Q45 — AWS SOA-C02 Ch.1

Question 45 of 100 | ← Chapter 1

A company currently runs its infrastructure within a VPC in a single Availability Zone. The VPC is connected to the company’s on-premises data center through an AWS Site-to-Site VPN connection attached to a virtual private gateway. The on-premises route tables route all VPC networks to the VPN connection. Communication between the two environments is working correctly. A SysOps administrator created new VPC subnets within a new Availability Zone, and deployed new resources within the subnets. However, communication cannot be established between the new resources and the on-premises environment. Which steps should the SysOps administrator take to resolve the issue?

Correct Answer: A. Add a route to the route tables of the new subnets that send on-premises traffic to the virtual private gateway.

Explanation

AWS VPC路由表配置决定子网流量走向。当新增子网时需确保其关联的路由表包含指向虚拟私有网关(Virtual Private Gateway)的路由条目,以实现与本地数据中心的通信。根据AWS文档,每个子网必须显式关联路由表,若未手动关联则默认使用VPC主路由表。题目中新子网可能关联了未包含VPN路由的自定义路由表。选项A通过添加指向VPN的路由解决该问题;选项B错误,VPN连接本身支持多可用区无需额外配置;选项C不必要,单个VPN连接支持跨可用区;选项D并非根本原因,路由问题与连接类型无关。