Managed VPN: An IPsec VPN connection between a CGW in a physical datacenter and an AWS-managed virtual private gateway.
Software site-to-site VPN: An IPsec VPN connection between a CGW in a physical datacenter and a customer-managed EC2 instance.
You can configure multiple managed site-to-site VPN connections, but the maximum aggregate bandwidth of the virtual private gateway is 1.25 Gbps. To provide higher bandwidth over VPN, the transit gateway supports ECMP over multiple VPN connections.
Answer these questions. The answers follow the last question. If you cannot answer these questions correctly, consider reading this section again until you can.
1. An organization has configured a VPC with an Internet gateway and redundant private and public subnets in different AZs. A virtual private gateway has been deployed in the VPC, and a dual-tunnel VPN connection has been established to a router in the datacenter. NAT gateways have been created in both AZs. Identify each single point of failure in this design. (Choose all that apply.)
A. Virtual private gateway
B. Physical router
C. IGW
D. NAT gateway
2. Your VPC is connected to an on-premises datacenter using a managed site-to-site VPN. Application servers that run as VMs in the datacenter must be accessed by EC2 instances using their domain names. How can you accomplish this?
A. Create a Route 53 hosted zone for the on-premises domain name.
B. Create a Route 53 hosted zone for the VPC domain name.
C. Configure a DHCP option set in the VPC for the on-premises domain.
D. Configure a DHCP option set in the on-premises domain for the VPC.
1. Answer: B is correct. The virtual private gateway and IGW are automatically redundant across AZs. NAT gateways are redundant within an AZ and have been created in both AZs. The only single point of failure is the router in the datacenter.
2. Answer: C is correct. DHCP option sets in the VPC can be used to forward certain DNS requests to an on-premises DNS instance. Configure the domain name that exists on-premises, along with the addresses of the DNS servers that the requests should be forwarded to.
This section covers the following objective of Domain 5 (Networking and Content Delivery) from the official AWS Certified SysOps Administrator – Associate (SOA-C02) exam guide:
5.1 Implement networking features and connectivity
If you can correctly answer these questions before going through this section, save time by skimming the Exam Alerts in this section and then completing the Cram Quiz at the end of the section.
1. What speeds are available with a dedicated Direct Connect circuit?
2. What are the key differences between a dedicated versus hosted Direct Connect circuit?
1. Answer: 1 Gbps, 10 Gbps, 100 Gbps
2. Answer: A dedicated connection is a 1, 10, or 100 Gbps connection dedicated to a single customer. Hosted connections are sourced from an AWS Direct Connect Partner and can support lower bandwidth options for cost savings.
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
