Q88 — AWS ANS-C01 Ch.1
Question 88 of 100 | ← Chapter 1
A company has agreed to collaborate with a partner for a research project. The company has multiple VPCs in the us-east-1 Region that use CIDR Blocks within 10.10.0.0/16. The VPCs are connected by a transit gateway that is named TGW-C in us-east-1. TGW-C has an Autonomous System Number (ASN) configuration value of 64520. The partner has multiple VPCs in us-east-1 that use CIDR blocks within 172.16.0.0/16. The VPCs are connected by a transit gateway that is named TGW-P in us-east-1. TGW-P has an ASN configuration value of 64530.A network engineer needs to establish network connectivity between the company's VPCs and the partner's VPCs in us-east-1. Which solution will meet these requirements with MINIMUM changes to both networks?
- A. Create a new VPC in a new account. Deploy a router from AWS Marketplace. Share TGW-C and TGW-P with the new account by using AWS Resource Access Manager (AWS RAM). Associate TGW-C and TGW-P with the new VPC. Configure the router in the new VPC to route between TGW-C and TGW-P.
- B. Create an IPsec VPN connection between TGW-C and TGW-P. Configure the routing between the transit gateways to use the IPsec VPN Connection.
- C. Configure a cross-account transit gateway peering attachment between TGW-C and TGW-P. Configure the routing between the transit Gateways to use the peering attachment. ✓
- D. Share TGW-C with the partner account by using AWS Resource Access Manager (AWS RAM). Associate the partner VPCs with TGW-C. Configure routing in the partner VPCs and TGW-C.
Correct Answer: C. Configure a cross-account transit gateway peering attachment between TGW-C and TGW-P. Configure the routing between the transit Gateways to use the peering attachment.
Explanation
AWS Transit Gateway Peering允许同一或不同区域的Transit Gateway之间建立连接。在跨账户场景中,需使用跨账户对等附件。《AWS Transit Gateway 对等连接文档》指出,对等连接不要求修改现有VPC路由表或子网。选项C通过跨账户对等附件直接建立路由,无需共享资源或改变VPC关联。选项A引入第三方路由器增加复杂性,选项B的VPN需要额外隧道配置,选项D共享整个Transit Gateway涉及更大权限改动。正确答案为C。