Q45 — AWS SOA-C02 Ch.1
Question 45 of 100 | ← Chapter 1
A company currently runs its infrastructure within a VPC in a single Availability Zone. The VPC is connected to the company’s on-premises data center through an AWS Site-to-Site VPN connection attached to a virtual private gateway. The on-premises route tables route all VPC networks to the VPN connection. Communication between the two environments is working correctly. A SysOps administrator created new VPC subnets within a new Availability Zone, and deployed new resources within the subnets. However, communication cannot be established between the new resources and the on-premises environment. Which steps should the SysOps administrator take to resolve the issue?
- A. Add a route to the route tables of the new subnets that send on-premises traffic to the virtual private gateway. ✓
- B. Create a ticket with AWS Support to request adding Availability Zones to the Site-to-Site VPN route configuration.
- C. Establish a new Site-to-Site VPN connection between a virtual private gateway attached to the new Availability Zone and the on-premises data center.
- D. Replace the Site-to-Site VPN connection with an AWS Direct Connect connection.
Correct Answer: A. Add a route to the route tables of the new subnets that send on-premises traffic to the virtual private gateway.
Explanation
AWS VPC路由表配置决定子网流量走向。当新增子网时需确保其关联的路由表包含指向虚拟私有网关(Virtual Private Gateway)的路由条目,以实现与本地数据中心的通信。根据AWS文档,每个子网必须显式关联路由表,若未手动关联则默认使用VPC主路由表。题目中新子网可能关联了未包含VPN路由的自定义路由表。选项A通过添加指向VPN的路由解决该问题;选项B错误,VPN连接本身支持多可用区无需额外配置;选项C不必要,单个VPN连接支持跨可用区;选项D并非根本原因,路由问题与连接类型无关。