exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 196 discussion

A company has an application that runs on premises. The application needs to communicate with an application that runs in a VPC on AWS. The communication between the applications must be encrypted and must use private IP addresses. The communication cannot travel across the public internet.

The company has established a 1 Gbps AWS Direct Connect connection between the on-premises location and AWS.

Which solution will meet the connectivity requirements with the LEAST operational overhead?

  • A. Configure a private VIF on the Direct Connect connection. Associate the private VIF with the VPC's virtual private gateway. Set up an AWS Site-to-Site VPN private IP VPN connection to the virtual private gateway.
  • B. Create a transit gateway. Configure a transit VIF on the Direct Connect connection. Associate the transit VIF with a Direct Connect gateway. Associate the Direct Connect gateway with a new transit gateway. Set up an AWS Site-to-Site VPN private IP VPN connection to the transit gateway.
  • C. Configure a public VIF on the Direct Connect connection. Associate the public VIF with a Direct Connect gateway. Associate the Direct Connect gateway with a new transit gateway. Set up an AWS Site-to-Site VPN private IP VPN connection to the transit gateway.
  • D. Create a transit gateway. Configure a transit VIF on the Direct Connect connection. Associate the transit VIF with a Direct Connect gateway. Associate the Direct Connect gateway with a new transit gateway. Set up a third-party firewall in a new VPC that is attached to the transit gateway. Set up a VPN connection to the third-party firewall.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Nel07
2 months ago
Selected Answer: B
https://docs.aws.amazon.com/vpn/latest/s2svpn/private-ip-dx.html
upvoted 1 times
...
AlirezaNetWorld
3 months ago
C is the correct answer. Establishing IPsec is only permitted over the Public VIF, but this doesn't mean traffic is transmitted over the public Internet as all traffic will be sent and received between the on-prem and AWS across the DX line which is considered as a private link.
upvoted 3 times
...
Akshay0403
5 months ago
Selected Answer: B
Option B is the most operationally efficient solution that meets all requirements: Encrypted Communication: The AWS Site-to-Site VPN connection provides encryption. Private IP Addresses: The transit VIF and Direct Connect gateway ensure private IP connectivity. Least Operational Overhead: By using the transit gateway and Direct Connect's transit VIF, the solution simplifies network management and minimizes operational complexity.
upvoted 3 times
...
Blitz1
5 months, 1 week ago
Selected Answer: B
A - you cannot have s2s vpn with private vif. You need public -> A fail C - can you can have 2s2 vpn with public vif but you cannot have in the same time trasit vif(because is mentioning transit gateway) and public vif associated with direct connect gateway -> C fail D - third party vpn -> not LEAST operational overhead -> D fail
upvoted 2 times
chrootxxx
2 days ago
https://docs.aws.amazon.com/vpn/latest/s2svpn/private-ip-dx.html
upvoted 1 times
...
...
veyisceylan
6 months ago
To build Site-to-Site VPN over Direct Connect to Amazon VPC, use a public virtual interface. To build Site-to-Site VPN between on-premises equipment and AWS Transit Gateway, choose a public or a transit virtual interface. It should be B with Transit Gateway and Private IP VPN
upvoted 2 times
...
tsangckl
6 months, 1 week ago
Selected Answer: C
Site-to-site VPN have to be created over public VIF
upvoted 3 times
kajiyatta
5 months, 2 weeks ago
The communication between the applications must be encrypted and must use private IP addresses.So,public vif can not used.
upvoted 1 times
...
...
strike3test
6 months, 1 week ago
Selected Answer: B
Private VIFs are used to establish private connectivity between your on-premises network and your VPCs in AWS without traversing the public internet. They are typically used for scenarios where you need dedicated, private communication between your on-premises infrastructure and your AWS resources. However, to establish a Site-to-Site VPN connection, you need to configure a virtual private gateway (VGW) in your VPC. The VGW acts as the VPN endpoint in the AWS cloud. Site-to-Site VPN connections are established between the VGW and your on-premises VPN device or network. Option B is correct
upvoted 4 times
...
AXH
6 months, 2 weeks ago
Agree, A is least overhead to implement.
upvoted 3 times
...
vic614
6 months, 3 weeks ago
Selected Answer: A
Least operational overhead. No need for a transit gateway since just 1 vpc. Use Site-to-site to make sure encryption. No public VIF.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago