A company is migrating its record-keeping application to the AWS Cloud, requiring all traffic between its on-premises data center and AWS to be encrypted at all times and across every transit device during the migration.

The application will span multiple Availability Zones within a single AWS Region and will utilize existing 10 Gbps AWS Direct Connect dedicated connections with a MACsec-capable port. A network engineer must ensure the Direct Connect connection is secured at every transit device.

The network engineer has created a Connection Key Name and Connectivity Association Key (CKN/CAK) pair for the MACsec secret key.

Which two additional steps should the network engineer take to meet the requirements?

Exam-Like

Configure the on-premises router with the MACsec secret key.

50.0%

Update the connection's MACsec encryption mode to must_encrypt. Then associate the CKN/CAK pair with the connection._

0.0%

Update the connection's MACsec encryption mode to should encrypt. Then associate the CKN/CAK pair with the connection.

0.0%

Associate the CKN/CAK pair with the connection. Then update the connection's MACsec encryption mode to must_encrypt._

50.0%

Associate the CKN/CAK pair with the connection. Then update the connection’s MACsec encryption mode to should_encrypt._

AWS Certified Advanced Networking - Specialty