Answer-first summary for fast verification
Answer: Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.
To force instance-A's traffic through instance-B, a custom static route with a more specific CIDR than the system-generated subnet route must be created. This ensures higher priority. Applying a network tag to the route and instance-A ensures the route only applies to instance-A. Option B correctly uses a tag, while option A lacks tagging, affecting all instances. Deleting system routes (C) isn't possible. Option D is overly complex and unnecessary.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
To enforce subnet-level isolation by routing traffic from instance-A (in one subnet) through a security appliance, instance-B (in another subnet), what should you do?
Options:
A. Create a more specific route than the system-generated subnet route, setting the next hop to instance-B without applying any tags.
B. Create a more specific route than the system-generated subnet route, setting the next hop to instance-B and applying a tag that matches instance-A.
C. Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.
A
Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.
B
Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.
C
Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.
D
Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance-A's network. Configure the appropriate routes to force traffic through to instance-A.