Q396.A company runs an application in Amazon VPC. The application requires that all traffic to three different third-party networks be encrypted. The network traffic between the application and the third-party networks is expected to be no more than 500 Mbps for each connection. To facilitate network connectivity a solutions architect has created a transit gateway and attached the application VPC.Which set of actions should the solutions architect perform to complete the solution while MINIMIZING costs?
A.Use AWS Certificate Manager (ACM) to generate three public/private key pairs. Install the private keys on a public -facing Application Load Balancer正确答案A
(ALB). Have each third-party network connect to the ALB using HTTPSITLS. Update the transit gateway route table to route traffic between the application and the third-party networks through the ALB. B.Create an AWS Direct Connect connection between each third-party network and a Direct Connect gateway. Associate the Direct Connect gateway with the transit gateway. Encrypt the Direct Connect connection with each third-party network using a different encryption key. C.Use AWS Marketplace to deploy three different public-facing Amazon EC2 instances running software VPN appliances.Establish VPN connections between each appliance and the third-party networks. Update the transit gateway route table to send encrypted traffic to each third-party network using the appropriate VPN appliance. D.Create a transit gateway VPN attachment to each third-party network. Use separate preshared keys for each VPNattachment. Share those keys with the third- party networks. Update the transit gateway route table by creating a separate route to each third-party network using the appropriate transit gateway attachment.
