Topic 1 Question 249
A US-based company is expanding its business to Europe. A network engineer needs to extend the company's network infrastructure by setting up a new hub and spoke architecture in the eu-west-1 Region. The network engineer uses a transit gateway peering connection to connect the new resources in eu-west-1 to an existing environment in the us-east-1 Region.
The hub and spoke architecture in each AWS Region includes an inspection VPC that uses AWS Network Firewall to centralize traffic inspection for each Region. To reduce costs, the network engineer decides to inspect inter-Region traffic by using the inspection VPC in the Region that originates the traffic. The network engineer configures the transit gateway route tables accordingly for each Region.
When the network engineer tests the new architecture, communication within each Region works as expected. However, the network engineer finds that inter-Region communication is not working. The network engineer must resolve the inter-Region communication issue.
Which solution will meet this requirement?
Configure Open Shortest Path First (OSPF) routing on the transit gateway peering connection to propagate the VPC CIDR blocks from each Region to the remote peer.
Use AWS Resource Access Manager (AWS RAM) to share access between the transit gateways. Enable the Allow sharing with anyone setting.
Prevent asymmetric routing in the inspection VPCs by ensuring that both requests and responses are inspected by the same inspection VPC
Enable Appliance mode on both the transit gateway attachments for the inspection VPC.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: D
Enable Appliance Mode on the transit gateway attachments for both inspection VPCs in the us-east-1 and eu-west-1 Regions. This ensures that bidirectional traffic passes through the same inspection VPC, resolving the asymmetric routing issue and enabling inter-Region communication.
👍 2kowal_0012025/01/07 D is correct! A (Configure OSPF routing):
AWS Transit Gateway does not support dynamic routing protocols like OSPF. Instead, it uses static routes or BGP for route propagation in Direct Connect scenarios.B (Use AWS RAM to share access):
AWS RAM is used to share transit gateways across accounts, not for enabling inter-Region communication or fixing routing issues.C (Prevent asymmetric routing in the inspection VPCs):
While preventing asymmetric routing is important, the root cause here is the lack of appliance mode. Simply ensuring symmetry without enabling appliance mode will not resolve the issue.👍 2woorkim2025/01/11
シャッフルモード