Exam AWS Certified Solutions Architect - Professional topic 1 question 77 discussion

My answer would be C,D,E,F. For A, End to end protection means the secure tunnel has to be established between your EC2 instance and the on-perm machine. By establishing a VPN tunnel between VPC and your on-perm gateway does not achieve that, the traffic before entering and after exiting the VPN tunnel will not be encrypted. For B, Same as A For C, As explained in A, this is what you can achieve by established a VPN tunnel between the two gateway. (encryption only happen between the two VPN end point which protect the data when it travel on the internet) For D, same as C For E, When establishing the VPN tunnel, the two gateway will authenticate each other prior to form the VPN tunnel. For F, same as C

A. End-to-end protection of data in transit C. Data encryption across the Internet D. Protection of data in transit over the Internet F. Data integrity protection across the Internet

I will use the same explanation given by someone else: 'E is the request of building the VPN not the achievement of the VPN.'

The security is not end to end. Eliminates A+B. E has different character than CDF but it is still achieved.

VPN is about encrypting data in transit. There is nothing about the identity autheication/

C,D,E,F were the first choices

My answer: C, D, E, F C. Data encryption across the Internet D. Protection of data in transit over the Internet E. Peer identity authentication between VPN gateway and customer gateway F. Data integrity protection across the Internet