AWS Certified Advanced Networking - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Prevent asymmetric routing in the inspection VPCs by ensuring that both requests and responses are inspected by the same inspection VPC

The issue described involves inter-Region communication not working in a hub and spoke architecture that uses transit gateway peering and AWS Network Firewall for traffic inspection. The key to resolving this issue lies in ensuring that traffic inspection is handled correctly to prevent asymmetric routing, which can cause communication failures. Asymmetric routing occurs when the request and response paths between two points take different routes, potentially bypassing the inspection VPC for one of the paths. This can lead to the inspection VPC not being able to properly inspect and allow the traffic, causing communication to fail. Option C directly addresses this by ensuring that both requests and responses are inspected by the same inspection VPC, thereby preventing asymmetric routing. Options A, B, and D do not directly address the root cause of the problem, which is asymmetric routing due to traffic inspection. Therefore, the correct solution is to prevent asymmetric routing in the inspection VPCs by ensuring that both requests and responses are inspected by the same inspection VPC.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Prevent asymmetric routing in the inspection VPCs by ensuring that both requests and responses are inspected by the same inspection VPC

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A US-based company is expanding into Europe and requires its network infrastructure to be extended using a hub and spoke architecture in the eu-west-1 Region. A network engineer establishes a transit gateway peering connection to link the new resources in eu-west-1 with an existing environment in the us-east-1 Region.

Each AWS Region's hub and spoke architecture includes an inspection VPC with AWS Network Firewall to centralize traffic inspection within the Region. To minimize costs, the network engineer opts to inspect inter-Region traffic using the inspection VPC in the originating Region and configures the transit gateway route tables accordingly.

During testing, intra-Region communication functions as intended, but inter-Region communication fails. The network engineer must identify and implement a solution to resolve the inter-Region communication issue.

What solution will address this requirement?

Exam-Like

Configure Open Shortest Path First (OSPF) routing on the transit gateway peering connection to propagate the VPC CIDR blocks from each Region to the remote peer.

Use AWS Resource Access Manager (AWS RAM) to share access between the transit gateways. Enable the Allow sharing with anyone setting.

Prevent asymmetric routing in the inspection VPCs by ensuring that both requests and responses are inspected by the same inspection VPC

Enable Appliance mode on both the transit gateway attachments for the inspection VPC.