Answer-first summary for fast verification
Answer: Update the Direct Connect transit VIF and configure BGP peering with the AWS assigned IPv6 peering address. Update the existing VPN connection to support IPv6 connectivity. Add an egress-only internet gateway. Update any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices.
The question requires updating the hybrid network to support IPv6 without making changes to the current infrastructure, blocking direct access to the instances' new IPv6 addresses from the internet, and allowing outbound internet access from the instances. Option B is the most operationally efficient solution because it updates the existing Direct Connect transit VIF and VPN connection to support IPv6, which avoids the need for creating new connections and minimizes changes to the current infrastructure. Adding an egress-only internet gateway allows outbound internet access from the instances while blocking direct inbound access from the internet, meeting the security requirements. Updating the VPC security groups and route tables ensures connectivity within the VPC and between the VPC and on-premises devices. Option A is similar but suggests creating a new VPN connection, which is unnecessary and less efficient. Options C and D suggest creating a new Direct Connect transit VIF, which is not required and would involve more changes to the current infrastructure than necessary.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A network engineer must update a company's hybrid network to support IPv6 for a new application hosted in an AWS VPC. The existing AWS infrastructure includes VPCs connected via a transit gateway, which is linked to the on-premises network through AWS Direct Connect and AWS Site-to-Site VPN. The on-premises devices already support IPv6. The company has enabled IPv6 in the VPC by assigning an IPv6 CIDR block and configuring subnets for dual-stack support. New EC2 instances for the application have been launched in these updated subnets.
The network engineer must ensure the hybrid network supports IPv6 without altering the current infrastructure. Additionally, direct internet access to the instances' IPv6 addresses must be blocked, while allowing outbound internet access from the instances.
What is the MOST operationally efficient solution that meets these requirements?
A
Update the Direct Connect transit VIF and configure BGP peering with the AWS assigned IPv6 peering address. Create a new VPN connection that supports IPv6 connectivity. Add an egress-only internet gateway. Update any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices
B
Update the Direct Connect transit VIF and configure BGP peering with the AWS assigned IPv6 peering address. Update the existing VPN connection to support IPv6 connectivity. Add an egress-only internet gateway. Update any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices.
C
Create a Direct Connect transit VIF and configure BGP peering with the AWS assigned IPv6 peering address. Create a new VPN connection that supports IPv6 connectivity. Add an egress-only internet gateway. Update any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices.
D
Create a Direct Connect transit VIF and configure BGP peering with the AWS assigned IPv6 peering address. Create a new VPN connection that supports IPv6 connectivity. Add a NAT gateway. Update any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices.