Answer-first summary for fast verification
Answer: Create a transit gateway. Attach the Site-to-Site VPN, VPC A, and VPC B to the transit gateway. Update the transit gateway route tables for all networks to add TP range routes for all other networks.
The question is about finding a solution that allows on-premises servers to connect to VPC B with the least operational effort, given that Example Corp. has already peered VPC A and VPC B and has set up network ACLs and security groups correctly. The answer provided is A. The explanation for choosing option A is as follows: Option A involves creating a transit gateway and attaching the Site-to-Site VPN, VPC A, and VPC B to it. The transit gateway is a managed service that enables you to route network traffic between your VPCs and on-premises networks. By attaching all the required networks to the transit gateway, you can simplify the routing configuration and achieve the desired connectivity with minimal operational effort. In this scenario, you would update the transit gateway route tables to include transit route propagation (TRP) for all networks, which allows the transit gateway to automatically propagate routes between the attached networks. This means that you do not need to manually configure routes for each network, reducing the operational effort required. The other options involve more complex configurations or manual route updates, which would require more operational effort: - Option B requires creating a new Site-to-Site VPN connection between the on-premises network and VPC B, connecting it to the transit gateway, and configuring additional routes and authorization rules. - Option C involves updating route tables for all three networks and configuring BGP propagation, which can take up to 5 minutes to complete. - Option D suggests modifying the Site-to-Site VPN's virtual private gateway definition and splitting the routers between the two VPCs, which is a more complex and less efficient solution. Therefore, option A is the most efficient and least operationally intensive solution for connecting on-premises servers to VPC B while leveraging the existing peering between VPC A and VPC B.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Which strategy would require the minimal amount of operational work to enable connectivity from Example Corp.'s on-premises servers to VPC B, given that VPC A and VPC B are peered, there's no IP address overlap, and the network ACLs and security groups are correctly configured?
A
Create a transit gateway. Attach the Site-to-Site VPN, VPC A, and VPC B to the transit gateway. Update the transit gateway route tables for all networks to add TP range routes for all other networks.
B
Create a transit gateway. Create a Site-to-Site VPN connection between the on-premises network and VPC B, and connect the VPN connection to the transit gateway. Add a route to direct traffic to the peered vpCs, and add an authorization rule to give clients access to the VPCs A and B.
C
Update the route tables for the Site-to-Site VPN and both VPCs for all three networks. Configure BGP propagation for all three networks. Wait for up to 5 minutes for BGP propagation to finish.
D
Modify the Site-to-Site VPN's virtual private gateway definition to include VPC A and VPC B. Split the two routers of the virtual private getaway between the two VPCS.