Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 451 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 451
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company is designing an AWS environment for a manufacturing application. The application has been successful with customers, and the application's user base has increased. The company has connected the AWS environment to the company's on-premises data center through a 1 Gbps AWS Direct Connect connection. The company has configured BGP for the connection.

The company must update the existing network connectivity solution to ensure that the solution is highly available, fault tolerant, and secure.

Which solution will meet these requirements MOST cost-effectively?

  • A. Add a dynamic private IP AWS Site-to-Site VPN as a secondary path to secure data in transit and provide resilience for the Direct Connect connection. Configure MACsec to encrypt traffic inside the Direct Connect connection.
  • B. Provision another Direct Connect connection between the company's on-premises data center and AWS to increase the transfer speed and provide resilience. Configure MACsec to encrypt traffic inside the Direct Connect connection.
  • C. Configure multiple private VIFs. Load balance data across the VIFs between the on-premises data center and AWS to provide resilience.
  • D. Add a static AWS Site-to-Site VPN as a secondary path to secure data in transit and to provide resilience for the Direct Connect connection.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by CMMC at March 19, 2024, 6:09 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
oayoade
Highly Voted 5 months, 4 weeks ago
Selected Answer: D
MACsec is only supported on 10gbps and 100gbps Direct Connect https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-mac-sec-getting-started.html
upvoted 9 times
Daniel76
1 week, 6 days ago
This URL was updated as it supports 400gbps. (it does not change the answer).
upvoted 1 times
Daniel76
1 week, 6 days ago
https://docs.aws.amazon.com/directconnect/latest/UserGuide/MACsec.html
upvoted 1 times
...
...
...
trungtd
Most Recent 3 months, 2 weeks ago
Selected Answer: D
mentioned by oayoade.
upvoted 1 times
...
titi_r
4 months, 3 weeks ago
Selected Answer: D
Answer: D To encrypt data over DX, you use MACsec for 10 Gbps and 100 Gbps links, and S2S VPN for slower links (e.g. 1 Gbps). https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-site-to-site-vpn.html https://repost.aws/knowledge-center/create-vpn-direct-connect https://aws.amazon.com/blogs/networking-and-content-delivery/adding-macsec-security-to-aws-direct-connect-connections/
upvoted 1 times
...
pangchn
5 months, 2 weeks ago
Selected Answer: D
vote for D too
upvoted 1 times
...
ArunRav
5 months, 2 weeks ago
Selected Answer: D
D as mentioned by oayoade.
upvoted 1 times
...
zawminhtay.it.ucsm
5 months, 3 weeks ago
Selected Answer: D
same as oayosde mentioned,
upvoted 1 times
...
joseribas89
5 months, 3 weeks ago
Selected Answer: D
as oayoade says we need at least 10gbps to use MACsec, so option D
upvoted 2 times
...
pangchn
5 months, 4 weeks ago
Selected Answer: D
D as mentioned by oayoade.
upvoted 1 times
...
k23319
6 months ago
Selected Answer: A
MACSec is the difference here for the additional security for Direct Connect.
upvoted 2 times
...
ahmadraufsyahputra
6 months ago
A because dynamic IP is more resilence than static IP
upvoted 1 times
...
Dgix
6 months ago
Selected Answer: A
A is the correct answer. D uses static routing which is less suitable.
upvoted 1 times
...
djangoUnchained
6 months ago
Selected Answer: D
With A the VPN is dependent on the DX connection, so not adding any resilience. VPN is encrypted by default, D.
upvoted 2 times
...
ovladan
6 months ago
Solution: A If we look at the request "MOST cost-effectively" we can eliminate the answer under B. If we look at this part of the requirement "the solution is highly available, fault tolerant" we can eliminate C. If we look at this part "The company has configured BGP for the connection" and "the solution is ... secure" we can eliminate D, because the current Direct Connect connection is not encrypted and answer under D does not offer a solution to encrypt the traffic. Base on this answer under A is right choice.
upvoted 1 times
...
CMMC
6 months ago
Selected Answer: A
Provide resilience for the Direct Connect connection. Configure MACsec to encrypt traffic inside the Direct Connect connection. More cost effective than the static Site-to-Site VPN in Option D (which does not have the MACsec encryption for additional security).
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel