Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 115 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 115
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company is moving its record-keeping application to the AWS Cloud. All traffic between the company's on-premises data center and AWS must be encrypted at all times and at every transit device during the migration.

The application will reside across multiple Availability Zones in a single AWS Region. The application will use existing 10 Gbps AWS Direct Connect dedicated connections with a MACsec capable port. A network engineer must ensure that the Direct Connect connection is secured accordingly at every transit device.

The network engineer creates a Connection Key Name and Connectivity Association Key (CKN/CAK) pair for the MACsec secret key.

Which combination of additional steps should the network engineer take to meet the requirements? (Choose two.)

  • A. Configure the on-premises router with the MACsec secret key.
  • B. Update the connection's MACsec encryption mode to must_encrypt. Then associate the CKN/CAK pair with the connection.
  • C. Update the connection's MACsec encryption mode to should encrypt. Then associate the CKN/CAK pair with the connection.
  • D. Associate the CKN/CAK pair with the connection. Then update the connection's MACsec encryption mode to must_encrypt.
  • E. Associate the CKN/CAK pair with the connection. Then update the connection’s MACsec encryption mode to should_encrypt.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by Balasmaniam at June 9, 2023, 12:14 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
lygf
Highly Voted 1 year, 4 months ago
Selected Answer: AD
According to AWS, you need to do the following 4 steps in order. 1. Create a new connection with MACsec support 2. Associate the CKN/CAK with the connection 3. Verify the connection status 4. Migrate traffic to new connection as appropriate When you first create the DX connection, the default encryption mode is should encrypt. You need to update it to must encrypt in step 3. There's no way to specify that during the creation of DX. https://aws.amazon.com/blogs/networking-and-content-delivery/adding-macsec-security-to-aws-direct-connect-connections/
upvoted 12 times
...
JoellaLi
Most Recent 7 months, 2 weeks ago
You cannot modify a MACsec secret key after you associate it with a connection. If you need to modify the key, disassociate the key from the connection, and then associate a new key with the connection. https://aws.amazon.com/blogs/networking-and-content-delivery/adding-macsec-security-to-aws-direct-connect-connections/
upvoted 2 times
arturogomezb
4 months, 2 weeks ago
But you can change the encryption mode https://docs.aws.amazon.com/directconnect/latest/UserGuide/updateconnection.html
upvoted 2 times
...
...
MohamedSherif1
1 year, 2 months ago
Selected Answer: AD
The default value for the encryption mode is “should_encrypt”, and this can be changed using the new DirectConnect API UpdateConnection.
upvoted 1 times
...
norimune
1 year, 4 months ago
Selected Answer: AB
Update the MACsec encryption mode before binding.
upvoted 3 times
Spaurito
5 days, 5 hours ago
Agree, the key was created. You then have to update the mode and associate the key.
upvoted 1 times
...
...
Balasmaniam
1 year, 5 months ago
Selected Answer: AD
docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-mac-sec-getting-started.html
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel