AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 191

In your current role as the corporate network architect `" you have decided to replace your existing hardware firewall appliances with a pair of Juniper SRX-Series
Services Gateways. You have chosen these as AWS lists these as supportable devices for establishing IPsec connections. With this in mind, select the minimum set of options to ensure that you can establish IPsec connectivity between your on premise private corporate network and your AWS hosted VPC.
Select which option is NOT required.

Answer options

• A. Initiate network connections from somewhere within your corporate network, this is required to bring the tunnels UP
• B. Deploy a Customer Gateway within your corporate network
• C. Deploy a Customer Gateway within your VPC
• D. Deploy a Virtual Private Gateway within your VPC

Correct answer: B

Explanation

The correct answer is B because deploying a Customer Gateway within the corporate network is not necessary; the Customer Gateway is required at the VPC level. Options A, C, and D are essential for establishing the IPsec connectivity, as they facilitate the proper routing and connection between the networks.