You are designing a connectivity solution between on-premises infrastructure and Amazon VPC Your server’s on-premises will De communicating with your VPC instances You will De establishing IPSec tunnels over the internet You will be using VPN gateways and terminating the IPsec tunnels on AWS-supported customer gateways Which of the following objectives would you achieve by implementing an IPSec tunnel as outlined above? (Choose four.)
A. End-to-end protection of data in transit
B. End-to-end Identity authentication
C. Data encryption across the Internet
D. Protection of data in transit over the Internet
E. Peer identity authentication between VPN gateway and customer gateway
F. Data integrity protection across the Internet
Explanation:
For A, End to end protection means the secure tunnel has to be established between your EC2 instance and the on-perm machine. By establishing a VPN tunnel between VPC and your on-perm gateway does not achieve that, the traffic before entering and after exiting the VPN tunnel will not be encrypted.
For B, Same as A
For C, As explained in A, this is what you can achieve by established a VPN tunnel between the two gateway. (encryption only happen between the two VPN end point which protect the data when it travels on the internet)
For D, same as C
For E, When establishing the VPN tunnel, the two gateway will authenticate each other prior to form the VPN tunnel.
For F, same as C
A&B are wrong because of end to end protection.