Topic 1 Question 36
A network engineer needs to update a company's hybrid network to support IPv6 for the upcoming release of a new application. The application is hosted in a VPC in the AWS Cloud. The company's current AWS infrastructure includes VPCs that are connected by a transit gateway. The transit gateway is connected to the on-premises network by AWS Direct Connect and AWS Site-to-Site VPN. The company's on-premises devices have been updated to support the new IPv6 requirements. The company has enabled IPv6 for the existing VPC by assigning a new IPv6 CIDR block to the VPC and by assigning IPv6 to the subnets for dual-stack support. The company has launched new Amazon EC2 instances for the new application in the updated subnets. When updating the hybrid network to support IPv6 the network engineer must avoid making any changes to the current infrastructure. The network engineer also must block direct access to the instances' new IPv6 addresses from the internet. However, the network engineer must allow outbound internet access from the instances. What is the MOST operationally efficient solution that meets these requirements?
Update the Direct Connect transit VIF and configure BGP peering with the AWS assigned IPv6 peering address. Create a new VPN connection that supports IPv6 connectivity. Add an egress-only internet gateway. Update any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices
Update the Direct Connect transit VIF and configure BGP peering with the AWS assigned IPv6 peering address. Update the existing VPN connection to support IPv6 connectivity. Add an egress-only internet gateway. Update any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices.
Create a Direct Connect transit VIF and configure BGP peering with the AWS assigned IPv6 peering address. Create a new VPN connection that supports IPv6 connectivity. Add an egress-only internet gateway. Update any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices.
Create a Direct Connect transit VIF and configure BGP peering with the AWS assigned IPv6 peering address. Create a new VPN connection that supports IPv6 connectivity. Add a NAT gateway. Update any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices.
ユーザの投票
コメント(4)
https://aws.amazon.com/blogs/networking-and-content-delivery/dual-stack-ipv6-architectures-for-aws-an d-hybrid-networks/
For dual-stack connectivity on the Site-to-Site VPN connection via a Transit Gateway, you need to create two VPN connections, one for the IPv4 stack and one for the IPv6 stack. D. For AWS Direct Connect connection, reuse your existing VIFs and enable them for dual-stack support.
Option A) is correct
👍 7study_aws12023/03/20A - correct!
The MOST operationally efficient solution that meets the requirements is option A. This option updates the Direct Connect transit VIF to support IPv6 and configures BGP peering with the AWS assigned IPv6 peering address. It also creates a new VPN connection that supports IPv6 connectivity, adds an egress-only internet gateway, and updates any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices. This solution does not require any changes to the current infrastructure and effectively blocks direct access to the instances' new IPv6 addresses from the internet while allowing outbound internet access from the instances.
👍 6zaazanuna2023/03/18- 正解だと思う選択肢: A
A) is correct https://docs.aws.amazon.com/whitepapers/latest/ipv6-on-aws/hybrid-connectivity-design.html - "it is possible to retrofit IPv6 onto an existing VIF without the need to reprovision or deploy a new one."
https://docs.aws.amazon.com/vpn/latest/s2svpn/ipv4-ipv6.html - "You cannot enable IPv6 support for an existing Site-to-Site VPN connection."
👍 4dremm2023/04/09
シャッフルモード