exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 181 discussion

A company has started using AWS Cloud WAN with one edge location in the us-east-1 Region. The company has a production segment and a security segment in AWS Cloud WAN. The company also has a default core network policy.

The company has created a production VPC for the production workload. The company has created an outbound inspection VPC to inspect internet-bound traffic from the production VPC. The company has attached the production VPC to the production segment and has attached the outbound inspection VPC to the security segment. The company has also created an AWS Network Firewall firewall in the outbound inspection VPC to inspect internet-based traffic.

The company has updated a route table for the production VPC to send all internet-bound traffic to the AWS Cloud WAN core network. The company has updated a route table for the outbound inspection VPC to ensure that Network Firewall inspects any outgoing traffic and incoming traffic.

During testing, an Amazon EC2 instance in the production VPC cannot reach the internet. The company checks the Network Firewall rules and confirms that the rules are not blocking the traffic.

Which combination of steps will meet these requirements? (Choose two.)

  • A. Update the core network policy to configure segment sharing. Share the production segment with the security segment.
  • B. Update the core network policy to create a static route for the security segment. Specify 0.0.0.0/0 as the destination CIDR block. Specify the outbound inspection VPC as an attachment.
  • C. Update the core network policy to create a static route for the production segment. Specify 0.0.0.0/0 as the destination CIDR block. Specify the outbound inspection VPC as an attachment.
  • D. Update the core network policy to create a static route for the production segment. Specify 10.2.0.0/16 as the destination CIDR block. Specify the outbound inspection VPC as an attachment.
  • E. Create an attachment to attach the outbound inspection VPC to the production segment. Update the core network policy to turn on isolated attachment for the production segment.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
woorkim
2 weeks ago
Selected Answer: AC
Option B is not correct because a static route for the security segment targeting 0.0.0.0/0 does not directly solve the issue for production traffic routing. Option D is incorrect because it involves a route with a CIDR block that does not represent internet-bound traffic (10.2.0.0/16 is a private IP range). Option E is incorrect because attaching the outbound inspection VPC directly to the production segment and enabling isolated attachment conflicts with the requirement to inspect traffic through the security segment.
upvoted 1 times
...
Blitz1
5 months, 1 week ago
Selected Answer: AC
A. When traffic is returning from internet to inspection segment a route is needed to pass the traffic to correct segment. https://docs.aws.amazon.com/network-manager/latest/cloudwan/cloudwan-policy-network-actions-routes.html C. is pushing all the traffic (internet) to outbound inspection
upvoted 3 times
...
973b658
8 months, 2 weeks ago
Selected Answer: AC
A&C is OK.
upvoted 3 times
...
Stants
8 months, 2 weeks ago
Option C: Update the core network policy to create a static route for the production segment. Specify 0.0.0.0/0 as the destination CIDR block. Specify the outbound inspection VPC as an attachment. Explanation: By creating a static route for the production segment with a destination of 0.0.0.0/0 (which covers all internet-bound traffic), and attaching it to the outbound inspection VPC, you ensure that traffic from the production VPC is directed to the Network Firewall in the outbound inspection VPC. Option D: Update the core network policy to create a static route for the production segment. Specify 10.2.0.0/16 as the destination CIDR block. Specify the outbound inspection VPC as an attachment. Explanation: Creating a static route for the production segment with a specific destination CIDR block (10.2.0.0/16) ensures that traffic from the production VPC is routed to the outbound inspection VPC.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago