An organization's Security team has a requirement that all data leaving its on-premises data center be encrypted at the network layer and use dedicated connectivity. There is also a requirement to centrally log all traffic flow in Amazon VPC environments. An AWS Direct Connect connection has been ordered to build out this design.
What steps should be taken to ensure that connectivity to AWS meets these security requirements? (Choose two.)

A. Provision a public virtual interface on AWS Direct Connect and set up a VPN to each VPC.

B. Provision a private virtual interface for each VPC connection.

C. Enable VPC Flow Logs for each VPC.

D. Use AWS KMS to encrypt traffic between on-premises and AWS.

E. Provision a VPN connection to each VPC over the internet.






 

Suggested Answer: BE

Community Answer: AC

Reference:
https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdf


This question is in ANS-C00 AWS Certified Advanced Networking – Specialty Exam
For getting AWS Certified Advanced Networking – Specialty Certificate

Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.