AWS Certified Solutions Architect - Professional

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Establish a dedicated transit gateway route table for each VPC attachment, ensuring that traffic is directed only to the authorized VPCs.

The correct answer is C. Creating a dedicated transit gateway route table for each VPC attachment allows for fine-grained control over the routing of traffic between VPCs. By implementing separate route tables, the solutions architect can specify the allowed routes for each VPC attachment. This ensures that communication between VPCs is limited to only the authorized VPCs, providing a secure and controlled network environment. This method is preferred over modifying network ACLs, security groups, or main route tables as it offers a more precise and manageable approach to control inter-VPC communication.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Establish a dedicated transit gateway route table for each VPC attachment, ensuring that traffic is directed only to the authorized VPCs.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company deploys applications using AWS CloudFormation across multiple VPCs interconnected via a transit gateway. Traffic destined for the public internet is routed through a shared services VPC. Each VPC's subnets utilize the default VPC route table, directing traffic to the transit gateway, which in turn employs its default route table for all VPC attachments. A security audit has identified that EC2 instances within a VPC can communicate with instances in other company VPCs. To enhance security, a solutions architect must restrict this communication, allowing each VPC to interact only with a predetermined set of authorized VPCs. What measures should the solutions architect implement to achieve this restricted communication?

Exam-Like

Modify the network ACLs of each subnet in a VPC to permit outbound traffic solely to the authorized VPCs, and eliminate all deny rules except for the default deny rule.

40.0%

Adjust the security groups within a VPC to block outbound traffic to security groups associated with unauthorized VPCs.

0.0%

Establish a dedicated transit gateway route table for each VPC attachment, ensuring that traffic is directed only to the authorized VPCs.

60.0%

Amend the main route table of each VPC to ensure traffic is routed exclusively to the authorized VPCs via the transit gateway.