AWS Certified Solutions Architect – Professional — Question 508

You are designing a connectivity solution between on-premises infrastructure and Amazon VPC. Your servers on-premises will be communicating with your VPC instances. You will be establishing IPSec tunnels over the Internet You will be using VPN gateways, and terminating the IPSec tunnels on AWS supported customer gateways.
Which of the following objectives would you achieve by implementing an IPSec tunnel as outlined above? (Choose four.)

Answer options

• A. End-to-end protection of data in transit
• B. End-to-end Identity authentication
• C. Data encryption across the Internet
• D. Protection of data in transit over the Internet
• E. Peer identity authentication between VPN gateway and customer gateway
• F. Data integrity protection across the Internet

Correct answer: C, D, E, F

Explanation

An IPSec VPN tunnel established between a customer gateway and an AWS VPN gateway secures the connection over the public Internet, providing data encryption, data integrity, and peer identity authentication between the gateways. However, it does not provide true "end-to-end" protection or identity authentication from the actual on-premises server to the VPC instance, as the encryption and authentication terminate at the gateway level rather than the individual hosts.