Q22 — AWS SAP-C02 Ch.2
Question 22 of 75 | ← Chapter 2
Q172. Example Corp. has an on-premises data center and a VPC named VPC A in the Example Corp. AWS account. The on-premises network connects to VPC A through an AWS Site-To-Site VPN. The on-premises servers can properly access VPC A.Example Corp. just acquired AnyCompany, which has a VPC named VPC B, There is no IP address overlap among these networks.Example Corp. has peered VPC Aand VPC B,Example Corp. wants to connect from its on-premise servers to VPC B.Example Corp. has properly set up the network ACL and security groups.Which solution will meet this requirement with the LEAST operational effort?
- A. Create a transit gateway. Attach the Site-to-Site VPN, VPC A, and VPC B to the transit gateway.Update the transit gateway route tables for all networks to add IP range routes for all other networks ✓
- B. Create a transit gateway. Create a Site-to-Site VPN connectionbetween the on-premises network and VPC B, and connect the VPN connection to the transit gateway. Add a route to direct traffic to the peered VPCs, and add an authorization rule to give clients access to the VPCs A and B
- C. Update the route tables for the Site-to-Site VPN and both VPCs for all three networks. Configure BGP propagation for all three networks. Wait for up to 5 minutes for BGP propagation to finish
- D. Modify the Site-to-Site VPN's virtual private gateway definition to include VPC A and VPC B. Split the two routers of the virtual private getaway between the two VPCs
Correct Answer: A. Create a transit gateway. Attach the Site-to-Site VPN, VPC A, and VPC B to the transit gateway.Update the transit gateway route tables for all networks to add IP range routes for all other networks
Explanation
Apologies for the confusion in my previous response. Upon reviewing the options again, the correct answer should be: A. Create a transit gateway. Attach the Site-to-Site VPN, VPC A, and VPC B to the transit gateway. Update the transit gateway route tables for all networks to add IP range routes for all other networks. Here's why this option is the most suitable: 1. Transit Gateway: By creating a transit gateway, you can simplify the network architecture and manage connectivity between multiple networks more efficiently. The transit gateway acts as a hub and allows for seamless communication between the on-premises network, VPC A, and VPC B. 2. Site-to-Site VPN: Since the on-premises servers can already access VPC A through the Site-to-Site VPN, you don't need to create an additional VPN connection specifically for VPC B. Instead, you can leverage the existing Site-to-Site VPN and connect it to the transit gateway. 3. Transit Gateway Route Tables: By updating the transit gateway route tables, you can add IP range routes for all the networks involved, including VPC A, VPC B, and the on-premises network. This ensures proper routing and connectivity between all the networks. Option B (Creating a transit gateway, Site-to-Site VPN connection, and adding routes) is the correct solution, as it utilizes the transit gateway and the existing Site-to-Site VPN connection to enable connectivity between the on-premises servers and VPC B. However, it does not mention updating the transit gateway route tables, which is necessary for proper routing. Option C (Updating route tables and configuring BGP propagation) is more complex and time-consuming, as it involves configuring BGP propagation and waiting for the propagation to finish. It may require additional operational effort. Option D (Modifying the virtual private gateway definition) does not involve the transit gateway, which is a more efficient and scalable solution for connecting multiple networks. Therefore, based on the given requirements, option A is the most appropriate choice as it offers a straightforward solution for connecting the on-premises servers to VPC B using a transit gateway and properly updating the route tables.