Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 86 discussion

A company has deployed its AWS environment in a single AWS Region. The environment consists of a few hundred application VPCs, a shared services VPC, and a VPN connection to the company’s on-premises environment. A network engineer needs to implement a transit gateway with the following requirements:

• Application VPCs must be isolated from each other.
• Bidirectional communication must be allowed between the application VPCs and the on-premises network.
• Bidirectional communication must be allowed between the application VPCs and the shared services VPC.

The network engineer creates the transit gateway with options disabled for default route table association and default route table propagation. The network engineer also creates the VPN attachment for the on-premises network and creates the VPC attachments for the application VPCs and the shared services VPC.

The network engineer must meet all the requirements for the transit gateway by designing a solution that needs the least number of transit gateway route tables.

Which combination of actions should the network engineer perform to accomplish this goal? (Choose two.)

  • A. Configure a separate transit gateway route table for on premises. Associate the VPN attachment with this transit gateway route table. Propagate all application VPC attachments to this transit gateway route table.
  • B. Configure a separate transit gateway route table for each application VPC. Associate each application VPC attachment with its respective transit gateway route table. Propagate the shared services VPC attachment and the VPN attachment to this transit gateway route table.
  • C. Configure a separate transit gateway route table for all application VPCs. Associate all application VPCs with this transit gateway route table. Propagate the shared services VPC attachment and the VPN attachment to this transit gateway route table.
  • D. Configure a separate transit gateway route table for the shared services VPC. Associate the shared services VPC attachment with this transit gateway route table. Propagate all application VPC attachments to this transit gateway route table.
  • E. Configure a separate transit gateway route table for on premises and the shared services VPC. Associate the VPN attachment and the shared services VPC attachment with this transit gateway route table. Propagate all application VPC attachments to this transit gateway route table.
Show Suggested Answer Hide Answer
Suggested Answer: CE 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Kristin01
Highly Voted 1 year, 7 months ago
Selected Answer: CE
CE is correct
upvoted 12 times
...
netgeek1991
Highly Voted 1 year, 6 months ago
BE is correct. Option C is wrong because if we C. Configure a separate transit gateway route table for all application VPCs. Associate all application VPCs with this transit gateway route table. Then all the Application VPCs will be able to talk to each-other which breaks the requirement of isolating the communication between Application VPCs
upvoted 8 times
netgeek1991
1 year, 6 months ago
Its C and E.
upvoted 3 times
...
albertkr
1 year, 5 months ago
yeah, won't putting all application VPCs under the same routing table will enable the communication among the VPCs? I can't understand why people voted for B.
upvoted 2 times
cerifyme85
7 months ago
It wont.. the question says "Least amount of TGW RT".. so all in the same RT. Connectivity only happens when the routes are propagated to each other. APP vpcs ==> Assocaited to one table App VPCs ==> Propagated to shared VPn + Shared VPCs ==> Associated to Their RTs VPN + Shared VPC ==> Propagated to only AP VPCs
upvoted 1 times
cerifyme85
7 months ago
It wont.. the question says "Least amount of TGW RT".. so all in the same RT. Connectivity only happens when the routes are propagated to each other. APP vpcs ==> Assocaited to one table (1RT) App VPCs ==> Propagated to shared + VPN RT VPn + Shared VPCs ==> Associated to Their RT ( 1 RT) VPN + Shared VPC ==> Propagated to only APP VPCs
upvoted 1 times
...
...
...
...
woorkim
Most Recent 1 week ago
C &E is correct!
upvoted 1 times
...
AlohaEva
3 months ago
Options B and E are correct Based on information here: https://docs.aws.amazon.com/vpc/latest/tgw/how-transit-gateways-work.html Example: Isolated VPCs or Isolated VPCs with shared services "Attachments associated with one isolated router can route packets to each other, but cannot route packets to or receive packets from the attachments for another isolated router" - it means that one route table for all attachments will allow communication between each other (which violates requirements) (Option B) In order to provide isolated application VPCs with Transit Gateway (Option E) In order to provide bidirectional communication between on-premises and shared-services VPC and bidirectional communication between application VPCs and the shared services VPC, option E is correct
upvoted 2 times
...
Blitz1
4 months, 1 week ago
Selected Answer: CE
