ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 8 discussion

Exam question from Amazon's ANS-C00
Question #: 8
Topic #: 1
[All ANS-C00 Questions]

A multinational organization has applications deployed in three different AWS regions. These applications must securely communicate with each other by VPN.
According to the organization's security team, the VPN must meet the following requirements:
✑ AES 128-bit encryption
✑ SHA-1 hashing
✑ User access via SSL VPN
✑ PFS using DH Group 2
✑ Ability to maintain/rotate keys and passwords
✑ Certificate-based authentication
Which solution should you recommend so that the organization meets the requirements?

  • A. AWS hardware VPN between the virtual private gateway and customer gateway
  • B. A third-party VPN solution deployed from AWS Marketplace
  • C. A private MPLS solution from an international carrier
  • D. AWS hardware VPN between the virtual private gateways in each region
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Globetrotter at Nov. 4, 2019, 7:08 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
topcat
Highly Voted 3 years, 8 months ago
Correct Answer is B because AWS based Hardware VPN doesn't have the ability to change password/rotate keys and use certificate based auth. One can get these advance VPN features from third-party VPN software available in the AWS Marketplace and install that in a EC2 instance in all the regions
upvoted 22 times
...
PorkChop1999
Most Recent 1 year, 3 months ago
Selected Answer: B
Stick to B. Sims easier than any other option.
upvoted 1 times
...
PavanKushwah123
2 years, 6 months ago
Correct Answer D
upvoted 1 times
...
clooudy
3 years, 1 month ago
Selected Answer: B
Answer is B
upvoted 2 times
...
Scorpion2015
3 years, 2 months ago
B is correct : Incorrect options: AWS Site-to-Site VPN between the virtual private gateway and customer gateway - AWS Site-to-Site VPN does not support user access via SSL VPN. You need to use Client VPN to support user access via SSL. In addition, Site-to-Site VPN does not support rotating keys and passwords. AWS Site-to-Site VPN between the virtual private gateways in the two AWS Regions - A Site-to-Site VPN connection offers two VPN tunnels between a virtual private gateway or a transit gateway on the AWS side, and a customer gateway (which represents a VPN device) on the remote (on-premises) side. So this option is incorrect. AWS Client VPN between the virtual private gateways in the two AWS Regions - AWS Client VPN is a fully managed service that provides customers with the ability to securely access AWS and on-premises resources from any location using OpenVPN
upvoted 3 times
Scorpion2015
3 years, 2 months ago
https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/appendix-a-high-level-ha-architecture-for-software-vpn-instances.html
upvoted 1 times
...
...
AzureDP900
3 years, 5 months ago
B is right
upvoted 1 times
...
AlirezaNetWorld
3 years, 7 months ago
B is the right answer
upvoted 1 times
...
zenfox
3 years, 8 months ago
B is correct. There is no such of AWS HARDWARE VPN
upvoted 2 times
...
AshishBravo
3 years, 8 months ago
B, A third-party VPN solution deployed from AWS Marketplace. The requirement of the Security Team can be only fulfilled by ThirdParty VPN Solution.
upvoted 2 times
...
ChauPhan
3 years, 8 months ago
B. A third-party VPN solution deployed from AWS Marketplace
upvoted 2 times
...
Huntkey
3 years, 8 months ago
You also can't connect VGW with another VGW. You have to have something else in another region anyway.
upvoted 3 times
...
sensor
3 years, 8 months ago
Only IPSec VPN is possible via hardware vnp, non-IPSec via third party VPN so B.
upvoted 2 times
...
BillyC
3 years, 8 months ago
Yes B its Correct!
upvoted 4 times
...
Globetrotter
3 years, 9 months ago
I hope B will be the aswer - any suggestion
upvoted 4 times
ohcan
3 years, 9 months ago
do you think hardware VPN from AWS doesn't support any of the required features? I have doubts about user VPN SSL.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel