Which approach will meet these requirements?

A company is running a tone-of-business (LOB) application on AWS to support its users. The application runs in one VPC. with a backup copy in a second VPC in a different AWS Region for disaster recovery. The company has a single AWS Direct Connect connection between its on-premises network and AWS. The connection terminates at a Direct Connect gateway

All access to the application must originate from the company’s on-premises network, and traffic must be encrypted in transit through the use of Psec. The company is routing traffic through a VPN tunnel over the Direct Connect connection to provide the required encryption.

A business continuity audit determines that the Direct Connect connection represents a potential single point of failure for access to the application. The company needs to remediate this issue as quickly as possible.

Which approach will meet these requirements?
A . Order a second Direct Connect connection to a different Direct Connect location. Terminate the second Direct Connect connection at the same Direct Connect gateway.
B . Configure an AWS Site-to-Site VPN connection over the internet Terminate the VPN connection at a virtual private gateway in the secondary Region
C . Create a transit gateway Attach the VPCs to the transit gateway, and connect the transit gateway to the Direct Connect gateway Configure an AWS Site-to-Site VPN connection, and terminate it at the transit gateway
D . Create a transit gateway. Attach the VPCs to the transit gateway, and connect the transit gateway to the Direct Connect gateway. Order a second Direct Connect connection, and terminate it at the transit gateway.

View Answer

Answer: B

Explanation:

This approach quickly solves the problem of single points of failure by establishing a Site-to-Site VPN connection over the Internet as a redundant path to a direct connection. This way, if there is an issue with the direct connection, the company can still securely access the application through the VPN connection, ensuring business continuity. The VPN connection provides the IPsec encryption required to meet the requirement that all access must go through the company’s internal network and that the data is encrypted in transit.