Topic 1 Question 215
3 つ選択A company’s network engineer must implement a cloud-based networking environment for a network operations team to centrally manage. Other Teams will use the environment. Each team must be able to deploy infrastructure to the environment and must be able to manage its own resources. The environment must feature IPv4 and IPv6 support and must provide internet connectivity in a dual-stack configuration.
The company has an organization in AWS Organizations that contains a workload account for the teams. The network engineer creates a new networking account in the organization.
Which combination of steps should the network engineer take next to meet the requirements?
Create a new VPC. Associate an IPv4 CIDR block of 10.0.0.0/16 and specify an IPv6 block of 2001:db8:c5a:6000::/56. Provision subnets by assigning /24 IPv4 CIDR blocks and /64 IPv6 CIDR blocks.
Create a new VPC. Associate an IPv4 CIDR block of 10.0.0.0/16 and use an Amazon-provided IPV6 CIDR block. Provision subnets by assigning /24 IPv4 CIDR blocks and /64 IPV6 CIDR blocks.
Enable sharing of resources within the organization by using AWS Resource Access Manager (AWS RAM). Create a resource share in the networking account, select the provisioned subnets, and share the provisioned subnets with the target workload account. Use the workload account to accept the resource share through AWS RAM.
Enable sharing of resources within the organization by using AWS Resource Access Manager (AWS RAM). Create a resource share in the networking account, select the new VPC, and share the new VPC with the target workload account. Use the workload account to accept the resource share through AWS RAM.
Create an internet gateway and an egress-only internal gateway. Deploy NAT gateways to the public subnets. Associate the internet gateway with the new VPC. Update the route tables. Associate the route tables with the relevant subnets.
Create an internet gateway. Deploy NAT instances to public subnets. Update the route tables. Associate the route tables with the relevant subnets.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: BCE
BCE are better options than the rest:
Option A: Specifies a manual IPv6 block rather than using Amazon-provided IPv6 blocks, which are preferred for their global uniqueness and routability. Option D: Suggests sharing an entire VPC, which is less secure and harder to manage compared to sharing specific subnets. Option F: Suggests using NAT instances, which are less scalable and more maintenance-intensive than NAT gateways.
👍 5Cacheirez2024/08/13 - 正解だと思う選択肢: BCE
this is BCE
👍 4cas_tori2024/08/28 B,C,E ois correct! A. Manually specifying an IPv6 block is unnecessary D. Sharing the entire VPC would give workload accounts full control over the VPC, which is not desirable in a centrally managed networking setup. F. Using NAT instances introduces operational overhead and is not recommended unless cost is a critical concern.
👍 3woorkim2024/12/16
シャッフルモード