Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Amazon Discussions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 139 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 139
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has an AWS environment that includes multiple VPCs that are connected by a transit gateway. The company has decided to use AWS Site-to-Site VPN to establish connectivity between its on-premises network and its AWS environment.

The company does not have a static public IP address for its on-premises network. A network engineer must implement a solution to initiate the VPN connection on the AWS side of the connection for traffic from the AWS environment to the on-premises network.

Which combination of steps should the network engineer take to establish VPN connectivity between the transit gateway and the on-premises network? (Choose three.)

  • A. Configure the Site-to-Site VPN tunnel options to use Internet Key Exchange version 1 (IKEv1).
  • B. Configure the Site-to-Site VPN tunnel options to use Internet Key Exchange version 2 (IKEv2).
  • C. Use a private certificate authority (CA) from AWS Private Certificate Authority to create a certificate.
  • D. Use a public certificate authority (CA) from AWS Private Certificate Authority to create a certificate.
  • E. Create a customer gateway. Specify the current dynamic IP address of the customer gateway device’s external interface.
  • F. Create a customer gateway without specifying the IP address of the customer gateway device.
Show Suggested Answer Hide Answer
Suggested Answer: BCF 🗳️
by Pratap at June 9, 2023, 2:53 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
AJ7428
Highly Voted 11 months ago
Selected Answer: BCF
BCF is the right answer.
upvoted 10 times
...
Neo00
Highly Voted 10 months ago
For people who said F is wrong, please read this 'An IP address is not required when you are using a private certificate from AWS Private Certificate Authority.' https://docs.aws.amazon.com/vpn/latest/s2svpn/cgw-options.html
upvoted 9 times
...
acloudguru
Most Recent 2 weeks, 3 days ago
Selected Answer: BCE
E is correct based on Amazon Q's answer
upvoted 1 times
...
mrt261
2 months ago
Selected Answer: BCF
An IP address is not required when you are using a private certificate from AWS Private Certificate Authority and a public VPN. https://docs.aws.amazon.com/vpn/latest/s2svpn/cgw-options.html
upvoted 1 times
...
vikasj1in
2 months, 4 weeks ago
Selected Answer: BCE
b) IKEv2 provides better security and flexibility compared to IKEv1, making it a preferred choice for VPN connections. c) Since the on-premises network does not have a static public IP address, using a private CA allows for the issuance of certificates for authentication without relying on public infrastructure. e) In this scenario, the customer gateway represents the on-premises VPN device. By specifying the current dynamic IP address of the customer gateway's external interface, AWS can establish the VPN connection even if the IP address changes dynamically.
upvoted 1 times
...
Arad
6 months, 1 week ago
Selected Answer: BCF
BCF is the right answer.
upvoted 2 times
...
luisfsm
8 months, 1 week ago
Selected Answer: BCF
It's BCF: https://docs.aws.amazon.com/vpn/latest/s2svpn/cgw-options.html#:~:text=(Optional)%20The%20IP,for%20more%20info.
upvoted 3 times
...
MohamedSherif1
8 months, 4 weeks ago
Selected Answer: BCF
An IP address is not required when you are using a private certificate from AWS Private Certificate Authority.
upvoted 4 times
...
MohamedSherif1
8 months, 4 weeks ago
Selected Answer: BCE
You can't create customer gateway without Specify the IP address
upvoted 1 times
...
[Removed]
10 months ago
Selected Answer: BCE
Option E eliminates the need to have a static IP, option F is incorrect because a static IP will be required which the company does not have. You must have a static IP address to use as the endpoint for the IPsec tunnels that connect your customer gateway device to AWS Site-to-Site VPN endpoints. If a firewall is in place between AWS and your customer gateway device, the rules in the following tables must be in place to establish the IPsec tunnels. The IP addresses for the AWS-side will be in the configuration file. https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html
upvoted 1 times
...
wartywarthog
10 months, 2 weeks ago
The IP address needs to be static, so E can't be a right answer.
upvoted 2 times
[Removed]
10 months ago
The company does not have a static IP, so E is correct because it removed the need to have a static IP.
upvoted 2 times
...
...
Balasmaniam
10 months, 4 weeks ago
https://docs.aws.amazon.com/vpn/latest/s2svpn/vpn-tunnel-authentication-options.html V BCF
upvoted 1 times
...
RVD
11 months, 1 week ago
Selected Answer: BCF
An IP address is not required when you are using a private certificate from AWS Private Certificate Authority.
upvoted 4 times
...
demoras
11 months, 1 week ago
BCF might be the right answer: An IP address is not required when you are using a private certificate from AWS Private Certificate Authority. https://docs.aws.amazon.com/vpn/latest/s2svpn/cgw-options.html
upvoted 2 times
...
CloudRover
11 months, 1 week ago
its bde. for ike connection, public ip address of customer gateway device is needed. https://docs.aws.amazon.com/vpn/latest/s2svpn/initiate-vpn-tunnels.html
upvoted 2 times
...
Pratap
11 months, 1 week ago
Selected Answer: BCE
BCE is the right combination
upvoted 4 times
...
Pratap
11 months, 1 week ago
Selected Answer: BEF
version 2
upvoted 2 times
Pratap
11 months, 1 week ago
BCE is the right answer
upvoted 2 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel