AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 234

A company has a hybrid environment that connects an on-premises data center to the AWS Cloud. The hybrid environment uses a 10 Gbps AWS Direct Connect dedicated connection. The Direct Connect connection has multiple private VIFs that terminate in multiple VPCs.

To comply with regulations, the company must encrypt all WAN traffic, regardless of the underlying transport. The company needs to implement an encryption solution that will not affect the company's bandwidth capacity.

Which solution will meet these requirements?

Answer options

• A. Create a public VIF. Configure a new AWS Site-to-Site VPN connection to use the new public VIF.
• B. Configure MAC security (MACsec) support on the port of the existing Direct Connect connection. Change the encryption mode to must_encrypt.
• C. Configure a new Direct Connect connection that supports MAC security (MACSec) Associate the existing VIFs to the new Direct Connect connection.
• D. Create a public VIF. Configure a new private IP VPN that uses the Direct Connect connection.

Correct answer: C

Explanation

The correct answer is C because establishing a new Direct Connect connection with MACSec allows for encryption without affecting bandwidth capacity. Option A does not provide the required encryption for WAN traffic, and option B does not address the need for a new connection. Option D also fails to meet the encryption requirements while utilizing a public VIF.