ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 80 discussion

Exam question from Amazon's ANS-C00
Question #: 80
Topic #: 1
[All ANS-C00 Questions]

An organization's Security team has a requirement that all data leaving its on-premises data center be encrypted at the network layer and use dedicated connectivity. There is also a requirement to centrally log all traffic flow in Amazon VPC environments. An AWS Direct Connect connection has been ordered to build out this design.
What steps should be taken to ensure that connectivity to AWS meets these security requirements? (Choose two.)

  • A. Provision a public virtual interface on AWS Direct Connect and set up a VPN to each VPC.
  • B. Provision a private virtual interface for each VPC connection.
  • C. Enable VPC Flow Logs for each VPC.
  • D. Use AWS KMS to encrypt traffic between on-premises and AWS.
  • E. Provision a VPN connection to each VPC over the internet.
Show Suggested Answer Hide Answer
Suggested Answer: BE 🗳️
Reference:
https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdf
by ITstudy at May 8, 2020, 12:03 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ITstudy
Highly Voted 3 years, 8 months ago
A, C . We can run VPN over public VIF which will secure traffic at network level .
upvoted 22 times
...
Johnny_Green
Highly Voted 3 years, 7 months ago
A, C are correct. The justification for choosing A can be found here:https://www.youtube.com/watch?v=dhpTTT6V1So
upvoted 9 times
...
MohamedSherif1
Most Recent 3 years ago
A & C are correct
upvoted 1 times
...
Royce341
3 years, 2 months ago
Selected Answer: AC
A & C are correct
upvoted 1 times
...
aimar047
3 years, 3 months ago
AC are the closest options. A still arguable if VPN will be using AWS managed VPN --> Public Interface OR EC2 hosted VPNs --> Private Interface
upvoted 1 times
...
borisgor
3 years, 5 months ago
Selected Answer: AC
A&C , B was given without VPN option
upvoted 1 times
...
Bassel
3 years, 7 months ago
The question is asking for : What steps should be taken to ensure that connectivity to AWS meets these security requirements? B & E
upvoted 1 times
jpvdham
3 years, 7 months ago
True, but why is logging not a security requirement?
upvoted 1 times
...
ChauPhan
3 years, 7 months ago
An organization's Security team has a requirement that all data leaving its on-premises data center be encrypted at the network layer and use dedicated connectivity if you use Internet, so not use dedicated connectivity, in this case it is DX => not meet the demand of the question.
upvoted 1 times
...
...
lunt
3 years, 7 months ago
B. No network security. D. same as above. E. Question states DX link is available. Nope. C. Yes. A. Yes. It cannot be PVIF - it has no encryption. There is only viable answer with the question stating the context is the DX link. Answer is A C.
upvoted 5 times
...
aduda
3 years, 7 months ago
A public VIF cannot be associated with a VPC. It has to be a private VIF which is attached to a VGW/VPC; and then a VPN on top of it. For that reason A is out. B & C for me.
upvoted 1 times
aduda
3 years, 7 months ago
take that back. Link provided by exmjame is correct. Ans is A,C
upvoted 4 times
...
...
kvirk
3 years, 8 months ago
A,C is correct
upvoted 4 times
...
[Removed]
3 years, 8 months ago
B,E? How is the "There is also a requirement to centrally log all traffic flow in Amazon VPC environments." met if C is not included? For me it's either A,C or B,C
upvoted 1 times
...
exmjame
3 years, 8 months ago
How to setup VPN over DX -> https://aws.amazon.com/premiumsupport/knowledge-center/create-vpn-direct-connect/
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel