Topic 1 Question 180
A company has a transit gateway in AWS Account A. The company uses AWS Resource Access Manager (AWS RAM) to share the transit gateway so that users in other accounts can connect to multiple VPCs in the same AWS Region. AWS Account B contains a VPC (10.0.0.0/16) with subnet 10.0.0.0/24 in the us-west-2a Availability Zone and subnet 10.0.1.0/24 in the us-west-2b Availability Zone. Resources in these subnets can communicate with other VPCs.
A network engineer creates two new subnets: 10.0.2.0/24 in the us-west-2b Availability Zone and 10.0.3.0/24 in the us-west-2c Availability Zone. All the subnets share one route table. The default route 0.0.0.0/0 is pointing to the transit gateway. Resources in subnet 10.0.2.0/24 can communicate with other VPCs, but resources in subnet 10.0.3.0/24 cannot communicate with other VPCs.
What should the network engineer do so that resources in subnet 10.0.3.0/24 can communicate with other VPCs?
In Account B, add 10.0.2.0/24 and 10.0.3.0/24 as the destinations to the route table. Use the transit gateway as the target.
In Account B, update the transit gateway attachment. Attach the new subnet ID that is associated with us-west-2c to Account B's VPC.
In Account A, create a static route for 10.0.3.0/24 in the transit gateway route tables.
In Account A, recreate propagation for 10.0.0.0/16 in the transit gateway route tables.
ユーザの投票
コメント(8)
- 正解だと思う選択肢: C
If all subnets share one route table then new subnet in AZ C should also have a route to the TGW, and we don't need necessarily a TGW attachment associated with the new subnet C, it should be able to route to the existing TGW attachments inside the VPC. Only answer that makes sense to me then is C if we assume that Account B doesn't have route propagation enabled by default and the TGW route tables are using instead static routes. This would explain why traffic can't reach the new subnet but can reach the others.
👍 6KobDragoon2024/04/01 - 正解だと思う選択肢: B
Option C is incorrect because the transit gateway route tables are managed by Account A, which owns the transit gateway. Account B cannot modify the route tables in Account A's transit gateway.
Option D is incorrect because propagation is not relevant in this scenario. Propagation is used when you have multiple transit gateways in different AWS Regions, and you want to propagate routes between them.
👍 6acloudguru2024/04/29 - 正解だと思う選択肢: B
The most likely cause is that the new subnet has not been attached to the transit gateway.
👍 4Kupaloid2024/05/15
シャッフルモード