Q77 — AWS ANS-C01 Ch.1
Question 77 of 100 | ← Chapter 1
A company runs workloads in multiple VPCs. The company needs to securely access a workload in one of the VPCs, named VPC-A, from an onpremises data center. A network engineer sets up an AWS Site-to-Site VPN connection to a transit gateway. The network engineer configures Dynamic routing for the connection, and communication works properly. Recently, the owner of VPC-A added another CIDR range to the VPC. The VPC-A owner created workloads that use the additional CIDR range. The company's on-premises network is unable to reach the new workloads. The network engineer needs to resolve the network connectivity issue And ensure that connectivity will not be affected if additional VPC CIDR ranges are added to the VPC in the future. Which solution will meet these requirements with the MOST operational efficiency?
- A. Configure route propagation for VPC-A to the VPN attachment route table. ✓
- B. Manually update the VPN attachment route table to include the new CIDR range.
- C. Configure an Amazon EventBridge rule to invoke an AWS Lambda function when the rule to matches an update to the VPC-A CIDR range. Configure the Lambda function to update the VPN attachment route table.
- D. Configure an Amazon CloudWatch alarm to invoke an AWS Lambda function when there is an update to the VPC-A CIDR range. Configure The Lambda function to update the VPN attachment route table. Restart the VPN tunnels.
Correct Answer: A. Configure route propagation for VPC-A to the VPN attachment route table.
Explanation
AWS Transit Gateway的路由传播功能允许自动将VPC的路由表条目动态传播到关联的VPN连接路由表中。当VPC-A新增CIDR范围导致本地网络无法访问新工作负载时,手动添加路由(选项B)不可持续。动态路由已配置,VPN连接应通过路由传播自动获取新路由。选项A启用VPC-A到VPN附件路由表的路由传播,确保新增CIDR自动通告到VPN,无需后续人工干预。选项C和D引入不必要的自动化复杂性,而AWS原生路由传播机制更高效。AWS文档指出,Transit Gateway路由传播是管理动态路由更新的推荐方式,确保网络变更自动同步。