Q93 — AWS ANS-C01 Ch.1
Question 93 of 100 | ← Chapter 1
A company is planning a migration of its critical workloads from an on-premises data center to Amazon EC2 instances. The plan includes a new 10 Gbps AWS Direct Connect dedicated connection from the on-premises data center to a VPC that is attached to a transit gateway. The migration Must occur over encrypted paths between the on-premises data center and the AWS Cloud. Which solution will meet these requirements while providing the HIGHEST throughput?
- A. Con¦gure a public VIF on the Direct Connect connection. Con¦gure an AWS Site-to-Site VPN connection to the transit gateway as a VPN Attachment.
- B. Con¦gure a transit VIF on the Direct Connect connection. Con¦gure an IPsec VPN connection to an EC2 instance that is running third-party VPN software.
- C. Con¦gure MACsec for the Direct Connect connection. Con¦gure a transit VIF to a Direct Connect gateway that is associated with the transit Gateway. ✓
- D. Con¦gure a public VIF on the Direct Connect connection. Con¦gure two AWS Site-to-Site VPN connections to the transit gateway. Enable Equal-cost multi-path (ECMP) routing.
Correct Answer: C. Con¦gure MACsec for the Direct Connect connection. Con¦gure a transit VIF to a Direct Connect gateway that is associated with the transit Gateway.
Explanation
MACsec是一种用于以太网链路的安全协议,可为直接连接提供加密,满足加密路径的要求。配置与中转网关相关联的直接连接网关的中转VIF能够实现高效的数据传输。A选项中,公共VIF和VPN连接的组合可能无法提供最高的吞吐量。B选项中,使用第三方VPN软件的EC2实例进行连接可能存在性能和兼容性问题。D选项中,公共VIF和两个VPN连接并启用ECMP路由,其效果不如C选项的配置直接和高效。因此,选项C是正确答案。 查看全部