ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 1.1: Network ConnectivityNetworkingDirect ConnectSecurity

AWS SAP-C02 · Question 02 · Domain 1.1: Network Connectivity

A company is migrating its hybrid network to AWS. They have two 10 Gbps AWS Direct Connect connections in a Link Aggregation Group (LAG). They need to ensure that traffic between their on-premises data center and their Amazon VPCs is encrypted in transit. The solution must support at least 5 Gbps of encrypted throughput. Which combination of steps should the Solutions Architect take? (Select TWO)

Answer options:

A.

Configure MACsec on the Direct Connect connections.

B.

Deploy AWS Site-to-Site VPN over the Direct Connect connections.

C.

Use AWS Direct Connect dedicated connections.

D.

Use AWS Direct Connect hosted connections.

E.

Deploy a third-party VPN appliance on an EC2 instance.

F.

Enable AWS Shield Advanced on the Direct Connect connection.

How to approach this question

Determine the encryption method that supports high throughput over Direct Connect.

Full Answer

MACsec (IEEE 802.1AE) provides Layer 2 encryption at line rate for Direct Connect. It requires dedicated connections.

Common mistakes

Choosing IPsec VPN, forgetting the 1.25 Gbps per tunnel limit.
01All questions03

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 7

75 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A global enterprise is designing a multi-region network architecture connecting 50 AWS accounts a...HardQ03An enterprise has 100 AWS accounts in AWS Organizations. The security team mandates that all Amaz...MediumQ04A financial company requires that all EBS volumes, S3 buckets, and RDS databases be encrypted usi...EasyQ05An enterprise is designing a disaster recovery strategy for a critical application running on Ama...HardQ06A company is setting up a multi-account AWS environment using AWS Control Tower. They need to ens...Medium
View all 75 questions →