ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 241 discussion

Exam question from Amazon's ANS-C00
Question #: 241
Topic #: 1
[All ANS-C00 Questions]

You are the AWS cloud architect and have been tasked with designing an appropriate subnetting design for your production VPC. Your production VPC requires secure communications back to the corporate private network. Quality of Service (QoS) is very important 24 ֳ— 7 for this particular connection, as real-time data is passed continually backwards and forwards between your on-prem bioinformatics enterprise application, and the number crunching servers deployed in the cloud.
Any potential latency incurred on this connection will have a direct impact on the company's ability to attract investors and expansion into new markets.
Select the correct network configuration that best facilitates your company's continued growth plans.

  • A. Provision a Direct Connect connection - between your service provider's data center and the AWS region that your cloud compute resources exist in. Configure just a Private Virtual Interface. As this is a Direct Connection, a Virtual Private Gateway is not required
  • B. Configure a site-to-site layer 2 software router using OpenVPN within your VPC and ensure that QoS enabled - this is a secure and cheap option
  • C. Configure a site-to-site layer 3 software router using OpenVPN within your VPC and ensure that QoS enabled - this is a secure and cheap option
  • D. Provision a Direct Connect connection ג€" between your existing service provider's data center and the AWS region that your cloud compute resources exist in. Configure a Virtual Private Gateway and Private Virtual Interface
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by JamesTR at Jan. 28, 2021, 3:44 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ExtHo
3 years, 4 months ago
Selected Answer: D
D Secure -> VPN -> virtual private gateway. Latency -> Direct Connect as encryption not mentioned in question Public VIF not required.
upvoted 3 times
...
walkwolf3
3 years, 7 months ago
D Secure -> VPN -> virtual private gateway. Latency -> Direct Connect
upvoted 2 times
...
StelSen
3 years, 7 months ago
Answer: D is correct. From the Question, it is understood that they need Secured as well as low latency. But did you notice the stress on MORE stress on latency and less stress on security. So correct answer would be D.
upvoted 1 times
...
ptpho
3 years, 7 months ago
There is no perfect ans for this question. The best solution is VPN over DCX. But it's seem QoS has a higher priority, so I go with D
upvoted 4 times
...
ChauPhan
3 years, 7 months ago
VPN + DX needs Public VIF. I go with C C. Configure a site-to-site layer 3 software router using OpenVPN within your VPC and ensure that QoS enabled - this is a secure and cheap option
upvoted 1 times
...
ChauPhan
3 years, 7 months ago
D. Provision a Direct Connect connection "" between your existing service provider's data center and the AWS region that your cloud compute resources exist in. Configure a Virtual Private Gateway and Private Virtual Interface
upvoted 1 times
ChauPhan
3 years, 7 months ago
Sorry mistake VPN + DX needs Public VIF not private VIF
upvoted 1 times
...
...
Nimolee
3 years, 8 months ago
Direct Connect is not secure comparing to VPN. To run VPN over a direct connect, a public VIF is required. C is the best answer as it provides requested security and QoS for the traffic that's flowing within the tunnel
upvoted 1 times
Nimolee
3 years, 8 months ago
and: Provision a Direct Connect connection "" between your existing service provider's data center and the AWS region that your cloud compute resources exist in. is meaningless. The direct connect must be provided to you not your provider.
upvoted 1 times
...
aimar047
3 years, 3 months ago
But in this case you will need to ensure HA and Fault Tolerance of the VPN non-managed appliances by yourself. Which won't satisfy the question scenario requirements
upvoted 1 times
...
...
JamesTR
3 years, 8 months ago
I believe it is D. it is AWS VPN over an AWS Direct Connect connection.
upvoted 1 times
Huntkey
3 years, 8 months ago
I don't there is VPN in this play. The VGW is for attaching the direct connect to the VPC. I don't believe you can establish a VPN over the direct connect to the VGW anyway. You will need some 3rd party VPN software in the VPC for that.
upvoted 1 times
JamesTR
3 years, 8 months ago
None of the answers meet requirement “Your production VPC requires secure communications back to the corporate private network”. A,B and C are wrong. D is the *best answer* because at least we will have a connection to the VPC, not encrypted though. You need VPN over Direct Connect to make a secure connection but this requires Public VIF. Answer D mentions only a Private VIF. https://aws.amazon.com/premiumsupport/knowledge-center/create-vpn-direct-connect/ It looks to me like proposed answers are not for this scenario. For example, none of the answers assure 24/7 reliability.
upvoted 8 times
...
...
ChauPhan
3 years, 7 months ago
VPN + DX needs Public VIF not private VIF
upvoted 1 times
...
ChauPhan
3 years, 7 months ago
https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-vpn.html
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel