An organization's Security team has a requirement that all data leaving its on-premises data center be encrypted at the network layer and use dedicated connectivity. There is also a requirement to centrally log all traffic flow in Amazon VPC environments. An AWS Direct Connect connection has been ordered to build out this design. What steps should be taken to ensure that connectivity to AWS meets these security requirements? (Choose two.)
A) Provision a public virtual interface on AWS Direct Connect and set up a VPN to each VPC.
B) Provision a private virtual interface for each VPC connection.
C) Enable VPC Flow Logs for each VPC.
D) Use AWS KMS to encrypt traffic between on-premises and AWS.
E) Provision a VPN connection to each VPC over the internet.

Question

Quizplus · Accepted Answer

The Answer of An organization's Security team has a requirement that all data leaving its on-premises data center be encrypted at the network layer and use dedicated connectivity. There is also a requirement to centrally log all traffic flow in Amazon VPC environments. An AWS Direct Connect connection has been ordered to build out this design. What steps should be taken to ensure that connectivity to AWS meets these security requirements? (Choose two.)
A) Provision a public virtual interface on AWS Direct Connect and set up a VPN to each VPC.
B) Provision a private virtual interface for each VPC connection.
C) Enable VPC Flow Logs for each VPC.
D) Use AWS KMS to encrypt traffic between on-premises and AWS.
E) Provision a VPN connection to each VPC over the internet.

An Organization's Security Team Has a Requirement That All Data