Exam AWS Certified Solutions Architect - Professional topic 1 question 646 discussion

B https://aws.amazon.com/premiumsupport/knowledge-center/create-vpn-direct-connect/

Answer is B. https://aws.amazon.com/premiumsupport/knowledge-center/create-vpn-direct-connect/. Remember that to connect to services such as EC2 using just Direct Connect you need to create a private VIF. However if you want to encrypt the traffic flowing through DirectConnect, you will need to use the public VIF of DX to create a VPN connection that will allow access to AWS services such as S3, EC2 etc. The video describes this.

Its explained here. Prevously public VIF was needed not now https://docs.aws.amazon.com/vpn/latest/s2svpn/private-ip-dx.html

D is the right answer here. As you can check in this document: https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-vpn.html you really need to use a Public VIFs to access all AWS public services such as Amazon virtual private gateway IPsec endpoint.

you need public VIF. To implement a Private IP VPN with AWS Direct Connect you need a transit virtual interface, DXG, transit gateway

This is clearly stated in AWS documentation https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-vpn.html The answer must B as IPSec tunnels are always public

got the DX. D > B

B you need to use the public VIF of DX to create a VPN connection https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-vpn.html

D for me

I don't understand why it cant be D?? Just because 90% of the time you would use the Public interface doesn't mean you cant use the private. Its a valid DX configuration option with IPSEC tunnel. Private virtual interface: A private virtual interface should be used to access an Amazon VPC using private IP addresses. https://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.html It is also clearly explain in this blog which references all the details in any AWS doc. https://jayendrapatil.com/tag/direct-connect/ This doc is also only 2 days old. but with the use of a transit GW you can use Private IP and IPSEC. https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-aws-site-to-site-vpn-private-ip-vpns/

o connect to services such as EC2 using just Direct Connect you need to create a private VIF. However if you want to encrypt the traffic flowing through DirectConnect, you will need to use the public VIF of DX to create a VPN connection that will allow access to AWS services such as S3, EC2.

I would choose D. There is no internet connection. And the traffic is between corporate network and VPC. Most likely, it only involves private IP addresses, which only requires privhttps://www.examtopics.com/exams/amazon/aws-certified-solutions-architect-professional/view/14/#ate virtual interface over DX.

There is no debate, link from liono clearly shows step by step solution. Answer is B

Answer is D: We shoud go over the With AWS Direct Connect and AWS Site-to-Site VPN, you can combine one or more AWS Direct Connect dedicated network connections with the Amazon VPC VPN https://docs.aws.amazon.com/directconnect/latest/UserGuide/encryption-in-transit.html

My answer is D. Why do we need public virtual interface for communication between laptop and VPC over DX? There are no requirements of accessing from internet. It should be PRIVATE virtual interface.

to establish VPN over DX, Public VIF is required, Only Option B has this detail;

VPC does not have internet connection. Private virtual interface: used to access an VPC using private IP addresses. Public virtual interface: can access all AWS public services using public IP addresses.