Q24 — AWS ANS-C01 Ch.1
Question 24 of 100 | ← Chapter 1
A software company offers a software-as-a-service (SaaS) accounting application that is hosted in the AWS Cloud The application requires Connectivity to the company's on-premises network. The company has two redundant 10 GB AWS Direct Connect connections between AWS and Its on-premises network to accommodate the growing demand for the application. The company already has encryption between its on-premises network and the colocation. The company needs to encrypt tra¨c between AWS And the edge routers in the colocation within the next few months. The company must maintain its current bandwidth. What should a network engineer do to meet these requirements with the LEAST operational overhead?
- A. Deploy a new public VIF with encryption on the existing Direct Connect connections. Reroute tra¨c through the new public VIF.
- B. Create a virtual private gateway Deploy new AWS Site-to-Site VPN connections from on premises to the virtual private gateway Reroute Tra¨c from the Direct Connect private VIF to the new VPNs.
- C. Deploy a new pair of 10 GB Direct Connect connections with MACsec. Con¦gure MACsec on the edge routers. Reroute tra¨c to the new Direct Connect connections. Decommission the original Direct Connect connections ✓
- D. Deploy a new pair of 10 GB Direct Connect connections with MACsec. Deploy a new public VIF on the new Direct Connect connections. Deploy two AWS Site-to-Site VPN connections on top of the new public VIF. Reroute tra¨c from the existing private VIF to the new Site-to-Site Connections. Decommission the original Direct Connect connections.
Correct Answer: C. Deploy a new pair of 10 GB Direct Connect connections with MACsec. Con¦gure MACsec on the edge routers. Reroute tra¨c to the new Direct Connect connections. Decommission the original Direct Connect connections
Explanation
答案C是较为合适的选择。公司已有冗余的10GBAWSDirectConnect连接,部署新的带有MACsec的10GBDirectConnect连接,并在边缘路由器上配置MACsec能满足加密需求,同时重新路由流量到新连接并停用原连接,可在维持当前带宽的基础上以较小的操作开销实现目标。A选项可能会增加配置复杂性,B选项的VPN连接可能会影响性能,D选项的操作较为复杂且可能带来更多开销。因此,C选项是最佳答案。 查看全部