A company has a set of VPCs defined in AWS. They need to connect this to their on-premises network. They need to ensure that all data is encrypted in transit. Which of the following would you use to connect the VPCs to the on-premises networks?

Answer options:

A.VPC Peering
B.VPN connections
C.AWS Direct Connect
D.Placement Groups

Answer – B
The AWS Documentation mentions the following.
By default, instances that you launch into an Amazon VPC can`t communicate with your own (remote) network. You can enable access to your remote network from your VPC by attaching a virtual private gateway to the VPC, creating a custom route table, updating your security group rules, and creating an AWS managed VPN connection.
VPN connection encrypts the traffic, whereas Direct Connect does not encrypt your traffic that is in transit. To encrypt the data in transit that traverses AWS Direct Connect, you must use the transit encryption options for that service.
Option A is incorrect because this is used to connect multiple VPCs together.
Option C is incorrect because this does not encrypt traffic in connections between AWS VPCs and the On-premises network.
Option D is incorrect because this is used for low latency access between EC2 Instances.
For more information on AWS VPN connections and Direct Connect, please visit the below URLs-
https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html#concepts
https://docs.aws.amazon.com/directconnect/latest/UserGuide/encryption-in-transit.html