ANS-C01 Question #277: Real Exam Question with Answer & Explanation

Question

A company has a hybrid environment that connects an on-premises data center to the AWS Cloud. The hybrid environment uses a 10 Gbps AWS Direct Connect dedicated connection. The Direct Connect connection has multiple private VIFs that terminate in multiple VPCs. To comply with regulations, the company must encrypt all WAN traffic, regardless of the underlying transport. The company needs to implement an encryption solution that will not affect the company's bandwidth capacity. Which solution will meet these requirements?

Options

• ACreate a public VIF. Configure a new AWS Site-to-Site VPN connection to use the new public
• BConfigure MAC security (MACsec) support on the port of the existing Direct Connect connection.
• CConfigure a new Direct Connect connection that supports MAC security (MACSec) Associate the
• DCreate a public VIF. Configure a new private IP VPN that uses the Direct Connect connection.

Explanation

MACsec for Direct Connect: MACsec (Media Access Control Security) is an IEEE standard (802.1AE) for encrypting traffic at Layer 2. AWS Direct Connect supports MACsec on dedicated connections of 10 Gbps and 100 Gbps capacity. This ensures that all WAN traffic over the Direct Connect connection is encrypted, meeting regulatory requirements. Does Not Affect Bandwidth: MACsec operates at the physical layer (Layer 2), and its encryption overhead is negligible. This ensures that the company's bandwidth capacity is not affected. Existing Direct Connect Connection: Configuring MACsec on the port of the existing Direct Connect connection avoids the need to establish a new connection, reducing complexity and costs.

No community discussion yet for this question.