ANS-C01 · Question #273
ANS-C01 Question #273: Real Exam Question with Answer & Explanation
Sign in or unlock ANS-C01 to reveal the answer and full explanation for question #273. The question stem and answer options stay visible for context.
Question
A company is planning to use an AWS Transit Gateway hub and spoke architecture to migrate to AWS. The current on-premises multi-protocol label switching (MPLS) network has strict controls that enforce network segmentation by using MPLS VPNs. The company has provisioned two 10 Gbps AWS Direct Connect connections to provide resilient, high-speed, low-latency connectivity to AWS. A security engineer needs to apply the concept of network segmentation to the AWS environment to ensure that virtual routing and forwarding (VRF) is logically separated for each of the company's software development environments. The number of MPLS VPNs will increase in the future. On-premises MPLS VPNs will have overlapping address space. The company's AWS network design must support overlapping address space for the VPNs. Which solution will meet these requirements with the LEAST operational overhead?
Options
- ADeploy a software-defined WAN (SD-WAN) head-end virtual appliance and an SD-WAN
- BConfigure IPsec VPNs on the company edge routers for each MPLS VPN for each of the
- CCreate a transit VPC that terminates at the AWS Site-to-Site VRF-aware IPsec VPN. Configure
- DConfigure a Transit Gateway Connect attachment for each MPLS VPN between the company's
Unlock ANS-C01 to see the answer
You've previewed enough free ANS-C01 questions. Unlock ANS-C01 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.