Topic 1 Question 269
A company currently runs its infrastructure within a VPC in a single Availability Zone. The VPC is connected to the company’s on-premises data center through an AWS Site-to-Site VPN connection attached to a virtual private gateway. The on-premises route tables route all VPC networks to the VPN connection. Communication between the two environments is working correctly. A SysOps administrator created new VPC subnets within a new Availability Zone, and deployed new resources within the subnets. However, communication cannot be established between the new resources and the on-premises environment.
Which steps should the SysOps administrator take to resolve the issue?
Add a route to the route tables of the new subnets that send on-premises traffic to the virtual private gateway.
Create a ticket with AWS Support to request adding Availability Zones to the Site-to-Site VPN route configuration.
Establish a new Site-to-Site VPN connection between a virtual private gateway attached to the new Availability Zone and the on-premises data center.
Replace the Site-to-Site VPN connection with an AWS Direct Connect connection.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: A
Site-to-Site VPN connects the customer's GW with the VGW in the VPC. Therefore, since the VGWs in the VPC are connected, you only need to add routing tables.
👍 2ansible9022023/09/05 A is correct In the current setup, the on-premises route tables already route all VPC networks to the VPN connection, which is attached to the virtual private gateway. However, when new subnets are created in a new Availability Zone, they have their own route tables. By default, these new route tables do not include the necessary route to direct traffic to the on-premises data center through the VPN connection.
👍 1trvtrinh2023/07/23- 正解だと思う選択肢: A
When new subnets are created within a new Availability Zone, they are associated with their own route tables. By default, these route tables do not have the necessary route to direct traffic from the new subnets to the on-premises data center via the existing Site-to-Site VPN connection. The SysOps administrator needs to add a route in the route table of the new subnets that points to the virtual private gateway, just like the route that is already present in the route table of the existing subnet.
👍 1Christina6662023/07/25
シャッフルモード