ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 218 discussion

Exam question from Amazon's AWS-SysOps
Question #: 218
Topic #: 1
[All AWS-SysOps Questions]

A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24) and VPN only subnets CIDR
(20.0.1.0/24) along with the VPN gateway (vgw-12345) to connect to the user's data center. The user's data center has CIDR 172.28.0.0/12. The user has also setup a NAT instance (i-123456) to allow traffic to the internet from the VPN subnet. Which of the below mentioned options is not a valid entry for the main route table in this scenario?

  • A. Destination: 20.0.1.0/24 and Target: i-12345
  • B. Destination: 0.0.0.0/0 and Target: i-12345
  • C. Destination: 172.28.0.0/12 and Target: vgw-12345
  • D. Destination: 20.0.0.0/16 and Target: local
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data center, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data center. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. If the user has setup a NAT instance to route all the Internet requests, then all requests to the internet should be routed to it. All requests to the organization's DC will be routed to the VPN gateway.
Here are the valid entries for the main route table in this scenario:
Destination: 0.0.0.0/0 & Target: i-12345 (To route all internet traffic to the NAT Instance.
Destination: 172.28.0.0/12 & Target: vgw-12345 (To route all the organization's data center traffic to the VPN gateway).
Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC).
by awscertified at March 8, 2020, 11:43 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AMohanty
5 months, 3 weeks ago
A is obviously wrong B is wrong as well B. Destination: 0.0.0.0/0 and Target: i-12345 We are sending the Internet traffic to i-12345 instead of i-123456
upvoted 1 times
...
TroyMcLure
6 months, 2 weeks ago
Correct Answer: A
upvoted 1 times
...
jerry19
6 months, 4 weeks ago
I thought NAT gateways were not used with VPNs. VPNs only use Virtual Private Gateways. Private subnets use NAT Gateways. VPCs use Internet Gateways. I understand the question implies that that the VPN uses a NAT Gateway but that runs contrary to what I've learned in this chat forum. Can someone provide knowledge on this?
upvoted 2 times
...
Zia1981
7 months, 2 weeks ago
it should be C - Destination CIDR should be on-premise network.
upvoted 2 times
shimmy
7 months, 1 week ago
This is incorrect. A is the correct choice because 20.0.1.0/24 is the VPN subnet. You would not send the VPN subnet's traffic to the Internet Gateway.
upvoted 2 times
...
...
awscertified
7 months, 2 weeks ago
A. Destination: 20.0.1.0/24 and Target: i-12345
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago