AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 50

A multinational organization has applications deployed in three different AWS regions. These applications must securely communicate with each other by VPN.
According to the organization's security team, the VPN must meet the following requirements:
✑ AES 128-bit encryption
✑ SHA-1 hashing
✑ User access via SSL VPN
✑ PFS using DH Group 2
✑ Ability to maintain/rotate keys and passwords
✑ Certificate-based authentication
Which solution should you recommend so that the organization meets the requirements?

Answer options

• A. AWS hardware VPN between the virtual private gateway and customer gateway
• B. A third-party VPN solution deployed from AWS Marketplace
• C. A private MPLS solution from an international carrier
• D. AWS hardware VPN between the virtual private gateways in each region

Correct answer: B

Explanation

The correct option is B because a third-party VPN solution from AWS Marketplace can be specifically configured to meet all the security requirements outlined by the organization's security team. The other options, such as A and D, do not provide the flexibility needed for SSL VPN access or specific encryption and hashing protocols, while C involves a different technology altogether that does not align with AWS services.