Free Amazon ANS-C01 Actual Exam Questions - Question 9 Discussion
customer base to the United States (US). The company is targeting the western US for the expansion.
The company’s existing AWS architecture consists of four AWS accounts with multiple VPCs deployed
in the ap-southeast-2 Region. All VPCs are attached to a transit gateway in ap-southeast-2. There are
dedicated VPCs for each application service. The company also has VPCs for centralized security
features such as proxies, firewalls, and logging.
The company plans to duplicate the infrastructure from ap-southeast-2 to the us-west-1 Region. A
network engineer must establish connectivity between the various applications in the two Regions.
The solution must maximize bandwidth, minimize latency and minimize operational overhead.
Which solution will meet these requirements?
B imo—transit gateway peering between regions is designed for exactly this kind of scenario. It provides high bandwidth, low latency connections optimized by AWS, and it keeps your architecture clean without managing extra VPNs or servers. Plus, since the company already uses transit gateways in ap-southeast-2, extending that setup with peering in us-west-1 makes sense. Option A’s VPN attachments would work but usually add extra latency and complexity with BGP sessions over VPN tunnels. Definitely better to avoid that if direct peering is supported and available.
A/B? Peering (B) is usually better for latency and bandwidth than VPN (A), but if peering isn’t supported or set up yet between these regions, VPN (A) is a reliable fallback. D’s definitely out since cross-region VPC attachments aren’t possible.
Option B seems solid since peering transit gateways supports high bandwidth and low latency between regions, while also keeping management simple. VPN attachments (A) might add latency and overhead compared to peering.
A/B? I’m ruling out D since you can’t attach VPCs from one region to a transit gateway in another region, so that’s not viable. C seems too manual and adds operational overhead with VPN servers to manage. Between A and B, peering transit gateways directly (B) is usually better for latency and bandwidth than VPN attachments (A), which could add encryption overhead and reduce throughput, even if they use BGP. So I’d think B edges out A for performance and simplicity here.
D imo, attaching VPCs cross-region to one transit gateway isn’t supported anyway.
Probably B, since peering transit gateways provides direct region-to-region traffic without extra hops.
It’s B. Transit gateway peering is designed for inter-region connectivity with low latency and high bandwidth, plus it keeps management simple compared to VPNs or cross-region attachments.
VPNs tend to add latency and overhead, so I’d drop A and C. Attaching us-west-1 VPCs directly to ap-southeast-2 transit gateway sounds complex and costly. B seems cleaner with peering two transit gateways. So B.