ExpertHard1 markMultiple Choice
AWS SAA-C03 · Question 11 · Domain 1.3: Data Security
A government agency is setting up a hybrid cloud architecture. They require a dedicated network connection from their on-premises data center to AWS. The connection must support native Layer 2 encryption at line rate. Which solution meets these requirements?
A government agency is setting up a hybrid cloud architecture. They require a dedicated network connection from their on-premises data center to AWS. The connection must support native Layer 2 encryption at line rate. Which solution meets these requirements?
Answer options:
A.
AWS Site-to-Site VPN over the internet.
B.
AWS Direct Connect with MACsec.
C.
AWS Direct Connect with AWS Site-to-Site VPN.
D.
AWS Transit Gateway with VPN attachments.
How to approach this question
Identify the requirement for Layer 2 encryption on a dedicated connection.
Full Answer
B.AWS Direct Connect with MACsec.✓ Correct
AWS Direct Connect with MACsec.
MACsec (Media Access Control Security) is an IEEE standard that provides data confidentiality, data integrity, and data origin authenticity at Layer 2. AWS Direct Connect supports MACsec for dedicated connections.
Common mistakes
Choosing Direct Connect + VPN, which is Layer 3 encryption (IPsec).
Practice the full AWS SAA-C03 Practice Exam 5
65 questions · hints · full answers · grading
More questions from this exam
Q01A company needs to grant an external auditor read-only access to specific AWS resources. The audi...EasyQ02An application running on EC2 instances needs to access objects in an S3 bucket. The security tea...MediumQ03A company is designing a VPC for a multi-tier web application. They need to block specific malici...MediumQ04A large enterprise uses AWS Organizations to manage multiple accounts. The security team wants to...HardQ05A company hosts a web application on an Application Load Balancer (ALB). They are experiencing SQ...Medium