Topic 1 Question 247
A company has a hybrid environment that connects an on-premises data center to the AWS Cloud. The hybrid environment uses a 10 Gbps AWS Direct Connect dedicated connection. The Direct Connect connection has multiple private VIFs that terminate in multiple VPCs.
To comply with regulations, the company must encrypt all WAN traffic, regardless of the underlying transport. The company needs to implement an encryption solution that will not affect the company's bandwidth capacity.
Which solution will meet these requirements?
Create a public VIF. Configure a new AWS Site-to-Site VPN connection to use the new public VIF.
Configure MAC security (MACsec) support on the port of the existing Direct Connect connection. Change the encryption mode to must_encrypt.
Configure a new Direct Connect connection that supports MAC security (MACSec) Associate the existing VIFs to the new Direct Connect connection.
Create a public VIF. Configure a new private IP VPN that uses the Direct Connect connection.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: C
C: because it's NOT possible to activate MacSec on an existing connection - see https://aws.amazon.com/blogs/networking-and-content-delivery/adding-macsec-security-to-aws-direct-connect-connections/
👍 3c1193d42025/01/06 - 正解だと思う選択肢: C
To enable the Direct Connect MACsec feature, you must migrate to a MACsec capable Direct Connect circuit.
👍 1dspd2025/02/09
シャッフルモード