CE. BE is an option but with too many routing tables. And it seems that not all the ppl understood attachment vs propagation. In a transit gateway route table the routes(actual field in aws console) are coming from the propagation and not from attachment. The simple fact that you create association in the routing table with a transit gateway attachment(vpc) doesn't mean that you have you have transitivity ( unless you add also the propagation)
upvoted 1 times
...
Raphaello
7 months, 2 weeks ago
Selected Answer: CE
Think of it a 2 separate routing domains (VRF). Application VPCs routing table >> VPN & shared-services VPC routes VPN & Shared-services VPC routing table >> App VPCs routes C & E are the correct answers.
upvoted 1 times
...
JoellaLi
7 months, 3 weeks ago
Selected Answer: BE
Each VPC has a route table, and the transit gateway has two route tables—one for the VPCs and one for the VPN connection and shared services VPC.
upvoted 1 times
JoellaLi
7 months, 3 weeks ago
change to CE. If we configure a separate transit gateway route table for each application VPC and there are 3 application VPCs, then there will be 3 transit gateway route tables in total—one for each application VPC.
upvoted 1 times
...
...
mrt261
9 months ago
Selected Answer: BE
Option B allows for isolating each application VPC by creating a separate transit gateway route table for each one. This ensures that communication between application VPCs is isolated. The shared services VPC attachment and the VPN attachment are propagated to each application VPC's transit gateway route table, allowing bidirectional communication with both. Option E creates a separate transit gateway route table for on-premises and the shared services VPC. This allows for efficient routing and isolation. All application VPC attachments are propagated to this transit gateway route table, ensuring bidirectional communication with both the on-premises network and the shared services VPC.
upvoted 3 times
...
vikasj1in
9 months, 1 week ago
Selected Answer: CE
C) - Create a transit gateway route table specifically for all the application VPCs. - Associate all the application VPC attachments with this transit gateway route table. - Propagate the shared services VPC attachment and the VPN attachment to this transit gateway route table. E) - Create another transit gateway route table for on-premises and the shared services VPC. - Associate the VPN attachment and the shared services VPC attachment with this transit gateway route table. - Propagate all application VPC attachments to this transit gateway route table. This way, you can achieve the required isolation between application VPCs, allow bidirectional communication between application VPCs and the on-premises network, and enable communication between application VPCs and the shared services VPC. Using two separate transit gateway route tables helps organize the routing requirements efficiently.
upvoted 2 times
mrt261
9 months ago
With option C, all application VPCs would share the same transit gateway route table, which means they would not be isolated from each other. This violates the requirement that application VPCs must be isolated from each other. Therefore, option C is not suitable for meeting the specified requirements.
upvoted 2 times
...
...
Marfee400704
9 months, 2 weeks ago
I think that it's correct answer is AE according to SPOTO products.
upvoted 1 times
...
Arad
1 year ago
Selected Answer: CE
CE is the right answer.
upvoted 2 times
...
az2022
1 year, 1 month ago
DE is correct
upvoted 1 times
...
Tofu13
1 year, 2 months ago
Selected Answer: CE
C: Allows traffic to flow from App VPCs to Shared-Service VPC and to on-premise. E: Allows traffic to flow from Shared-Service VPC and on-premise to App VPCs. https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-isolated-shared.html
upvoted 2 times
alejo232425
1 year ago
the link shared says what someone said above: "The first entry is the default entry for local routing in the VPC" you dont want that. so if you include all all of them will be reachable.
upvoted 1 times
...
...
Certified101
1 year, 3 months ago
Selected Answer: CE
By implementing the steps in option C, you're providing the necessary isolation between the application VPCs while allowing for communication with the shared services VPC and the on-premises network. Option E then allows bidirectional communication between the on-premises network, the shared services VPC, and all application VPCs. This is achieved by creating a separate transit gateway route table for the shared services VPC and on-premises network, and propagating the routes of all application VPCs to this route table.
upvoted 2 times
...
Neo00
1 year, 4 months ago
B,E is correct. C will make all application VPCs talks each other
upvoted 3 times
Neo00
1 year, 4 months ago
I was wrong, should be CE.
upvoted 2 times
JoellaLi
7 months, 3 weeks ago
Why change to CE?
upvoted 1 times
Spaurito
2 weeks, 6 days ago
B is not defined in the requirements.
upvoted 1 times
...
...
...
...
[Removed]
1 year, 4 months ago
Selected Answer: BD
Consider this that the application VPCs must be isolated from each other...
upvoted 2 times
Spaurito
2 weeks, 6 days ago
B does provided that option but not defined in the requirements.
upvoted 1 times
...
...
Stardec
1 year, 6 months ago
My mistake. It is C AND E.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...