To follow the new security compliances, your company has hired an external auditor to assess the security perimeter around your SaaS platform. The application, S3 and DynamoDB are running in multiple regions, and the application uses load balancers within each region for high availability. The instances load sensitive configurations from an S3 bucket at the start, and the DynamoDB is used as a primary database. The auditor has advised tightening the security groups and NACLs based on the application requirement and use the private network instead of using the public endpoints to access the AWS services. Your team decided to use the VPC Endpoints as it uses the AWS internal network for all the communication. After a detailed examination, they realize that the data used for the applications also need to be replicated in different regions. Please select three valid options, including the modification for endpoints and objects replications across regions.

Answer options:

A.Configure the DynamoDB Global Tables to replicate the data into multi-regions.
B.Create VPC Endpoints for S3 and DynamoDB.C.Use the NAT Gateway for all the egress communication to these AWS services. 
D.Set up VPC gateway endpoint for S3 and interface endpoint for DynamoDB to communicate with these services over the private AWS network.
E.Use the S3 Cross-Region Replication to save the configurations in the multiple regions.

Correct Answers: A, B, E
Interface endpoints
An interface endpoint is an elastic network interface with a private IP address from the IP address range of your subnet. It serves as an entry point for traffic destined to a supported AWS service or a VPC endpoint service. Interface endpoints are powered by AWS PrivateLink.
Gateway Load Balancer endpoints
A Gateway Load Balancer endpoint is an elastic network interface with a private IP address from the IP address range of your subnet. Gateway Load Balancer endpoints are powered by AWS PrivateLink. This type of endpoint serves as an entry point to intercept traffic and route it to a service that you`ve configured using Gateway Load Balancers, for example, for security inspection.
Gateway endpoints
A gateway endpoint is for the following supported AWS services:
Amazon S3
DynamoDB
You specify a gateway endpoint as a route table target for traffic that is destined for the supported AWS services.
Option A is CORRECT as the DynamoDB Global Tables will create a Multi-Region, Multi-Master database that can be accessed internally from each region.
Option B is CORRECT as creating the VPC Endpoints for services like S3 and DynamoDB will allow the application to use them via the AWS network.
Option C is INCORRECT because NAT gateways are used to communicate with the Internet via a private subnet. This is to secure the private resources like Database and Application servers which do not require and ideally should not have public connectivity.
Option D is INCORRECT because DynamoDB uses the Gateway Endpoint instead of the Interface Endpoint.
Option E is CORRECT because VPC Endpoints are regional points and can not be accessed outside of those regions. To use the endpoints, we need to copy the S3 objects to all the regions from which they will be used. S3 Cross-Region Replication can do this effectively without any manual support.
NOTE:Please read the question as follows
To follow the new security compliance`s your company has hired an external auditor to assess the security perimeter around your SaaS platform.
The application, S3, and DynamoDB are running in multiple regions, and the application uses load balancers within each region for high availability.
The instances load sensitive configurations from an S3 bucket at the start, and the DynamoDB is used as a primary database.
The auditor has advised furthering 
1. tighten the security groups and NACLs based on the application requirement and 
2. use the private network instead of using the public endpoints to access the AWS services. 
Your team decided to use the VPC Endpoints as it uses the AWS internal network for all the communication. 
After a detailed examination, they realize that the data used for the applications also need to be replicated in different regions.
Please select three valid options, including the modification for endpoints and objects replications across regions.
Reference:
https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html