Topic 1 Question 161
2 つ選択A financial company that is located in the us-east-1 Region needs to establish secure connectivity to AWS. The company has two on-premises data centers, each located within the same Region. The company's network team needs to establish hybrid connectivity to its AWS environment with reliable and consistent connectivity.
The connection must provide access to the company's private resources inside its AWS environment. The resources are located in the us-east-1 and us-west-2 Regions. The connection must allow resources from the corporate networks to send large amounts of data to Amazon S3 over the same connection. To meet compliance requirements, the connection must be highly available and must provide encryption for all packets that are sent between the on-premises location and any services on AWS.
Which combination of steps should the network team take to meet these requirements?
Set up a private VIF to send data to Amazon S3. Use an AWS Site-to-Site VPN connection over the private VIF to encrypt data in transit to the VPCs in us-east-1 and us-west-2.
Set up an AWS Direct Connect connection to each of the company's data centers.
Set up an AWS Direct Connect connection from one of the company's data centers to us-east-1 and us-west-2.
Set up a public VIF to send data to Amazon S3. Use an AWS Site-to-Site VPN connection over the public VIF to encrypt data in transit to the VPCs in us-east-1 and us-west-2.
Set up a transit VIF for an AWS Direct Connect gateway to send data to Amazon S3. Create a transit gateway. Associate the transit gateway with the Direct Connect gateway to provide secure communications from the company’s data centers to the VPCs in us-east-1 and us-west-2.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: BD
Option B: Establishing an AWS Direct Connect connection to each of the company's data centers ensures a reliable, consistent connection. This setup also addresses the requirement for high availability. If there are problems with one connection, the other connection can maintain the data flow.
Option D: A public VIF can provide direct access to AWS services, including Amazon S3, across the Direct Connect link. By using an AWS Site-to-Site VPN connection over the public VIF, you can encrypt data in transit between the on-premises location and the VPCs in us-east-1 and us-west-2, thereby meeting the company's compliance requirements.
👍 4Certified1012023/08/03 - 👍 2ISSDoksim2023/07/30
- 正解だと思う選択肢: BD
E - does not mention any type of encryption (no MACsec, no IPsec S2S VPN) A - S2S VPN is not available a private VIF as far as i know D - provides encryption and connection to S3 is possible with an interface endpoint. A single connection has 2 VPN tunnels, so we have redundancy, but it's not very highly available.
👍 2sambb2023/08/02
シャッフルモード