Answer-first summary for fast verification
Answer: Deploy a new pair of 10 GB Direct Connect connections with MACsec. Configure MACsec on the edge routers. Reroute traffic to the new Direct Connect connections. Decommission the original Direct Connect connections
To meet the company's requirements with the least operational overhead, the network engineer should choose option C. This option involves deploying a new pair of 10 GB Direct Connect connections with MACsec, which provides encryption at the data link layer, ensuring that traffic between AWS and the edge routers in the colocation is encrypted. Configuring MACsec on the edge routers and rerouting traffic to the new Direct Connect connections allows the company to maintain its current bandwidth without the need for additional VPN connections or public VIFs. Decommissioning the original Direct Connect connections after the new ones are operational ensures a smooth transition with minimal operational overhead. This approach directly addresses the requirement for encryption without introducing unnecessary complexity or additional components that could increase operational overhead.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A software company provides a SaaS accounting application hosted in AWS, requiring connectivity to its on-premises network. The company uses two redundant 10 Gbps AWS Direct Connect connections to handle increasing application demand. While encryption is already in place between the on-premises network and the colocation, the company needs to encrypt traffic between AWS and the colocation's edge routers within a few months without reducing current bandwidth. What solution should a network engineer implement to meet these requirements with minimal operational overhead?
A
Deploy a new public VIF with encryption on the existing Direct Connect connections. Reroute traffic through the new public VIF.
B
Create a virtual private gateway Deploy new AWS Site-to-Site VPN connections from on premises to the virtual private gateway Reroute traffic from the Direct Connect private VIF to the new VPNs.
C
Deploy a new pair of 10 GB Direct Connect connections with MACsec. Configure MACsec on the edge routers. Reroute traffic to the new Direct Connect connections. Decommission the original Direct Connect connections
D
Deploy a new pair of 10 GB Direct Connect connections with MACsec. Deploy a new public VIF on the new Direct Connect connections. Deploy two AWS Site-to-Site VPN connections on top of the new public VIF. Reroute traffic from the existing private VIF to the new Site-to-Site connections. Decommission the original Direct Connect connections.
No comments yet.