AWS Certified Advanced Networking - Specialty (#78)

A multinational organization has applications deployed in three different AWS regions. These applications must securely communicate with each other by VPN. According to the organization’s security team, the VPN must meet the following requirements:

AES 128-bit encryption

SHA-1 hashing

User access via SSL VPN

PFS using DH Group 2

Ability to maintain/rotate keys and passwords

Certificate-based authentication

Which solution should you recommend so that the organization meets the requirements?

AWS hardware VPN between the virtual private gateway and customer gateway
A third-party VPN solution deployed from AWS Marketplace
A private MPLS solution from an international carrier
AWS hardware VPN between the virtual private gateways in each region