ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 139 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 139
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has an AWS environment that includes multiple VPCs that are connected by a transit gateway. The company has decided to use AWS Site-to-Site VPN to establish connectivity between its on-premises network and its AWS environment.

The company does not have a static public IP address for its on-premises network. A network engineer must implement a solution to initiate the VPN connection on the AWS side of the connection for traffic from the AWS environment to the on-premises network.

Which combination of steps should the network engineer take to establish VPN connectivity between the transit gateway and the on-premises network? (Choose three.)

  • A. Configure the Site-to-Site VPN tunnel options to use Internet Key Exchange version 1 (IKEv1).
  • B. Configure the Site-to-Site VPN tunnel options to use Internet Key Exchange version 2 (IKEv2).
  • C. Use a private certificate authority (CA) from AWS Private Certificate Authority to create a certificate.
  • D. Use a public certificate authority (CA) from AWS Private Certificate Authority to create a certificate.
  • E. Create a customer gateway. Specify the current dynamic IP address of the customer gateway device’s external interface.
  • F. Create a customer gateway without specifying the IP address of the customer gateway device.
Show Suggested Answer Hide Answer
Suggested Answer: BCF 🗳️
by Pratap at June 9, 2023, 2:53 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Neo00
Highly Voted 1 year, 5 months ago
For people who said F is wrong, please read this 'An IP address is not required when you are using a private certificate from AWS Private Certificate Authority.' https://docs.aws.amazon.com/vpn/latest/s2svpn/cgw-options.html
upvoted 11 times
...
AJ7428
Highly Voted 1 year, 6 months ago
Selected Answer: BCF
BCF is the right answer.
upvoted 10 times
...
Spaurito
Most Recent 1 month, 1 week ago
Option D doesn't makes sense. Once it changes, it is no longer valid for the configuration.
upvoted 1 times
...
Spaurito
1 month, 1 week ago
BCF - If your customer gateway IP address is dynamic, then leave the IP Address field empty. If your customer gateway IP address is static, then you can choose to leave this field empty, or specify the IP address.
upvoted 1 times
...
YogiB1
6 months, 3 weeks ago
Selected Answer: ACF
ACF --> https://repost.aws/knowledge-center/vpn-certificate-based-site-to-site
upvoted 1 times
YogiB1
6 months, 3 weeks ago
BCF I meant
upvoted 1 times
...
...
acloudguru
7 months, 3 weeks ago
Selected Answer: BCE
E is correct based on Amazon Q's answer
upvoted 1 times
...
mrt261
9 months, 1 week ago
Selected Answer: BCF
An IP address is not required when you are using a private certificate from AWS Private Certificate Authority and a public VPN. https://docs.aws.amazon.com/vpn/latest/s2svpn/cgw-options.html
upvoted 1 times
...
vikasj1in
10 months ago
Selected Answer: BCE
b) IKEv2 provides better security and flexibility compared to IKEv1, making it a preferred choice for VPN connections. c) Since the on-premises network does not have a static public IP address, using a private CA allows for the issuance of certificates for authentication without relying on public infrastructure. e) In this scenario, the customer gateway represents the on-premises VPN device. By specifying the current dynamic IP address of the customer gateway's external interface, AWS can establish the VPN connection even if the IP address changes dynamically.
upvoted 2 times
...
Arad
1 year, 1 month ago
Selected Answer: BCF
BCF is the right answer.
upvoted 2 times
...
luisfsm
1 year, 3 months ago
Selected Answer: BCF
It's BCF: https://docs.aws.amazon.com/vpn/latest/s2svpn/cgw-options.html#:~:text=(Optional)%20The%20IP,for%20more%20info.
upvoted 3 times
...
MohamedSherif1
1 year, 4 months ago
Selected Answer: BCF
An IP address is not required when you are using a private certificate from AWS Private Certificate Authority.
upvoted 4 times
...
MohamedSherif1
1 year, 4 months ago
Selected Answer: BCE
You can't create customer gateway without Specify the IP address
upvoted 1 times
...
[Removed]
1 year, 5 months ago
Selected Answer: BCE
Option E eliminates the need to have a static IP, option F is incorrect because a static IP will be required which the company does not have. You must have a static IP address to use as the endpoint for the IPsec tunnels that connect your customer gateway device to AWS Site-to-Site VPN endpoints. If a firewall is in place between AWS and your customer gateway device, the rules in the following tables must be in place to establish the IPsec tunnels. The IP addresses for the AWS-side will be in the configuration file. https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html
upvoted 1 times
...
wartywarthog
1 year, 5 months ago
The IP address needs to be static, so E can't be a right answer.
upvoted 2 times
[Removed]
1 year, 5 months ago
The company does not have a static IP, so E is correct because it removed the need to have a static IP.
upvoted 2 times
...
...
Balasmaniam
1 year, 6 months ago
https://docs.aws.amazon.com/vpn/latest/s2svpn/vpn-tunnel-authentication-options.html V BCF
upvoted 1 times
...
RVD
1 year, 6 months ago
Selected Answer: BCF
An IP address is not required when you are using a private certificate from AWS Private Certificate Authority.
upvoted 4 times
...
demoras
1 year, 6 months ago
BCF might be the right answer: An IP address is not required when you are using a private certificate from AWS Private Certificate Authority. https://docs.aws.amazon.com/vpn/latest/s2svpn/cgw-options.html
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago