ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 451 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 451
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company is designing an AWS environment for a manufacturing application. The application has been successful with customers, and the application's user base has increased. The company has connected the AWS environment to the company's on-premises data center through a 1 Gbps AWS Direct Connect connection. The company has configured BGP for the connection.

The company must update the existing network connectivity solution to ensure that the solution is highly available, fault tolerant, and secure.

Which solution will meet these requirements MOST cost-effectively?

  • A. Add a dynamic private IP AWS Site-to-Site VPN as a secondary path to secure data in transit and provide resilience for the Direct Connect connection. Configure MACsec to encrypt traffic inside the Direct Connect connection.
  • B. Provision another Direct Connect connection between the company's on-premises data center and AWS to increase the transfer speed and provide resilience. Configure MACsec to encrypt traffic inside the Direct Connect connection.
  • C. Configure multiple private VIFs. Load balance data across the VIFs between the on-premises data center and AWS to provide resilience.
  • D. Add a static AWS Site-to-Site VPN as a secondary path to secure data in transit and to provide resilience for the Direct Connect connection.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by CMMC at March 19, 2024, 6:09 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
oayoade
Highly Voted 1 year, 1 month ago
Selected Answer: D
MACsec is only supported on 10gbps and 100gbps Direct Connect https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-mac-sec-getting-started.html
upvoted 12 times
Daniel76
7 months, 3 weeks ago
This URL was updated as it supports 400gbps. (it does not change the answer).
upvoted 2 times
Daniel76
7 months, 3 weeks ago
https://docs.aws.amazon.com/directconnect/latest/UserGuide/MACsec.html
upvoted 1 times
...
...
...
TomTom
Most Recent 5 months, 1 week ago
Why not C? Adding multiple VIFs to your Direct Connect connection is a cost-effective way to increase redundancy and improve performance. https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/direct-connect.html#:~:text=Option%201%3A%20Create%20a%20private,allowing%20you%20to%20connect%20to
upvoted 1 times
nimbus_00
4 months, 4 weeks ago
A single AWS Direct Connect connection with multiple private virtual interfaces (VIFs) does not provide redundancy, as all the VIFs share the same underlying physical connection.
upvoted 1 times
...
...
trungtd
10 months, 4 weeks ago
Selected Answer: D
mentioned by oayoade.
upvoted 1 times
...
titi_r
1 year ago
Selected Answer: D
Answer: D To encrypt data over DX, you use MACsec for 10 Gbps and 100 Gbps links, and S2S VPN for slower links (e.g. 1 Gbps). https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-site-to-site-vpn.html https://repost.aws/knowledge-center/create-vpn-direct-connect https://aws.amazon.com/blogs/networking-and-content-delivery/adding-macsec-security-to-aws-direct-connect-connections/
upvoted 1 times
...
pangchn
1 year ago
Selected Answer: D
vote for D too
upvoted 1 times
...
ArunRav
1 year ago
Selected Answer: D
D as mentioned by oayoade.
upvoted 1 times
...
zawminhtay.it.ucsm
1 year, 1 month ago
Selected Answer: D
same as oayosde mentioned,
upvoted 1 times
...
joseribas89
1 year, 1 month ago
Selected Answer: D
as oayoade says we need at least 10gbps to use MACsec, so option D
upvoted 2 times
...
pangchn
1 year, 1 month ago
Selected Answer: D
D as mentioned by oayoade.
upvoted 1 times
...
k23319
1 year, 1 month ago
Selected Answer: A
MACSec is the difference here for the additional security for Direct Connect.
upvoted 2 times
...
ahmadraufsyahputra
1 year, 1 month ago
A because dynamic IP is more resilence than static IP
upvoted 1 times
...
Dgix
1 year, 1 month ago
Selected Answer: A
A is the correct answer. D uses static routing which is less suitable.
upvoted 1 times
...
djangoUnchained
1 year, 1 month ago
Selected Answer: D
With A the VPN is dependent on the DX connection, so not adding any resilience. VPN is encrypted by default, D.
upvoted 2 times
...
ovladan
1 year, 1 month ago
Solution: A If we look at the request "MOST cost-effectively" we can eliminate the answer under B. If we look at this part of the requirement "the solution is highly available, fault tolerant" we can eliminate C. If we look at this part "The company has configured BGP for the connection" and "the solution is ... secure" we can eliminate D, because the current Direct Connect connection is not encrypted and answer under D does not offer a solution to encrypt the traffic. Base on this answer under A is right choice.
upvoted 1 times
...
CMMC
1 year, 1 month ago
Selected Answer: A
Provide resilience for the Direct Connect connection. Configure MACsec to encrypt traffic inside the Direct Connect connection. More cost effective than the static Site-to-Site VPN in Option D (which does not have the MACsec encryption for additional security).
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago