Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 166 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 166
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

AnyCompany has acquired Example Corp. AnyCompany's infrastructure is all on premises, and Example Corp's infrastructure is completely in the AWS Cloud. The companies are using AWS Direct Connect with AWS Transit Gateway to establish connectivity between each other.

Example Corp has deployed a new application across two Availability Zones in a VPC with no internet gateway. The CIDR range for the VPC is 10.0.0.0/16. Example Corp needs to access an application that is deployed on premises by AnyCompany. Because of compliance requirements, Example Corp must access the application through a limited contiguous block of approved IP addresses (10.1.0.0/24).

A network engineer needs to implement a highly available solution to achieve this goal. The network engineer starts by updating the VPC to add a new CIDR range of 10.1.0.0/24.

What should the network engineer do next to meet the requirements?

  • A. In each Availability Zone in the VPC, create a subnet that uses part of the allowed IP address range. Create a public NAT gateway in each of the new subnets. Update the route tables that are associated with other subnets to route application traffic to the public NAT gateway in the corresponding Availability Zone. Add a route to the route table that is associated with the subnets of the public NAT gateways to send traffic destined for the application to the transit gateway.
  • B. In each Availability Zone in the VPC, create a subnet that uses part of the allowed IP address range. Create a private NAT gateway in each of the new subnets. Update the route tables that are associated with other subnets to route application traffic to the private NAT gateway in the corresponding Availability Zone. Add a route to the route table that is associated with the subnets of the private NAT gateways to send traffic destined for the application to the transit gateway.
  • C. In the VPC, create a subnet that uses the allowed IP address range. Create a private NAT gateway in the new subnet. Update the route tables that are associated with other subnets to route application traffic to the private NAT gateway. Add a route to the route table that is associated with the subnet of the private NAT gateway to send traffic destined for the application to the transit gateway.
  • D. In the VPC, create a subnet that uses the allowed IP address range. Create a public NAT gateway in the new subnet. Update the route tables that are associated with other subnets to route application traffic to the public NAT gateway. Add a route to the route table that is associated with the subnet of the public NAT gateway to send traffic destined for the application to the transit gateway.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Manh at July 28, 2023, 3:53 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
tyh391
5 months, 1 week ago
B. needs to implement a highly available solution
upvoted 1 times
...
Certified101
1 year, 1 month ago
Selected Answer: B
Also the VPC uses the subnet 10.1.0.0/24 already. You cannot create a single subnet in that VPC range. Needs to be split up into multiple subnets. "The network engineer starts by updating the VPC to add a new CIDR range of 10.1.0.0/24"
upvoted 3 times
[Removed]
5 months ago
AFAIK u indeed can create a subnet that consumes the whole CIDR but in this case the HA would be neglected that's why cutting it in two /25 chunks is necessary here
upvoted 1 times
...
...
Certified101
1 year, 1 month ago
Selected Answer: B
B is correct - Needs to be highly available so multiple AZ's required one in each of the 2 AZ's "Example Corp has deployed a new application across two Availability Zones in a VPC with no internet gateway"
upvoted 3 times
...
sambb
1 year, 1 month ago
Selected Answer: B
A and D - public NAT gateway has nothing to do here. B provides an multi-az solution, compared to C
upvoted 3 times
...
ISSDoksim
1 year, 1 month ago
https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-solve-private-ip-exhaustion-with-private-nat-solution/
upvoted 1 times
payelix795
1 year, 1 month ago
I've been going through the docs for info.I take it it works like a regular NAT gateway where I would need one per AZ for HA ? Is B a possible option ?
upvoted 2 times
...
...
Manh
1 year, 1 month ago
Selected Answer: C
Create 3 NATs in each subnet is crazy. therefore, the choice is C. The network engineer should create a private NAT gateway in the VPC and update the route tables that are associated with other subnets to route application traffic to the private NAT gateway. This will allow Example Corp to access the application on premises through the allowed IP address range, while also maintaining compliance requirements.
upvoted 3 times
johnconnor
1 year, 1 month ago
It would be a lot easier to manage, but isn't the limitation of "A subnet must reside within a single Availability Zone." an issue for C?
upvoted 3 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel