ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 249 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 249
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A US-based company is expanding its business to Europe. A network engineer needs to extend the company's network infrastructure by setting up a new hub and spoke architecture in the eu-west-1 Region. The network engineer uses a transit gateway peering connection to connect the new resources in eu-west-1 to an existing environment in the us-east-1 Region.

The hub and spoke architecture in each AWS Region includes an inspection VPC that uses AWS Network Firewall to centralize traffic inspection for each Region. To reduce costs, the network engineer decides to inspect inter-Region traffic by using the inspection VPC in the Region that originates the traffic. The network engineer configures the transit gateway route tables accordingly for each Region.

When the network engineer tests the new architecture, communication within each Region works as expected. However, the network engineer finds that inter-Region communication is not working. The network engineer must resolve the inter-Region communication issue.

Which solution will meet this requirement?

  • A. Configure Open Shortest Path First (OSPF) routing on the transit gateway peering connection to propagate the VPC CIDR blocks from each Region to the remote peer.
  • B. Use AWS Resource Access Manager (AWS RAM) to share access between the transit gateways. Enable the Allow sharing with anyone setting.
  • C. Prevent asymmetric routing in the inspection VPCs by ensuring that both requests and responses are inspected by the same inspection VPC
  • D. Enable Appliance mode on both the transit gateway attachments for the inspection VPC.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by kowal_001 at Jan. 7, 2025, 2:01 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ashk123456
1 month ago
Selected Answer: D
In a hub-and-spoke architecture using AWS Transit Gateway, when traffic is routed to an inspection VPC (which contains AWS Network Firewall), the traffic path must remain symmetric—meaning that both request and response traffic must pass through the same inspection VPC. By default, AWS Transit Gateway performs packet routing optimally, which can sometimes lead to asymmetric routing issues when using an inspection VPC.
upvoted 1 times
...
woorkim
3 months, 3 weeks ago
D is correct! A (Configure OSPF routing): AWS Transit Gateway does not support dynamic routing protocols like OSPF. Instead, it uses static routes or BGP for route propagation in Direct Connect scenarios. B (Use AWS RAM to share access): AWS RAM is used to share transit gateways across accounts, not for enabling inter-Region communication or fixing routing issues. C (Prevent asymmetric routing in the inspection VPCs): While preventing asymmetric routing is important, the root cause here is the lack of appliance mode. Simply ensuring symmetry without enabling appliance mode will not resolve the issue.
upvoted 2 times
...
kowal_001
3 months, 3 weeks ago
Selected Answer: D
Enable Appliance Mode on the transit gateway attachments for both inspection VPCs in the us-east-1 and eu-west-1 Regions. This ensures that bidirectional traffic passes through the same inspection VPC, resolving the asymmetric routing issue and enabling inter-Region communication.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago