ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 1.1: Network ConnectivityNetworkingDirect ConnectSecurity

AWS SAP-C02 · Question 16 · Domain 1.1: Network Connectivity

A company requires a hybrid network architecture. They have a 10 Gbps AWS Direct Connect connection. For compliance reasons, all traffic over the Direct Connect connection must be encrypted at the MAC level. How can this be achieved?

Answer options:

A.

Establish an IPsec VPN over the Direct Connect connection.

B.

Enable MACsec on the Direct Connect connection and use MACsec-capable routers on-premises.

C.

Use AWS KMS to encrypt the Direct Connect virtual interfaces.

D.

Implement TLS 1.3 for all applications using the connection.

How to approach this question

Identify the protocol that provides Layer 2 (MAC level) encryption.

Full Answer

B.Enable MACsec on the Direct Connect connection and use MACsec-capable routers on-premises.✓ Correct
Enable MACsec on the Direct Connect connection and use MACsec-capable routers on-premises.
MACsec provides point-to-point Layer 2 encryption over AWS Direct Connect, meeting strict compliance requirements for data in transit.

Common mistakes

Choosing IPsec VPN, which is Layer 3 encryption.
15All questions17

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 1

75 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01An enterprise has 50 VPCs across two AWS Regions. They need to establish transitive routing betwe...HardQ02A company uses AWS Organizations. The security team wants to ensure that no IAM user or role can ...MediumQ03An application requires a relational database with an RPO of 1 second and an RTO of less than 1 m...HardQ04A company is setting up a new multi-account environment. They want to automate the provisioning o...MediumQ05An organization wants to allocate AWS costs to specific business units. They use AWS Organization...Hard
View all 75 questions →