ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 166 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 166
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

AnyCompany has acquired Example Corp. AnyCompany's infrastructure is all on premises, and Example Corp's infrastructure is completely in the AWS Cloud. The companies are using AWS Direct Connect with AWS Transit Gateway to establish connectivity between each other.

Example Corp has deployed a new application across two Availability Zones in a VPC with no internet gateway. The CIDR range for the VPC is 10.0.0.0/16. Example Corp needs to access an application that is deployed on premises by AnyCompany. Because of compliance requirements, Example Corp must access the application through a limited contiguous block of approved IP addresses (10.1.0.0/24).

A network engineer needs to implement a highly available solution to achieve this goal. The network engineer starts by updating the VPC to add a new CIDR range of 10.1.0.0/24.

What should the network engineer do next to meet the requirements?

  • A. In each Availability Zone in the VPC, create a subnet that uses part of the allowed IP address range. Create a public NAT gateway in each of the new subnets. Update the route tables that are associated with other subnets to route application traffic to the public NAT gateway in the corresponding Availability Zone. Add a route to the route table that is associated with the subnets of the public NAT gateways to send traffic destined for the application to the transit gateway.
  • B. In each Availability Zone in the VPC, create a subnet that uses part of the allowed IP address range. Create a private NAT gateway in each of the new subnets. Update the route tables that are associated with other subnets to route application traffic to the private NAT gateway in the corresponding Availability Zone. Add a route to the route table that is associated with the subnets of the private NAT gateways to send traffic destined for the application to the transit gateway.
  • C. In the VPC, create a subnet that uses the allowed IP address range. Create a private NAT gateway in the new subnet. Update the route tables that are associated with other subnets to route application traffic to the private NAT gateway. Add a route to the route table that is associated with the subnet of the private NAT gateway to send traffic destined for the application to the transit gateway.
  • D. In the VPC, create a subnet that uses the allowed IP address range. Create a public NAT gateway in the new subnet. Update the route tables that are associated with other subnets to route application traffic to the public NAT gateway. Add a route to the route table that is associated with the subnet of the public NAT gateway to send traffic destined for the application to the transit gateway.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Manh at July 28, 2023, 3:53 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
woorkim
1 week, 4 days ago
Selected Answer: B
Private NAT to solve IP exhaustion problem and enable communication between two Amazon Virtual Private Clouds (VPCs) with overlapping CIDR ranges.
upvoted 1 times
...
tyh391
8 months, 1 week ago
B. needs to implement a highly available solution
upvoted 1 times
...
Certified101
1 year, 4 months ago
Selected Answer: B
Also the VPC uses the subnet 10.1.0.0/24 already. You cannot create a single subnet in that VPC range. Needs to be split up into multiple subnets. "The network engineer starts by updating the VPC to add a new CIDR range of 10.1.0.0/24"
upvoted 3 times
[Removed]
8 months, 1 week ago
AFAIK u indeed can create a subnet that consumes the whole CIDR but in this case the HA would be neglected that's why cutting it in two /25 chunks is necessary here
upvoted 1 times
...
...
Certified101
1 year, 4 months ago
Selected Answer: B
B is correct - Needs to be highly available so multiple AZ's required one in each of the 2 AZ's "Example Corp has deployed a new application across two Availability Zones in a VPC with no internet gateway"
upvoted 3 times
...
sambb
1 year, 4 months ago
Selected Answer: B
A and D - public NAT gateway has nothing to do here. B provides an multi-az solution, compared to C
upvoted 4 times
...
ISSDoksim
1 year, 4 months ago
https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-solve-private-ip-exhaustion-with-private-nat-solution/
upvoted 1 times
payelix795
1 year, 4 months ago
I've been going through the docs for info.I take it it works like a regular NAT gateway where I would need one per AZ for HA ? Is B a possible option ?
upvoted 2 times
...
...
Manh
1 year, 4 months ago
Selected Answer: C
Create 3 NATs in each subnet is crazy. therefore, the choice is C. The network engineer should create a private NAT gateway in the VPC and update the route tables that are associated with other subnets to route application traffic to the private NAT gateway. This will allow Example Corp to access the application on premises through the allowed IP address range, while also maintaining compliance requirements.
upvoted 3 times
johnconnor
1 year, 4 months ago
It would be a lot easier to manage, but isn't the limitation of "A subnet must reside within a single Availability Zone." an issue for C?
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago