A company uses AWS Site-to-Site VPN connections to encrypt traffic between the company's…

Question

A company uses AWS Site-to-Site VPN connections to encrypt traffic between the company's on-premises location and a single VPC. The Site-to-Site VPN connections use two 1 Gbps AWS Direct Connect connections with public VIFs. The company plans to add 15 additional VPCs in the same AWS Region. The company must maintain the same level of encryption that the Site-to-Site VPN connections currently provide for each connection between the on-premises location and the new VPCs. The new connections must not use public IP addresses. The bandwidth of the Site-to-Site VPN connections will remain less than the current provisioned speed. Which combination of steps will meet these requirements with LEAST operational overhead? (Choose three.)

Accepted Answer

Correct answer: A, C, E. A. Create a transit gateway and a Direct Connect gateway. Associate the transit gateway with the Direct Connect gateway. Attach all the new VPCs to the transit gateway. — C. Assign a private IP CIDR block to the transit gateway. — E. Create a transit VIF to the Direct Connect gateway. Create a Site-to-Site VPN private IP VPN connection. — The correct answer is A, C, E because creating a transit gateway and associating it with a Direct Connect gateway allows for efficient management and connection to multiple VPCs while maintaining encryption. Assigning a private IP CIDR block is necessary to ensure that the transit gateway does not utilize public IP addresses. Option B is incorrect as it would increase operational overhead by requiring separate Direct Connect private VIFs for each VPC. Options D and F are incorrect since they involve public IP addresses, which the requirements specifically state should not be used.

AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 241

Answer options

Correct answer: A, C, E

Explanation