ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 86 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 86
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has deployed its AWS environment in a single AWS Region. The environment consists of a few hundred application VPCs, a shared services VPC, and a VPN connection to the company’s on-premises environment. A network engineer needs to implement a transit gateway with the following requirements:

• Application VPCs must be isolated from each other.
• Bidirectional communication must be allowed between the application VPCs and the on-premises network.
• Bidirectional communication must be allowed between the application VPCs and the shared services VPC.

The network engineer creates the transit gateway with options disabled for default route table association and default route table propagation. The network engineer also creates the VPN attachment for the on-premises network and creates the VPC attachments for the application VPCs and the shared services VPC.

The network engineer must meet all the requirements for the transit gateway by designing a solution that needs the least number of transit gateway route tables.

Which combination of actions should the network engineer perform to accomplish this goal? (Choose two.)

  • A. Configure a separate transit gateway route table for on premises. Associate the VPN attachment with this transit gateway route table. Propagate all application VPC attachments to this transit gateway route table.
  • B. Configure a separate transit gateway route table for each application VPC. Associate each application VPC attachment with its respective transit gateway route table. Propagate the shared services VPC attachment and the VPN attachment to this transit gateway route table.
  • C. Configure a separate transit gateway route table for all application VPCs. Associate all application VPCs with this transit gateway route table. Propagate the shared services VPC attachment and the VPN attachment to this transit gateway route table.
  • D. Configure a separate transit gateway route table for the shared services VPC. Associate the shared services VPC attachment with this transit gateway route table. Propagate all application VPC attachments to this transit gateway route table.
  • E. Configure a separate transit gateway route table for on premises and the shared services VPC. Associate the VPN attachment and the shared services VPC attachment with this transit gateway route table. Propagate all application VPC attachments to this transit gateway route table.
Show Suggested Answer Hide Answer
Suggested Answer: CE 🗳️
by Spike2020 at April 20, 2023, 8:17 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Kristin01
Highly Voted 1 year, 11 months ago
Selected Answer: CE
CE is correct
upvoted 12 times
...
netgeek1991
Highly Voted 1 year, 11 months ago
BE is correct. Option C is wrong because if we C. Configure a separate transit gateway route table for all application VPCs. Associate all application VPCs with this transit gateway route table. Then all the Application VPCs will be able to talk to each-other which breaks the requirement of isolating the communication between Application VPCs
upvoted 9 times
netgeek1991
1 year, 11 months ago
Its C and E.
upvoted 3 times
...
albertkr
1 year, 10 months ago
yeah, won't putting all application VPCs under the same routing table will enable the communication among the VPCs? I can't understand why people voted for B.
upvoted 2 times
cerifyme85
11 months, 2 weeks ago
It wont.. the question says "Least amount of TGW RT".. so all in the same RT. Connectivity only happens when the routes are propagated to each other. APP vpcs ==> Assocaited to one table App VPCs ==> Propagated to shared VPn + Shared VPCs ==> Associated to Their RTs VPN + Shared VPC ==> Propagated to only AP VPCs
upvoted 1 times
cerifyme85
11 months, 2 weeks ago
It wont.. the question says "Least amount of TGW RT".. so all in the same RT. Connectivity only happens when the routes are propagated to each other. APP vpcs ==> Assocaited to one table (1RT) App VPCs ==> Propagated to shared + VPN RT VPn + Shared VPCs ==> Associated to Their RT ( 1 RT) VPN + Shared VPC ==> Propagated to only APP VPCs
upvoted 1 times
...
...
...
...
dspd
Most Recent 1 month, 3 weeks ago
Selected Answer: CE
best possible but E is still not correct, because In E, we propagate all application VPC attachments. will it not allow app VPC communication internally ?
upvoted 1 times
...
woorkim
4 months, 3 weeks ago
C &E is correct!
upvoted 1 times
...
AlohaEva
7 months, 2 weeks ago
Options B and E are correct Based on information here: https://docs.aws.amazon.com/vpc/latest/tgw/how-transit-gateways-work.html Example: Isolated VPCs or Isolated VPCs with shared services "Attachments associated with one isolated router can route packets to each other, but cannot route packets to or receive packets from the attachments for another isolated router" - it means that one route table for all attachments will allow communication between each other (which violates requirements) (Option B) In order to provide isolated application VPCs with Transit Gateway (Option E) In order to provide bidirectional communication between on-premises and shared-services VPC and bidirectional communication between application VPCs and the shared services VPC, option E is correct
