Exam ANS-C00 topic 1 question 9 discussion

A,E are the answers

https://docs.aws.amazon.com/vpc/latest/peering/peering-configurations-partial-access.html

Correct Answer A E

A and B are both overlapping CIDR blocks witn 192.168.1.0/24, so they can't work. I would otherwise agree with A+E, but there's nothing that states I can tear-down the current /24 subnet (i.e. there may be other instances there, no clue as to prod/dev, etc.). Real answer is to use unallocated range in the massive /16 to accomplish this, but A is wrong "as written".

This question is a nut! Even if you create two route tables on VPC-B, it won't work. There is no way for i3 to communicate with 1-2, and the same for 1-4 to i-1. The only way is to change the IP address of i-2. Now, if the only requirement is for i-3 to communicate with i-1 and 1-4 to communicate with i-2, then letters A &E are correct. But these whole conversations started because 1-3 and 1-4 cannot communicate with i-2, and some nuts want it fixed.

According to this knowledge, I choose C&D - The owner of the peer VPC must also complete these steps to add a route to direct traffic back to your VPC through the VPC peering connection. - For Destination, enter the IPv4 address range to which the network traffic in the VPC peering connection must be directed. You can specify the entire IPv4 CIDR block of the peer VPC, a specific range, or an individual IPv4 address, such as the IP address of the instance with which to communicate. For example, if the CIDR block of the peer VPC is https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html The solution should be like this: (1) VPC B route table - VPC B => Local - 10.0.0.10/32 => PCX A - 10.0.0.100/32 (changed i-2 IP to 10.0.0.100 according to answer C) => PCX C (2) VPC A route table - VPC A => Local - 192.168.1.10 => PCX B - 192.168.1.20 => PCX B (3) VPC C route table - VPC C => Local - 192.168.1.20 => PCX B

Answer - A & D Why D -- A single route table with unique routes would help here. Single route table for VPC-B, with three route entries. Destination Target 192.1680.0.0/16 LOCAL (local route) 192.168.1.0/28 VPC-A (route to VPC-A) 192.168.1.16/28 VPC-B (route to VPC-B)

Initially I agreed with Cyril_the_Squirl but after a bit of digging - A & E are the correct answers. Look at 'Subnet route tables' & 'Custom route tables' to get an understanding. My take is that by splitting the two VPC B devices into two separate subnets (/28 is the correct fit in this example) you can then create two custom route tables with the target being a different VPC for the same IP address - in this case VPC A & VPC C respectively. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html#route-table-assocation

C & D are correct. You change the ipaddress of i2 so that you can then create more specific routes.

Who can tell me how to realise the below request with A&E. Thanks ✑ i-3 and i-4 are able to communicate with i-1, but not with i-2.

CD with me Duplicated IP and cidr between i1 and i2 The most specific route we can have is /32 so with the same IP then I dont see any ways to route to both of them from a subnet -> Need to change i2 to 10.0.0.100 and RT of VPCB can be 10.0.0.10/32 via pxc-ba 10.0.0.100/32 via pxc-bc This is pcx so return route can be same in VPCA and C

DE, As to change the subnet we need to recreate the Machine (So A is not the answer), we can create a specific route for i4(VPC C). Source: Destination: Via 192.168.1.0/24 -->10.0.0.10/32 --> PCXB-C 192.168.1.0/24 -->10.0.0.0/16 -->PCXB-A So the Answer is DE. As per the current Infrastructure. Later in case VPC refactorization is done then we may go for AE.(But not now)

A. Create subnets 192.168.1.0/28 and 192.168.1.16/28. Move i-3 and i-4 to these subnets, respectively. Then E. Create route 1st to VPC A, associated with both subnets 192.168.1.0/28 and 192.168.1.16/28 Create route 2nd to VPC C, associated with ONLY subet 192.168.1.16/28, where i-4 is located.

there's nothing wrong with VPC B. ans is C,D

BD can't be right. It will break i-4 to i-2. C itself is good enough in some sense. C&D together doesn't look right because D doesn't make sense without A. Why would you create another RT if you only have one subnet? Actually, the requirement is self-conflicting: ✑ i-4 must be able to communicate with i-2 ✑ i-3 and i-4 are able to communicate with i-1, but not with i-2. Did it just say i-4 need to talk to i-2? I hope I don't run into this question. If you let me guess, it wants you to choose BD but didn't have their mind straight for the question.

Answer should be c & D. As i3 & i4 both will connect to i1 & i2.

I'll take A and D because there's connection between vpc-a and vpc b already