AWS Certified Advanced Networking - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Configure the Site-to-Site VPN tunnel options to use Internet Key Exchange version 2 (IKEv2)., Create a customer gateway. Specify the current dynamic IP address of the customer gateway device’s external interface.

To establish VPN connectivity between the transit gateway and the on-premises network without a static public IP address on the on-premises side, the network engineer should take the following steps: First, configure the Site-to-Site VPN tunnel options to use Internet Key Exchange version 2 (IKEv2) for enhanced security and performance (Option B). Second, create a customer gateway and specify the current dynamic IP address of the customer gateway device’s external interface to allow AWS to initiate the VPN connection (Option E). Third, since the on-premises network does not have a static public IP address, it's not necessary to use a certificate from a public or private CA for the VPN connection, making Options C and D irrelevant. Option A is not recommended because IKEv1 is less secure and efficient compared to IKEv2. Option F is incorrect because specifying the IP address of the customer gateway device is necessary for AWS to initiate the VPN connection.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company operates an AWS environment with multiple VPCs interconnected via a transit gateway. They plan to use AWS Site-to-Site VPN to connect their on-premises network to the AWS environment. However, the on-premises network lacks a static public IP address. A network engineer needs to configure the VPN connection to be initiated from the AWS side to enable traffic from the AWS environment to the on-premises network.

Which three steps should the network engineer perform to establish VPN connectivity between the transit gateway and the on-premises network?

Exam-Like

Configure the Site-to-Site VPN tunnel options to use Internet Key Exchange version 1 (IKEv1).

Configure the Site-to-Site VPN tunnel options to use Internet Key Exchange version 2 (IKEv2).

Use a private certificate authority (CA) from AWS Private Certificate Authority to create a certificate.

Use a public certificate authority (CA) from AWS Private Certificate Authority to create a certificate.

Create a customer gateway. Specify the current dynamic IP address of the customer gateway device’s external interface.