Answer-first summary for fast verification
Answer: Create a new Direct Connect LAG with new circuits and ports that support MACsec., Associate the MACsec Connectivity Association Key (CAK) and the Connection Key Name (CKN) with the new LAG., Configure the MACsec encryption mode on the new LAG.
To implement MACsec support for Direct Connect to meet the new layer 2 encryption requirement, the network team needs to follow these steps: First, they need to create a new Direct Connect LAG with new circuits and ports that support MACsec, as existing LAGs and connections cannot be modified to support MACsec. This is covered by option A. Next, they must associate the MACsec Connectivity Association Key (CAK) and the Connection Key Name (CKN) with the new LAG to enable MACsec encryption, which is covered by option B. Finally, they need to configure the MACsec encryption mode on the new LAG to activate the encryption, as described in option E. Options C, D, and F are incorrect because MACsec cannot be configured on the existing LAG or its connections, and IKE is not used for MACsec encryption.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company utilizes an AWS Direct Connect private VIF with a link aggregation group (LAG) comprising two 10 Gbps connections. The security team has introduced a new mandate requiring layer 2 encryption for external network connections. To comply with this requirement, the network team intends to leverage MACsec support for Direct Connect.
Which three steps should the network team follow to enable this functionality? (Choose three.)
A
Create a new Direct Connect LAG with new circuits and ports that support MACsec.
B
Associate the MACsec Connectivity Association Key (CAK) and the Connection Key Name (CKN) with the new LAG.
C
Associate the Internet Key Exchange (IKE) with the existing LAG.
D
Configure the MACsec encryption mode on the existing LAG.
E
Configure the MACsec encryption mode on the new LAG.