Topic 1 Question 115
2 つ選択A company is moving its record-keeping application to the AWS Cloud. All traffic between the company's on-premises data center and AWS must be encrypted at all times and at every transit device during the migration.
The application will reside across multiple Availability Zones in a single AWS Region. The application will use existing 10 Gbps AWS Direct Connect dedicated connections with a MACsec capable port. A network engineer must ensure that the Direct Connect connection is secured accordingly at every transit device.
The network engineer creates a Connection Key Name and Connectivity Association Key (CKN/CAK) pair for the MACsec secret key.
Which combination of additional steps should the network engineer take to meet the requirements?
Configure the on-premises router with the MACsec secret key.
Update the connection's MACsec encryption mode to must_encrypt. Then associate the CKN/CAK pair with the connection.
Update the connection's MACsec encryption mode to should encrypt. Then associate the CKN/CAK pair with the connection.
Associate the CKN/CAK pair with the connection. Then update the connection's MACsec encryption mode to must_encrypt.
Associate the CKN/CAK pair with the connection. Then update the connection’s MACsec encryption mode to should_encrypt.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: AD
According to AWS, you need to do the following 4 steps in order.
- Create a new connection with MACsec support
- Associate the CKN/CAK with the connection
- Verify the connection status
- Migrate traffic to new connection as appropriate
When you first create the DX connection, the default encryption mode is should encrypt. You need to update it to must encrypt in step 3. There's no way to specify that during the creation of DX.
👍 10lygf2023/06/16 - 正解だと思う選択肢: AD
docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-mac-sec-getting-started.html
👍 3Balasmaniam2023/06/09 - 正解だと思う選択肢: AB
Update the MACsec encryption mode before binding.
👍 2norimune2023/06/14
シャッフルモード