upvoted 2 times
...
Blitz1
9 months ago
Selected Answer: CE
CE. BE is an option but with too many routing tables. And it seems that not all the ppl understood attachment vs propagation. In a transit gateway route table the routes(actual field in aws console) are coming from the propagation and not from attachment. The simple fact that you create association in the routing table with a transit gateway attachment(vpc) doesn't mean that you have you have transitivity ( unless you add also the propagation)
upvoted 1 times
...
Raphaello
12 months ago
Selected Answer: CE
Think of it a 2 separate routing domains (VRF). Application VPCs routing table >> VPN & shared-services VPC routes VPN & Shared-services VPC routing table >> App VPCs routes C & E are the correct answers.
upvoted 1 times
...
JoellaLi
1 year ago
Selected Answer: BE
Each VPC has a route table, and the transit gateway has two route tables—one for the VPCs and one for the VPN connection and shared services VPC.
upvoted 1 times
JoellaLi
1 year ago
change to CE. If we configure a separate transit gateway route table for each application VPC and there are 3 application VPCs, then there will be 3 transit gateway route tables in total—one for each application VPC.
upvoted 1 times
...
...
mrt261
1 year, 1 month ago
Selected Answer: BE
Option B allows for isolating each application VPC by creating a separate transit gateway route table for each one. This ensures that communication between application VPCs is isolated. The shared services VPC attachment and the VPN attachment are propagated to each application VPC's transit gateway route table, allowing bidirectional communication with both. Option E creates a separate transit gateway route table for on-premises and the shared services VPC. This allows for efficient routing and isolation. All application VPC attachments are propagated to this transit gateway route table, ensuring bidirectional communication with both the on-premises network and the shared services VPC.
upvoted 3 times
...
vikasj1in
1 year, 1 month ago
Selected Answer: CE
C) - Create a transit gateway route table specifically for all the application VPCs. - Associate all the application VPC attachments with this transit gateway route table. - Propagate the shared services VPC attachment and the VPN attachment to this transit gateway route table. E) - Create another transit gateway route table for on-premises and the shared services VPC. - Associate the VPN attachment and the shared services VPC attachment with this transit gateway route table. - Propagate all application VPC attachments to this transit gateway route table. This way, you can achieve the required isolation between application VPCs, allow bidirectional communication between application VPCs and the on-premises network, and enable communication between application VPCs and the shared services VPC. Using two separate transit gateway route tables helps organize the routing requirements efficiently.
upvoted 2 times
mrt261
1 year, 1 month ago
With option C, all application VPCs would share the same transit gateway route table, which means they would not be isolated from each other. This violates the requirement that application VPCs must be isolated from each other. Therefore, option C is not suitable for meeting the specified requirements.
upvoted 2 times
...
...
Marfee400704
1 year, 1 month ago
I think that it's correct answer is AE according to SPOTO products.
upvoted 1 times
...
Arad
1 year, 5 months ago
Selected Answer: CE
CE is the right answer.
upvoted 2 times
...
az2022
1 year, 6 months ago
DE is correct
upvoted 1 times
...
Tofu13
1 year, 7 months ago
Selected Answer: CE
C: Allows traffic to flow from App VPCs to Shared-Service VPC and to on-premise. E: Allows traffic to flow from Shared-Service VPC and on-premise to App VPCs. https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-isolated-shared.html
upvoted 2 times
alejo232425
1 year, 5 months ago
the link shared says what someone said above: "The first entry is the default entry for local routing in the VPC" you dont want that. so if you include all all of them will be reachable.
upvoted 1 times
...
...
Certified101
1 year, 8 months ago
Selected Answer: CE
By implementing the steps in option C, you're providing the necessary isolation between the application VPCs while allowing for communication with the shared services VPC and the on-premises network. Option E then allows bidirectional communication between the on-premises network, the shared services VPC, and all application VPCs. This is achieved by creating a separate transit gateway route table for the shared services VPC and on-premises network, and propagating the routes of all application VPCs to this route table.
upvoted 2 times
...
Neo00
1 year, 8 months ago
B,E is correct. C will make all application VPCs talks each other
upvoted 3 times
Neo00
1 year, 8 months ago
I was wrong, should be CE.
upvoted 2 times
JoellaLi
1 year ago
Why change to CE?
upvoted 1 times
Spaurito
5 months ago
B is not defined in the requirements.
upvoted 1 times
...
...
...
...
[Removed]
1 year, 8 months ago
Selected Answer: BD
Consider this that the application VPCs must be isolated from each other...
upvoted 2 times
Spaurito
5 months ago
B does provided that option but not defined in the requirements.
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago