Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 196 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 196
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has an application that runs on premises. The application needs to communicate with an application that runs in a VPC on AWS. The communication between the applications must be encrypted and must use private IP addresses. The communication cannot travel across the public internet.

The company has established a 1 Gbps AWS Direct Connect connection between the on-premises location and AWS.

Which solution will meet the connectivity requirements with the LEAST operational overhead?

  • A. Configure a private VIF on the Direct Connect connection. Associate the private VIF with the VPC's virtual private gateway. Set up an AWS Site-to-Site VPN private IP VPN connection to the virtual private gateway.
  • B. Create a transit gateway. Configure a transit VIF on the Direct Connect connection. Associate the transit VIF with a Direct Connect gateway. Associate the Direct Connect gateway with a new transit gateway. Set up an AWS Site-to-Site VPN private IP VPN connection to the transit gateway.
  • C. Configure a public VIF on the Direct Connect connection. Associate the public VIF with a Direct Connect gateway. Associate the Direct Connect gateway with a new transit gateway. Set up an AWS Site-to-Site VPN private IP VPN connection to the transit gateway.
  • D. Create a transit gateway. Configure a transit VIF on the Direct Connect connection. Associate the transit VIF with a Direct Connect gateway. Associate the Direct Connect gateway with a new transit gateway. Set up a third-party firewall in a new VPC that is attached to the transit gateway. Set up a VPN connection to the third-party firewall.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by seochan at May 30, 2024, 1:56 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Nel07
2 weeks, 6 days ago
Selected Answer: B
https://docs.aws.amazon.com/vpn/latest/s2svpn/private-ip-dx.html
upvoted 1 times
...
AlirezaNetWorld
1 month, 3 weeks ago
C is the correct answer. Establishing IPsec is only permitted over the Public VIF, but this doesn't mean traffic is transmitted over the public Internet as all traffic will be sent and received between the on-prem and AWS across the DX line which is considered as a private link.
upvoted 1 times
...
Akshay0403
3 months, 3 weeks ago
Selected Answer: B
Option B is the most operationally efficient solution that meets all requirements: Encrypted Communication: The AWS Site-to-Site VPN connection provides encryption. Private IP Addresses: The transit VIF and Direct Connect gateway ensure private IP connectivity. Least Operational Overhead: By using the transit gateway and Direct Connect's transit VIF, the solution simplifies network management and minimizes operational complexity.
upvoted 2 times
...
Blitz1
3 months, 4 weeks ago
Selected Answer: B
A - you cannot have s2s vpn with private vif. You need public -> A fail C - can you can have 2s2 vpn with public vif but you cannot have in the same time trasit vif(because is mentioning transit gateway) and public vif associated with direct connect gateway -> C fail D - third party vpn -> not LEAST operational overhead -> D fail
upvoted 2 times
...
veyisceylan
4 months, 3 weeks ago
To build Site-to-Site VPN over Direct Connect to Amazon VPC, use a public virtual interface. To build Site-to-Site VPN between on-premises equipment and AWS Transit Gateway, choose a public or a transit virtual interface. It should be B with Transit Gateway and Private IP VPN
upvoted 2 times
...
tsangckl
4 months, 4 weeks ago
Selected Answer: C
Site-to-site VPN have to be created over public VIF
upvoted 1 times
kajiyatta
4 months, 1 week ago
The communication between the applications must be encrypted and must use private IP addresses.So,public vif can not used.
upvoted 1 times
...
...
strike3test
5 months ago
Selected Answer: B
Private VIFs are used to establish private connectivity between your on-premises network and your VPCs in AWS without traversing the public internet. They are typically used for scenarios where you need dedicated, private communication between your on-premises infrastructure and your AWS resources. However, to establish a Site-to-Site VPN connection, you need to configure a virtual private gateway (VGW) in your VPC. The VGW acts as the VPN endpoint in the AWS cloud. Site-to-Site VPN connections are established between the VGW and your on-premises VPN device or network. Option B is correct
upvoted 4 times
...
AXH
5 months, 1 week ago
Agree, A is least overhead to implement.
upvoted 3 times
...
vic614
5 months, 2 weeks ago
Selected Answer: A
Least operational overhead. No need for a transit gateway since just 1 vpc. Use Site-to-site to make sure encryption. No public VIF.
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel