Topic 1 Question 166
AnyCompany has acquired Example Corp. AnyCompany's infrastructure is all on premises, and Example Corp's infrastructure is completely in the AWS Cloud. The companies are using AWS Direct Connect with AWS Transit Gateway to establish connectivity between each other.
Example Corp has deployed a new application across two Availability Zones in a VPC with no internet gateway. The CIDR range for the VPC is 10.0.0.0/16. Example Corp needs to access an application that is deployed on premises by AnyCompany. Because of compliance requirements, Example Corp must access the application through a limited contiguous block of approved IP addresses (10.1.0.0/24).
A network engineer needs to implement a highly available solution to achieve this goal. The network engineer starts by updating the VPC to add a new CIDR range of 10.1.0.0/24.
What should the network engineer do next to meet the requirements?
In each Availability Zone in the VPC, create a subnet that uses part of the allowed IP address range. Create a public NAT gateway in each of the new subnets. Update the route tables that are associated with other subnets to route application traffic to the public NAT gateway in the corresponding Availability Zone. Add a route to the route table that is associated with the subnets of the public NAT gateways to send traffic destined for the application to the transit gateway.
In each Availability Zone in the VPC, create a subnet that uses part of the allowed IP address range. Create a private NAT gateway in each of the new subnets. Update the route tables that are associated with other subnets to route application traffic to the private NAT gateway in the corresponding Availability Zone. Add a route to the route table that is associated with the subnets of the private NAT gateways to send traffic destined for the application to the transit gateway.
In the VPC, create a subnet that uses the allowed IP address range. Create a private NAT gateway in the new subnet. Update the route tables that are associated with other subnets to route application traffic to the private NAT gateway. Add a route to the route table that is associated with the subnet of the private NAT gateway to send traffic destined for the application to the transit gateway.
In the VPC, create a subnet that uses the allowed IP address range. Create a public NAT gateway in the new subnet. Update the route tables that are associated with other subnets to route application traffic to the public NAT gateway. Add a route to the route table that is associated with the subnet of the public NAT gateway to send traffic destined for the application to the transit gateway.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: C
Create 3 NATs in each subnet is crazy. therefore, the choice is C. The network engineer should create a private NAT gateway in the VPC and update the route tables that are associated with other subnets to route application traffic to the private NAT gateway. This will allow Example Corp to access the application on premises through the allowed IP address range, while also maintaining compliance requirements.
👍 3Manh2023/07/27 - 正解だと思う選択肢: B
A and D - public NAT gateway has nothing to do here. B provides an multi-az solution, compared to C
👍 3sambb2023/08/02 - 正解だと思う選択肢: B
B is correct - Needs to be highly available so multiple AZ's required one in each of the 2 AZ's
"Example Corp has deployed a new application across two Availability Zones in a VPC with no internet gateway"
👍 3Certified1012023/08/03
シャッフルモード