ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 1.1: Network ConnectivityNetworkingSecurityDirect ConnectEncryption

AWS SAP-C02 · Question 71 · Domain 1.1: Network Connectivity

An organization is migrating their on-premises data center to AWS. They have a strict requirement that all data in transit between their on-premises network and AWS must be encrypted. They are provisioning a 10 Gbps AWS Direct Connect connection. Which THREE options can satisfy the encryption-in-transit requirement? (Select THREE)

Answer options:

A.

Enable MACsec on the Direct Connect connection.

B.

Establish an AWS Site-to-Site VPN (IPsec) over the Direct Connect public virtual interface.

C.

Establish an AWS Site-to-Site VPN (IPsec) over the Direct Connect transit virtual interface.

D.

Enable AWS KMS encryption on the Direct Connect connection.

E.

Use AWS PrivateLink to encrypt the connection.

F.

Configure VPC Peering with encryption enabled.

How to approach this question

Identify the methods for encrypting Direct Connect: MACsec (Layer 2) or VPN (Layer 3) over various VIFs.

Full Answer

Enable MACsec on the Direct Connect connection. Establish an AWS Site-to-Site VPN (IPsec) over the Direct Connect public virtual interface. Establish an AWS Site-to-Site VPN (IPsec) over the Direct Connect transit virtual interface.
AWS Direct Connect does not encrypt traffic by default. To meet the requirement, you can use MACsec (IEEE 802.1AE) for Layer 2 encryption, or you can run an IPsec VPN (Layer 3 encryption) over a public or transit virtual interface.

Common mistakes

Assuming Direct Connect is encrypted by default because it is a private line.
70All questions72

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 1

75 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01An enterprise has 50 VPCs across two AWS Regions. They need to establish transitive routing betwe...HardQ02A company uses AWS Organizations. The security team wants to ensure that no IAM user or role can ...MediumQ03An application requires a relational database with an RPO of 1 second and an RTO of less than 1 m...HardQ04A company is setting up a new multi-account environment. They want to automate the provisioning o...MediumQ05An organization wants to allocate AWS costs to specific business units. They use AWS Organization...Hard
View all 75 questions →