Home › Forums › AWS › AWS Certified Security – Specialty › Review Mode Practice Test 1 – Q45
-
Review Mode Practice Test 1 – Q45
Carlo-TutorialsDojo updated 3 years, 3 months ago 2 Members · 4 Posts -
Hi there,
Direct Connect is not secure *by default* – it must be configured as such. The question (see attached) suggests so in its wording – “bypass the Internet for additional security”. I focused on the requirements of bypassing the Internet and continuous connectivity in choosing my answer here. Thoughts/clarifications?
Thanks,
Claire
-
Hello ClaireS,
Thanks for your question.
What do you mean by Direct Connect not being secure by default? Direct Connect is a service that lets you establish a dedicated private connection between your on-premises network and your VPC. That is to say that the router somewhere in your data center is physically connected to an AWS router. Hence bypassing the public internet. It also means that the communication is private by default.
Maybe there is something that I’m missing here. Perhaps, you could clarify your question?
Looking forward to your reply.
Regards,
Carlo @ Tutorials Dojo
-
Hi Carlo,
Sorry for delayed reply. A DX connection is not encrypted. To achieve encryption, need to implement a site to site VPN with IPSec tunnels over a public VIF. This would then make it secure. I think really it’s the use of the word “secure”. It’s a dedicated line and if that line was tapped all data would be plaintext. Hence, not secure.
Right?
Thanks,
Claire
-
Hello Claire,
DX is inherently secure in the sense that it does not traverse the public internet. It’s as though you’re connected to your local network. So it is private. You can achieve the same ‘private connection’ through a VPN. A VPN is usually used to secure connections over the internet. Depending on the security requirement, you can also use a VPN with DX to ‘enforce’ security. But it does not mean that DX is insecure.
Let me know if this helps.
Regards,
Carlo @ Tutorials Dojo
Log in to reply.