ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 1.3: Data SecuritySecurityDirect ConnectEncryptionNetworking

AWS SAA-C03 · Question 17 · Domain 1.3: Data Security

A company wants to ensure that data in transit between their on-premises data center and their Amazon VPC is encrypted. They also require a dedicated, consistent network connection that does not traverse the public internet. <br/><br/>Which TWO services/features should be combined to meet these requirements? (Select TWO.)

Answer options:

A.

AWS Direct Connect

B.

AWS Site-to-Site VPN

C.

MACsec (Media Access Control Security)

D.

AWS Transit Gateway

E.

AWS PrivateLink

How to approach this question

Identify the service for dedicated connectivity (Direct Connect) and the feature that encrypts it (MACsec or VPN over DX, but MACsec is listed).

Full Answer

AWS Direct Connect<br/>MACsec (Media Access Control Security)
AWS Direct Connect provides a dedicated network connection from your premises to AWS. To encrypt data in transit over Direct Connect, you can use MACsec (IEEE 802.1AE), which provides Layer 2 encryption.

Common mistakes

Selecting Site-to-Site VPN, which uses the public internet.
16All questions18

Practice the full AWS SAA-C03 Practice Exam 4

65 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...MediumQ02An application running on Amazon EC2 instances needs to access an Amazon DynamoDB table. Both res...EasyQ03A company is designing a web application that will be hosted on AWS. The application will use an ...MediumQ04A company is building a mobile app that requires users to authenticate using their social media a...HardQ05A solutions architect is designing a VPC for a three-tier web application. The database tier must...Medium
View all 65 questions →