Logo
AWS Certified Solutions Architect - Professional / Question #957 of 529

Question #957

To comply with strict data sovereignty laws, a solutions architect must design a storage solution for a company's sensitive data across multiple AWS Regions, including in Europe, where the company's primary data center is located. The solution must enable access to the data from the company's global branch offices via their private WAN, with the requirement that no traffic passes over the public internet. The architecture must ensure high availability and cost efficiency.

How should the solutions architect design this solution?

A

Deploy AWS Direct Connect connections from the primary data center to all AWS Regions. Route global branch office traffic through the primary data center's Direct Connect connections via the WAN.
B

Configure two AWS Direct Connect connections from the primary data center to one AWS Region. Use the WAN to route traffic through the Direct Connect connections and establish inter-region VPN tunnels to access data in other Regions.
C

Implement two AWS Direct Connect connections to one AWS Region, route WAN traffic through Direct Connect, and use AWS Transit Gateway to interconnect resources across all Regions.
D

Set up two AWS Direct Connect connections to one AWS Region, route WAN traffic through Direct Connect, and utilize AWS Direct Connect Gateway to enable access to data in all other Regions.

Explanation

Answer D is correct because AWS Direct Connect Gateway enables a single Direct Connect connection to access resources across multiple AWS Regions. By setting up two Direct Connect connections (for high availability) to one AWS Region and using the Direct Connect Gateway, global branch offices can access data in all Regions via the private WAN without public internet traffic. This design meets data sovereignty requirements, avoids costly multiple Direct Connect deployments (as in Option A), and eliminates VPN-based inter-region tunnels (Option B, which uses public internet). While Option C uses Transit Gateway for inter-region connectivity, it would require additional routing complexity compared to Direct Connect Gateway, which natively supports multi-Region access through a single connection. Key points: Direct Connect Gateway simplifies multi-Region access, ensures no public internet traffic, and maintains cost efficiency with high availability.

Answer

The correct answer is: D