A company has configured and peered two VPCs: VPC-1 and VPC-2. VPC-1 contains only private subnets, and
VPC-2 contains only public subnets. The company uses a single AWS Direct Connect connection and private
virtual interface to connect their on-premises network with VPC-1. Which two methods increases the fault
tolerance of the connection to VPC-1? (Choose two.)
A.
Establish a hardware VPN over the internet between VPC-2 and the on-premises network.
B.
Establish a hardware VPN over the internet between VPC-1 and the on-premises network.
C.
Establish a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2.
D.
Establish a new AWS Direct Connect connection and private virtual interface in a different AWS region than
VPC-1.
E.
Establish a new AWS Direct Connect connection and private virtual interface in the same AWS region as
VPC-1
I would go with B,E.
For reference – https://acloud.guru/forums/aws-certified-solutions-architect-associate/discussion/-KAGb-z4xFenBThr2GFP/direct_connect_fault_tolerance
”
A & C is wrong because the redundant link is connecting to VPC2 and AWS does not support edge to edge routing which means the traffic from your on-premises cannot go to VPC1 via VPC2, the traffic has to go directly from on-premises to VPC1. http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/invalid-peering-configurations.html
D is also wrong because direct connect is a regional service and you cannot reach VPC1 if the direct connect is in a different region.
“
B E
What is the different between B E?
B and E is correct answer
It should be B & E