Free Amazon ANS-C01 Actual Exam Questions - Question 8 Discussion
Question No. 8
A network engineer is using AWS Direct Connect connections and MACsec to encrypt data from a
corporate data center to the Direct Connect location. The network engineer learns that the MACsec
secret key might have been compromised. The network engineer needs to update the connection
with an uncompromised secure key.
Which solution will meet this requirement?
corporate data center to the Direct Connect location. The network engineer learns that the MACsec
secret key might have been compromised. The network engineer needs to update the connection
with an uncompromised secure key.
Which solution will meet this requirement?
Select one option, then reveal solution.
US
UE
Usman E.
2026-02-17
This feels like it rules out C and D since modifying existing keys usually isn’t supported for security reasons, especially if the key is compromised. Between A and B, both suggest creating a new key but differ on AWS managed vs customer managed keys. Using AWS managed keys (A) typically means less hassle and automatic rotation, which seems better for quick key swaps after compromise. So I’d pick A here based on that.
0
MX
Michael X.
2026-02-15
Maybe A since AWS managed keys simplify rotation without extra customer management.
0
YO
Yasir O.
2026-01-15
Is there any AWS CLI or console step mentioned for updating the MACsec key?
0