Answer-first summary for fast verification
Answer: Configure MAC security (MACsec) support on the port of the existing Direct Connect connection. Change the encryption mode to must_encrypt.
To meet the requirements of encrypting all WAN traffic without affecting the company's bandwidth capacity, the best solution is to configure MAC security (MACsec) support on the port of the existing Direct Connect connection and change the encryption mode to must_encrypt. MACsec provides encryption at the data link layer, which means it can encrypt all traffic passing through the Direct Connect connection without the need for additional bandwidth or the complexity of managing VPN connections. This solution leverages the existing infrastructure and ensures that all traffic is encrypted in compliance with regulations. Option A and D involve creating a public VIF and using VPN connections, which could introduce additional complexity and potentially affect bandwidth. Option C suggests creating a new Direct Connect connection, which is unnecessary since MACsec can be configured on the existing connection.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company operates a hybrid environment linking an on-premises data center to the AWS Cloud via a 10 Gbps AWS Direct Connect dedicated connection with multiple private VIFs terminating in various VPCs. To meet regulatory requirements, all WAN traffic must be encrypted without impacting the available bandwidth capacity. Which solution fulfills these requirements?
A
Create a public VIF. Configure a new AWS Site-to-Site VPN connection to use the new public VIF.
B
Configure MAC security (MACsec) support on the port of the existing Direct Connect connection. Change the encryption mode to must_encrypt.
C
Configure a new Direct Connect connection that supports MAC security (MACSec) Associate the existing VIFs to the new Direct Connect connection.
D
Create a public VIF. Configure a new private IP VPN that uses the Direct Connect connection.
No comments yet.