Topic 1 Question 251
A company runs workloads in multiple VPCs. The company needs to securely access a workload in one of the VPCs, named VPC-A, from an on-premises data center. A network engineer sets up an AWS Site-to-Site VPN connection to a transit gateway. The network engineer configures dynamic routing for the connection, and communication works properly.
Recently, the owner of VPC-A added another CIDR range to the VPC. The VPC-A owner created workloads that use the additional CIDR range.
The company's on-premises network is unable to reach the new workloads. The network engineer needs to resolve the network connectivity issue and ensure that connectivity will not be affected if additional VPC CIDR ranges are added to the VPC in the future.
Which solution will meet these requirements with the MOST operational efficiency?
Configure route propagation for VPC-A to the VPN attachment route table.
Manually update the VPN attachment route table to include the new CIDR range.
Configure an Amazon EventBridge rule to invoke an AWS Lambda function when the rule to matches an update to the VPC-A CIDR range. Configure the Lambda function to update the VPN attachment route table.
Configure an Amazon CloudWatch alarm to invoke an AWS Lambda function when there is an update to the VPC-A CIDR range. Configure the Lambda function to update the VPN attachment route table. Restart the VPN tunnels.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: A
The 2nd CIDR will be automatically added to the VPC-A and will be propagated to the VPN attachment RT.
👍 1c1193d42025/01/07 - 正解だと思う選択肢: A
By enabling route propagation for VPC-A to the VPN attachment route table, any new CIDR ranges added to VPC-A will automatically be propagated to the VPN attachment route table. This ensures that on-premises networks can reach the new workloads in VPC-A without manual updates.
👍 1woorkim2025/01/11
シャッフルモード