Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 18 discussion

C https://docs.aws.amazon.com/directconnect/latest/UserGuide/MACsec.html

C is correct, highest bps plus encryption

I really hope not find some question like that, because I only can see mistakes. Macsec is used on L2L using layer 02 or direct connection (collocation feat AWS), like clear channel circuit, because you can see another mac address. But if you're using MPLS connection by AWS partner, it's not possible to use it. You can use VPN over DX, and you'll not suffer with latency or throughput, but it's necessary to use a virtual private gateway. https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-site-to-site-vpn.html Related: AWS Direct Connect and AWS Site-to-Site VPN

C is the correct answer here. MACSec at L2 provides highest throughput when compared to IPSEC VPN tunnels.

I think that it's correct answer is C according to SPOTO products.

I think that it's correct answer is C according to SPOTO products.

I think that it's correcty answer is C.

C as it says "Highest" throughtput, anything with VPN is limited to 1,25Gbps per tunnel

Options A and D are wrong because involvement of using VPN which can add admin overhead Option B IPsec VPN connection + third-party VPN software not as performant as MACsec-encrypted connection directly on the Direct Connect link.

For sure C

Option C is the solution that will provide the highest throughput while meeting the requirement for an encrypted path between the on-premises data center and the AWS Cloud. Here's why: MACsec (Media Access Control Security): MACsec provides a layer 2 encryption mechanism, encrypting the entire Ethernet frame between the on-premises data center and the AWS Cloud. It offers high throughput while encrypting the data at the link layer. Transit VIF and Direct Connect Gateway: By configuring a transit VIF on the Direct Connect connection, you can connect it directly to a Direct Connect gateway associated with the transit gateway. This architecture allows you to efficiently route traffic to multiple VPCs attached to the transit gateway. Option D: While using AWS Site-to-Site VPN connections with ECMP routing can provide redundancy, it may not offer the highest throughput compared to MACsec over a dedicated 10 Gbps Direct Connect connection.

C because VPN's throughput is far lower than DX. We should not use VPN to achieve HIGHEST throughput

C is correct, highest bps plus encryption

Macsec does not extend until TGW its point to point, its would be only until the AWS DX router. Tricky one im more inclined to D

MacSEC always provide more throughput than two IPsec tunnels that will reach only 1.5Gb each

is Correct

Does MACSec work with Transit VIF is the key here.