ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 377 discussion

Exam question from Amazon's ANS-C00
Question #: 377
Topic #: 1
[All ANS-C00 Questions]

A company has an AWS Direct Connect connection between its on-premises data center and Amazon VPC. An application running on an Amazon EC2 instance in the VPC needs to access confidential data stored in the on-premises data center with consistent performance. For compliance purposes, data encryption is required.
What should the network engineer do to meet these requirements?

  • A. Configure a public virtual interface on the Direct Connect connection. Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.
  • B. Configure a private virtual interface on the Direct Connect connection. Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.
  • C. Configure an internet gateway in the VPC. Set up a software VPN between the customer gateway and an EC2 instance in the VPC.
  • D. Configure an internet gateway in the VPC. Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by walkwolf3 at Sept. 5, 2021, 3:57 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Homosapien
Highly Voted 3 years, 9 months ago
Answer is A. Traffic is not encrypted on a DX connection. In order to use AWS VPN you must use a Public VIF.
upvoted 12 times
...
arhelp
Most Recent 1 year, 7 months ago
B is more plausible. A says configure a public VIF. This is only needed when trying to access AWS public services like S3. There is no reference for access to public services.
upvoted 1 times
...
NosFerazi
2 years, 7 months ago
Selected Answer: A
https://aws.amazon.com/premiumsupport/knowledge-center/create-vpn-direct-connect/
upvoted 1 times
...
Balki
2 years, 7 months ago
Selected Answer: A
If you need to use private VIF, you need "Direct Connect Customer Gateway". Question is a classical example of https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-vpn.html
upvoted 1 times
...
PacoDerek
3 years, 1 month ago
B. VPN needs a VGW, but public VIF dosen't https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-vpn.html
upvoted 1 times
...
walkwolf3
3 years, 10 months ago
Revisit the question, according to AWS official document, only public virtual interface is capable of setting up site-to-site VPN, so A is the answer from exam perspective. Technically speaking, you can set up VPN if IP is reachable, so why AWS can't set up VPN over private virtual interface and direct connect, it's a mystery.....
upvoted 2 times
Homosapien
3 years, 9 months ago
Private VIF connect to a VPC. A Virtual private gateway lives in the public space of AWS, in fact you can have a VGW with no VPC. This is called a floating VGW
upvoted 1 times
...
...
walkwolf3
3 years, 10 months ago
B EC2 is not public resource, so private virtual interface + S2S VPN.
upvoted 1 times
Jazz888
3 years, 6 months ago
B might be wrong - you can sort the reachability of EC2 with routing table of the subnet where the EC2 lives
upvoted 1 times
...
clooudy
3 years, 5 months ago
Answer is A, S2S VPN can't happen on Private VIF.. unless you deploy a 3rd party device
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel