrypt all traffic between the corporate network and the VPC at the network and session layers, and must enforce security controls to prevent unrestricted access. Which solution meets these requirements?
Choose an answer
Tap an option to check your answer.
Correct answer: Configure AWS Site-to-Site VPN to connect to the VPC. Configure route table entries to direct traffic from on premises to the VPC. Configure instance security groups and network ACLs to allow only required traffic from on premises..
Why this is the answer
AWS Site-to-Site VPN encrypts traffic at the network and session layers, fulfilling the encryption requirement. Route table entries direct traffic, and security groups/network ACLs enforce security controls by allowing only required traffic, preventing unrestricted access. AWS Direct Connect provides a dedicated private connection but doesn't inherently encrypt traffic at the network/session layers; encryption would require an additional VPN over Direct Connect. IAM policies control access to the AWS Management Console and services, not network connectivity or traffic encryption between on-premises and a VPC. AWS Transit Gateway facilitates network connectivity between multiple VPCs and on-premises networks but doesn't inherently provide the required encryption; it would typically be used in conjunction with a VPN.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed