Answer-first summary for fast verification
Answer: Configure a separate transit gateway route table for each application VPC. Associate each application VPC attachment with its respective transit gateway route table. Propagate the shared services VPC attachment and the VPN attachment to this transit gateway route table., Configure a separate transit gateway route table for on premises and the shared services VPC. Associate the VPN attachment and the shared services VPC attachment with this transit gateway route table. Propagate all application VPC attachments to this transit gateway route table.
To meet the requirements of isolating application VPCs from each other while allowing bidirectional communication between the application VPCs and both the on-premises network and the shared services VPC, the network engineer needs to carefully design the transit gateway route tables. Option A suggests creating a separate transit gateway route table for the on-premises network and associating the VPN attachment with this table, then propagating all application VPC attachments to this table. This approach does not isolate the application VPCs from each other, as all application VPCs would share the same route table for on-premises communication. Option B suggests creating a separate transit gateway route table for each application VPC, associating each VPC attachment with its respective route table, and propagating the shared services VPC attachment and the VPN attachment to each of these route tables. This approach isolates the application VPCs from each other and allows bidirectional communication with both the on-premises network and the shared services VPC, meeting all requirements. Option C suggests creating a single transit gateway route table for all application VPCs, which does not isolate the application VPCs from each other. Option D suggests creating a separate transit gateway route table for the shared services VPC and propagating all application VPC attachments to this table, which does not isolate the application VPCs from each other. Option E suggests creating a separate transit gateway route table for both the on-premises network and the shared services VPC, associating the VPN attachment and the shared services VPC attachment with this table, and propagating all application VPC attachments to this table. This approach does not isolate the application VPCs from each other. Therefore, the correct combination of actions that meets all requirements with the least number of transit gateway route tables is provided by options B and E.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company operates its AWS environment in a single AWS Region, comprising several hundred application VPCs, a shared services VPC, and a VPN connection to its on-premises network. A network engineer must configure a transit gateway with the following requirements:
• Application VPCs must remain isolated from each other.
• Bidirectional communication must be enabled between the application VPCs and the on-premises network.
• Bidirectional communication must be enabled between the application VPCs and the shared services VPC.
The network engineer has set up the transit gateway with default route table association and propagation disabled. They have also created the VPN attachment for the on-premises network and VPC attachments for the application VPCs and shared services VPC.
To meet all requirements with the fewest transit gateway route tables, which two actions should the network engineer take? (Choose two.)
A
Configure a separate transit gateway route table for on premises. Associate the VPN attachment with this transit gateway route table. Propagate all application VPC attachments to this transit gateway route table.
B
Configure a separate transit gateway route table for each application VPC. Associate each application VPC attachment with its respective transit gateway route table. Propagate the shared services VPC attachment and the VPN attachment to this transit gateway route table.
C
Configure a separate transit gateway route table for all application VPCs. Associate all application VPCs with this transit gateway route table. Propagate the shared services VPC attachment and the VPN attachment to this transit gateway route table.
D
Configure a separate transit gateway route table for the shared services VPC. Associate the shared services VPC attachment with this transit gateway route table. Propagate all application VPC attachments to this transit gateway route table.
E
Configure a separate transit gateway route table for on premises and the shared services VPC. Associate the VPN attachment and the shared services VPC attachment with this transit gateway route table. Propagate all application VPC attachments to this transit gateway route table.