Question #900
Which AWS services or features can be used to establish a secure and dedicated network connection between on-premises infrastructure and an Amazon VPC? (Choose two.)
AWS VPN
NAT Gateway
AWS Direct Connect
Amazon S3
AWS Transit Gateway
Explanation
The correct answers are A (AWS VPN) and C (AWS Direct Connect).
Why A and C are correct:
- AWS VPN creates a secure, encrypted Site-to-Site VPN tunnel over the public internet, connecting on-premises networks to a VPC.
- AWS Direct Connect establishes a dedicated, private network connection between on-premises infrastructure and AWS, offering consistent bandwidth and reduced latency compared to VPN.
Why other options are incorrect:
- B (NAT Gateway): Enables outbound internet access for private subnets but does not facilitate on-premises-to-VPC connectivity.
- D (Amazon S3): A storage service unrelated to network connectivity.
- E (AWS Transit Gateway): Manages connectivity between multiple VPCs and on-premises networks but does not inherently establish the connection itself.
Key Points:
- Use AWS VPN for cost-effective, internet-based secure connections.
- Use AWS Direct Connect for high-throughput, low-latency dedicated connections.
- NAT Gateway, S3, and Transit Gateway serve different purposes unrelated to direct on-premises-to-VPC connectivity.
Answer
The correct answer is: AC