You are designing a connectivity solution between on-premises infrastructure and Amazon VPC Your server’s
on-premises will De communicating with your VPC instances You will De establishing IPSec tunnels over the
internet You will be using VPN gateways and terminating the IPsec tunnels on AWS-supported customer
gateways.
Which of the following objectives would you achieve by implementing an IPSec tunnel as outlined above?
(Choose 4 answers)
A.
End-to-end protection of data in transit
B.
End-to-end Identity authentication
C.
Data encryption across the Internet
D.
Protection of data in transit over the Internet
E.
Peer identity authentication between VPN gateway and customer gateway
F.
Data integrity protection across the Internet
ACDF
VPN using IPSEC tunnel is all about end-to-end data protection, encryption and integrity, and will not necessarily do authentication which should be handled by the application level (layer above data transmission)
A is incorrect, because the IPSEC tunnel as described is site to site, not server to server. That means traffic bound for data center gets decrypted at the customer gateway and traffic bound for the VPC is decrypted at the virtual gateway.
Yes, you’re right about IPsec. But, I think last answer should be E, not F.
There is no correlation between VPN and CloudFront.
CDEF — IPSec tunnels to do not provide anything End-to-End. (Service is only between Gateways)
CDEF
CDEF
http://www.firewall.cx/networking-topics/protocols/870-ipsec-modes.html
IPSec VPN tunnel mode.
CDEF
CDEF
C. Data encryption across the Internet
D. Protection of data in transit over the Internet
E. Peer identity authentication between VPN gateway and customer gateway
F. Data integrity protection across the Internet
ABCD