ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 161 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 161
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A financial company that is located in the us-east-1 Region needs to establish secure connectivity to AWS. The company has two on-premises data centers, each located within the same Region. The company's network team needs to establish hybrid connectivity to its AWS environment with reliable and consistent connectivity.

The connection must provide access to the company's private resources inside its AWS environment. The resources are located in the us-east-1 and us-west-2 Regions. The connection must allow resources from the corporate networks to send large amounts of data to Amazon S3 over the same connection. To meet compliance requirements, the connection must be highly available and must provide encryption for all packets that are sent between the on-premises location and any services on AWS.

Which combination of steps should the network team take to meet these requirements? (Choose two.)

  • A. Set up a private VIF to send data to Amazon S3. Use an AWS Site-to-Site VPN connection over the private VIF to encrypt data in transit to the VPCs in us-east-1 and us-west-2.
  • B. Set up an AWS Direct Connect connection to each of the company's data centers.
  • C. Set up an AWS Direct Connect connection from one of the company's data centers to us-east-1 and us-west-2.
  • D. Set up a public VIF to send data to Amazon S3. Use an AWS Site-to-Site VPN connection over the public VIF to encrypt data in transit to the VPCs in us-east-1 and us-west-2.
  • E. Set up a transit VIF for an AWS Direct Connect gateway to send data to Amazon S3. Create a transit gateway. Associate the transit gateway with the Direct Connect gateway to provide secure communications from the company’s data centers to the VPCs in us-east-1 and us-west-2.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by ISSDoksim at July 31, 2023, 2:49 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Certified101
Highly Voted 1 year, 4 months ago
Selected Answer: BD
Option B: Establishing an AWS Direct Connect connection to each of the company's data centers ensures a reliable, consistent connection. This setup also addresses the requirement for high availability. If there are problems with one connection, the other connection can maintain the data flow. Option D: A public VIF can provide direct access to AWS services, including Amazon S3, across the Direct Connect link. By using an AWS Site-to-Site VPN connection over the public VIF, you can encrypt data in transit between the on-premises location and the VPCs in us-east-1 and us-west-2, thereby meeting the company's compliance requirements.
upvoted 9 times
...
hedglin
Most Recent 5 months, 3 weeks ago
Option B & E is correct. Why the other options are incorrect: A and D: These options suggest using Site-to-Site VPN over Direct Connect, which is not necessary when using a Transit Gateway and Direct Connect gateway. The Transit Gateway provides the required encryption. C: This option only sets up a Direct Connect connection from one data center, which doesn't meet the high availability requirement.
upvoted 1 times
...
vikasj1in
10 months, 1 week ago
Selected Answer: BE
B: This ensures reliable, consistent, and highly available connectivity. E: The transit gateway provides a centralized hub for connectivity, simplifying network architecture and allowing the flow of data securely. A: is incorrect because using a private VIF and an AWS Site-to-Site VPN connection is not necessary when there is a dedicated AWS Direct Connect connection to each data center. C: is not optimal because it suggests a separate Direct Connect connection for each AWS Region, which can lead to additional complexity and cost. D: is not recommended because using a public VIF for sending data to Amazon S3 might involve traffic going over the public internet, potentially impacting security and compliance requirements.
upvoted 1 times
[Removed]
8 months, 1 week ago
E would not provide encryption from DC to TGW
upvoted 2 times
...
...
sambb
1 year, 4 months ago
Selected Answer: BD
E - does not mention any type of encryption (no MACsec, no IPsec S2S VPN) A - S2S VPN is not available a private VIF as far as i know D - provides encryption and connection to S3 is possible with an interface endpoint. A single connection has 2 VPN tunnels, so we have redundancy, but it's not very highly available.
upvoted 3 times
...
ISSDoksim
1 year, 4 months ago
BD - https://docs.aws.amazon.com/vpn/latest/s2svpn/Examples.html
upvoted 3 times
johnconnor
1 year, 4 months ago
I agree with B, wouldn't both D and E work as well?
upvoted 1 times
...
johnconnor
1 year, 4 months ago
My concern with D is the HA part
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago