Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

$2 OFF in ALL Azure Practice Exams & NEW AZ-500 Microsoft Azure Security Engineer Associate Practice Exams at $10.99!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Advanced Networking – Specialty AWS site-to-site VPN doesn't support transitive networking

Tagged: , ,

  • AWS site-to-site VPN doesn't support transitive networking

     Carlo-TutorialsDojo updated 3 years, 4 months ago 2 Members · 3 Posts
    AWS Certified Advanced Networking – Specialty

  • tim-armstrong

    Member
    December 19, 2020 at 11:25 am

    Hi.

    For the flowing question from practice exam, I did not think that the correct answer provided would allow for transitive communication between the VPCs, which appears to be a requirement from the question, “These applications must be able to connect to the on-premises data center as well to each other.” What am I missing or failing to interpret correctly? How does an AWS Site-To-Site VPN meet the transitive VPC requirements of the question? What does the complete solution look like?

    EXAM QUESTION: A company has hundreds of applications deployed in three different Amazon VPCs. These applications must be able to connect to the on-premises data center as well to each other. The connection must have an AES256 encryption and be authenticated with SHA1 or SHA2 hashing functions. It should also use Diffie-Hellman (DH) groups for key exchange to support Perfect Forward Secrecy (PFS). The solution should automatically rotate the certificate for the AWS-side of the tunnel endpoint using a service-linked role.

    What are the steps required in order to properly set up this network architecture?

    <b style=”font-family: inherit; font-size: inherit;”>CORRECT ANSWER: Set up an AWS VPN connection.

  • tim-armstrong

    Member
    December 20, 2020 at 1:19 am

    I think i understand now, but want to confirm. The solution would be a complete full mesh AWS site-to-site VPN, where each VPC would have connectivity to each other VPC and the on-prem data center. That would meet the requirements of the question, meeting the VPN options requirements and allowing the applications to connect to each other and the on-prem data center. Let me know if i am now on the right track.

    • Carlo-TutorialsDojo

      Member
      December 21, 2020 at 3:03 pm

      Hello tim,

      Thank you for your insights.

      Not necessarily a mesh. Although that is the old of doing it, you can instead use the AWS Transit Gateway to interconnect VPCs and on-premises network in a central hub. This is much simpler than setting up many complex peering networks.

      Let me know if you need more clarifications.

      Regards,

      Carlo @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now