AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 51

A company has 225 mobile and desktop devices and 300 partner VPNs that need access to an AWS VPC. VPN users should not be able to reach one another.
Which approach will meet the technical and security requirements while minimizing costs?

Answer options

• A. Use the AWS IPsec VPN for the mobile, desktop, and partner VPN connections. Use network access control lists (Network ACLs) and security groups to maintain routing separation.
• B. Use the AWS IPsec VPN for the partner VPN connections. Use an Amazon EC2 instance VPN for the mobile and desktop devices. Use Network ACLs and security groups to maintain routing separation.
• C. Create an AWS Direct Connect connection between on-premises and AWS Use a public virtual interface to connect to the AWS IPsec VPN for the mobile, desktop, and partner VPN connections.
• D. Use an Amazon EC2 instance VPN for the desktop, mobile, and partner VPN connections. Use features of the VPN instance to limit routing and connectivity.

Correct answer: D

Explanation

The correct answer is D because using an Amazon EC2 instance VPN allows for more granular control over routing and connectivity, ensuring that users cannot reach each other. Options A and B do not provide the same level of isolation for users, while option C involves additional complexity and cost with AWS Direct Connect, which is unnecessary for this scenario.