Examice

Exam ANS-C01 All QuestionsBrowse all questions from this exam

Question 196

A company has an application that runs on premises. The application needs to communicate with an application that runs in a VPC on AWS. The communication between the applications must be encrypted and must use private IP addresses. The communication cannot travel across the public internet.

The company has established a 1 Gbps AWS Direct Connect connection between the on-premises location and AWS.

Which solution will meet the connectivity requirements with the LEAST operational overhead?

Configure a private VIF on the Direct Connect connection. Associate the private VIF with the VPC's virtual private gateway. Set up an AWS Site-to-Site VPN private IP VPN connection to the virtual private gateway.

Create a transit gateway. Configure a transit VIF on the Direct Connect connection. Associate the transit VIF with a Direct Connect gateway. Associate the Direct Connect gateway with a new transit gateway. Set up an AWS Site-to-Site VPN private IP VPN connection to the transit gateway.

Configure a public VIF on the Direct Connect connection. Associate the public VIF with a Direct Connect gateway. Associate the Direct Connect gateway with a new transit gateway. Set up an AWS Site-to-Site VPN private IP VPN connection to the transit gateway.

Create a transit gateway. Configure a transit VIF on the Direct Connect connection. Associate the transit VIF with a Direct Connect gateway. Associate the Direct Connect gateway with a new transit gateway. Set up a third-party firewall in a new VPC that is attached to the transit gateway. Set up a VPN connection to the third-party firewall.

Correct Answer: A

To meet the connectivity requirements of encrypting communication and using private IP addresses without traversing the public internet, configuring a private virtual interface (VIF) on the Direct Connect connection and associating it with the VPC's virtual private gateway is appropriate. By setting up an AWS Site-to-Site VPN private IP VPN connection to the virtual private gateway, the solution ensures encryption and uses private IP addresses directly over the private connection. This approach avoids unnecessary complexity and additional components like a transit gateway, thus minimizing operational overhead.

Discussion

strike3testOption: B

Private VIFs are used to establish private connectivity between your on-premises network and your VPCs in AWS without traversing the public internet. They are typically used for scenarios where you need dedicated, private communication between your on-premises infrastructure and your AWS resources. However, to establish a Site-to-Site VPN connection, you need to configure a virtual private gateway (VGW) in your VPC. The VGW acts as the VPN endpoint in the AWS cloud. Site-to-Site VPN connections are established between the VGW and your on-premises VPN device or network. Option B is correct

AXH

Agree, A is least overhead to implement.

vic614Option: A

Least operational overhead. No need for a transit gateway since just 1 vpc. Use Site-to-site to make sure encryption. No public VIF.

veyisceylan

To build Site-to-Site VPN over Direct Connect to Amazon VPC, use a public virtual interface. To build Site-to-Site VPN between on-premises equipment and AWS Transit Gateway, choose a public or a transit virtual interface. It should be B with Transit Gateway and Private IP VPN

Blitz1Option: B

A - you cannot have s2s vpn with private vif. You need public -> A fail C - can you can have 2s2 vpn with public vif but you cannot have in the same time trasit vif(because is mentioning transit gateway) and public vif associated with direct connect gateway -> C fail D - third party vpn -> not LEAST operational overhead -> D fail

tsangcklOption: C

Site-to-site VPN have to be created over public VIF

kajiyatta

The communication between the applications must be encrypted and must use private IP addresses.So,public vif can not used.