ExpertHard1 markMultiple Choice
AWS SAP-C02 · Question 72 · Domain 1.1: Network Connectivity
An enterprise wants to establish a dedicated, private connection to AWS. They require high availability and encryption in transit. Which THREE components are required to build a highly available, encrypted hybrid network? (Select THREE)
An enterprise wants to establish a dedicated, private connection to AWS. They require high availability and encryption in transit. Which THREE components are required to build a highly available, encrypted hybrid network? (Select THREE)
Answer options:
A.
Two AWS Direct Connect connections in different locations.
B.
AWS Site-to-Site VPN configured over the Direct Connect connections.
C.
An AWS Transit Gateway or Virtual Private Gateway.
D.
AWS Client VPN.
E.
A single Direct Connect connection with MACsec.
F.
AWS PrivateLink.
How to approach this question
Combine DX for private connectivity with VPN for encryption.
Full Answer
To achieve a highly available, encrypted connection, you provision redundant Direct Connect connections and run IPsec VPNs over them (Public VIF or Transit VIF) terminating at a TGW or VGW.
Common mistakes
Thinking Direct Connect is encrypted by default (it is not, unless MACsec is used).
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 3
75 questions · hints · full answers · grading
More questions from this exam
Q01An enterprise has 100 VPCs across 5 AWS Regions. They need to establish a highly available, trans...HardQ02A company uses AWS Organizations. The CISO requires that no EC2 instances can be launched outside...MediumQ03An application uses Amazon Aurora PostgreSQL. To meet disaster recovery requirements, the databas...HardQ04A company is setting up a new multi-account AWS environment. They want to automate the creation o...MediumQ05An organization wants to allocate AWS costs to specific departments. They use multiple AWS accoun...Medium