AWS Certified Security – Specialty — Question 113

A company wants to encrypt the private network between its on-premises environment and AWS. The company also wants a consistent network experience for its employees.
What should the company do to meet these requirements?

Answer options

• A. Establish an AWS Direct Connect connection with AWS and set up a Direct Connect gateway. In the Direct Connect gateway configuration, enable IPsec and BGP, and then leverage native AWS network encryption between Availability Zones and Regions.
• B. Establish an AWS Direct Connect connection with AWS and set up a Direct Connect gateway. Using the Direct Connect gateway, create a private virtual interface and advertise the customer gateway private IP addresses. Create a VPN connection using the customer gateway and the virtual private gateway.
• C. Establish a VPN connection with the AWS virtual private cloud over the Internet.
• D. Establish an AWS Direct Connect connection with AWS and establish a public virtual interface. For prefixes that need to be advertised, enter the customer gateway public IP addresses. Create a VPN connection over Direct Connect using the customer gateway and the virtual private gateway.

Correct answer: D

Explanation

The correct answer is D because it involves establishing an AWS Direct Connect connection with a public virtual interface, allowing for a VPN connection that leverages Direct Connect for enhanced security and performance. Option A is incorrect as it suggests using IPsec and BGP, which is not applicable for a public virtual interface. Option B focuses on creating a private virtual interface, which does not align with the requirement for a public setup. Option C relies on the Internet for a VPN connection, which does not ensure a consistent network experience.