Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 28 discussion

Correct answer is C, B - you need a public VIF for VPN to VGW, only TGW VPNs can be used with a private VIF. Also, they are supposed to maintain current bandwidth. VPN limits their connection to 1.25Gbps Additional Notes: I am not a big fan of answer C as it assumes the edge router supports macsec.

C is the correct answer. MACSec is a L2 encryption, and best solution to maintain the current bandwidth.

C is the correct answer due you need new DX connections to enable macsec. with macsec you will have throughput required A is wrong since you have cannot public vif with encryption D is wrong since it doesn't make sense to have macsec and ipsec also IPSEC throughput is 1.25Gb/s not 10Gb/s B is wrong due to the throughput is limited by the VPNs and with VPG ecmp is not supported unlike TGW

MACsec (Media Access Control Security) is a standard for securing Ethernet connections at the link layer. It provides encryption for data traffic between the AWS Direct Connect routers and the edge routers in the colocation facility. In this scenario, deploying a new pair of 10 GB Direct Connect connections with MACsec provides encryption for the traffic between AWS and the colocation without changing the existing bandwidth. Configuring MACsec on the edge routers ensures that the traffic is encrypted over the new Direct Connect connections. Option C is the most appropriate solution as it introduces MACsec on dedicated high-speed Direct Connect connections, ensuring security without the need for additional VPNs or significant operational overhead.

I think that it's correct answer is C according to SPOTO products.

I think that it's correcty answer is B.

C. Two pairs of DX is solid enough, S2SVPN adds even more redundancy, at 1.25Gbps max per line (way lesser than 10Gbps needed)

C is correct, VPN connection will limit the BW to 1.25 GBps

Another tricky question. 1) You cannot create a VPN tunnel via Private VIFs 2) The company must maintain its current bandwidth. VPN tunnels max throughput is up to 1.25Gbps. Answer is C All the best.

C is correct

Correct Answer is C - Refer to extracted piece of text from the link shared - "You can use AWS Direct Connect connections that support MACsec to encrypt your data from your on-premises network or collocated device to your chosen AWS Direct Connect point of presence". Link for Reference - https://aws.amazon.com/directconnect/faqs/

C https://docs.aws.amazon.com/directconnect/latest/UserGuide/MACsec.html

This option suggests creating a virtual private gateway and deploying new AWS Site-to-Site VPN connections from on premises to the virtual private gateway. Then, rerouting traffic from the Direct Connect private VIF to the new VPNs. This option requires less operational overhead than option A because it does not require creating a new VIF, but it does require BBB configuring a new VPN connection. This option would also meet the requirement of maintaining the current bandwidth. Please explain your answer of why C?

C - correct.

C - correct.