Which TWO of the following are valid ways to encrypt data in transit between an on-premises data center and an Amazon VPC? (Choose two.)
Site-to-Site VPN uses IPSec to encrypt traffic between on-premises and VPC.
Why this answer
Options A and C are correct. AWS Site-to-Site VPN creates an IPSec tunnel, encrypting all traffic. AWS Direct Connect can be combined with a VPN over the connection to encrypt traffic.
Option B is incorrect because Direct Connect alone does not provide encryption. Option D is incorrect because VPC peering does not encrypt traffic. Option E is incorrect because internet gateway does not encrypt traffic.