ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 135 discussion

Exam question from Amazon's ANS-C00
Question #: 135
Topic #: 1
[All ANS-C00 Questions]

You have a DX connection and a VPN connection as backup for your 10.0.0.0/16 network. You just received a letter indicating that the colocation provider hosting the DX connection will be undergoing maintenance soon. It is critical that you do not experience any downtime or latency during this period.
What is the best course of action?

  • A. Configure the VPN as a static VPN instead of dynamic.
  • B. Configure AS_PATH Prepending on the DX connection to make it the less preferred path.
  • C. Advertise 10.0.0.0/9 and 10.128.0.0/9 over your VPN connection.
  • D. None of the above.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
A more specific route is the only way to force AWS to prefer a VPN connection over a DX connection. A /9 is not more specific than a /16.
by BlueGreen at Nov. 21, 2020, 6:18 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Scunningham99
Highly Voted 3 years, 7 months ago
D D D D D https://aws.amazon.com/premiumsupport/knowledge-center/configure-vpn-backup-dx/
upvoted 7 times
StelSen
3 years, 7 months ago
This is correct.
upvoted 1 times
...
...
sapien45
Most Recent 3 years, 2 months ago
Solution would have been to advertise a higer CIDR on the VPN connection D
upvoted 1 times
...
JamesTR
3 years, 7 months ago
B is not good. AWS will always prefer Direct Connect over VPN, regardless of AS path prepending https://aws.amazon.com/premiumsupport/knowledge-center/configure-vpn-backup-dx/
upvoted 2 times
...
Huntkey
3 years, 7 months ago
B. D is incorrect. 10.0.0.0/16 is more specific than 10.0.0.0/9 and 10.128.0.0/9. In addition, you can use the more specific prefix for controlling traffic from the AWS, but not which path to use for sending to the AWS
upvoted 2 times
Huntkey
3 years, 7 months ago
Sorry I meant B is incorrect. D is the answer.
upvoted 1 times
...
...
asiansensation
3 years, 8 months ago
D is the answer. If you are advertising the same routes toward the AWS VPC, the Direct Connect path is always be preferred, regardless of AS path prepending.
upvoted 4 times
...
Souslik1999
3 years, 8 months ago
B is the solution
upvoted 2 times
...
BlueGreen
3 years, 8 months ago
? B. Configure AS_PATH Prepending on the DX connection to make it the less preferred path.
upvoted 1 times
BlueGreen
3 years, 8 months ago
According to AWS "Be sure that Direct Connect is the preferred route from your end, and not over VPN when the Direct Connect virtual interface is up in order to avoid asymmetric routing; this might cause traffic to be dropped. We always prefer a Direct Connect connection over VPN routes."
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel