Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

$2 OFF in ALL Azure Practice Exams & NEW AZ-500 Microsoft Azure Security Engineer Associate Practice Exams at $10.99!

Find answers, ask questions, and connect with our
community around the world.

Home Forums General Discussions ANS-C00 Questions and inconsistent answers

  • ANS-C00 Questions and inconsistent answers

     Tutorials-Dojo updated 2 years, 11 months ago 2 Members · 4 Posts
    General Discussions

  • NSF2

    Member
    May 11, 2021 at 1:17 am

    Review Mode Set 2 – AWS Certified Advanced Networking Question 18.

    Answer 3. Associate multiple transit gateways in the same AWS Region.

    – If you have direct connect gateway, you can associate up to three transit gateways from multiple region.

    Answer 5. Connect multiple VPCs in the same or different AWS account using the Direct Connect connection

    – If you create transit VIF in direct connect gateway, you cant have private VIFs.

  • NSF2

    Member
    May 13, 2021 at 8:50 pm

    Another question with inconsistent answer

    Ref: practice exam review mode set 1

    1. QUESTION

    Category: ANS – Design and Implement AWS Networks

    The company’s on-premises network has an established AWS Direct Connect connection to its VPC in AWS. A Network Engineer is designing the network infrastructure of a multitier application hosted in an Auto Scaling group of EC2 instances. The application will be accessed by the employees from the on-premises network as well as from the public Internet. The network configuration must automatically update routes in your route table based on your dynamic BGP route advertisement.

    What should the Engineer do to implement this network setup?

    As per the tutorialdojo, the correct answer:

    Enable route propagation in the route table of the VPC and add a specific route to the on-premises network. Specify the virtual private gateway as the target.

    If the route propagation has been enabled, why do you need specific routes?

    • Tutorials-Dojo

      Administrator
      May 15, 2021 at 7:18 am

      Hi NFS,

      Thank you for raising your concerns about this scenario. The answer to your question can actually be found in the provided explanation.

      Enabling route propagation is not a silver bullet. The routing depends on whether a route in your Route Table is static or propagated and which is more “specific” – which is a term related to the networking concept of Longest Prefix Match. (e.g. 192.168.0.0/24 is more “specific” (smaller CIDR block) than the 192.168.0.0/16 block.

      In a Site-to-Site VPN connection, you can specify two types of routing:

      1. static
      2. dynamic (also known as propagated route).

      Just as what is shown in the explanation:

      We use the most specific route in your route table that matches the traffic to determine how to route the traffic (longest prefix match). If your route table has overlapping or matching routes, the following rules apply:

      If propagated routes from a Site-to-Site VPN connection or AWS Direct Connect connection overlap with the local route for your VPC, the local route is most preferred even if the propagated routes are more specific.

      If propagated routes from a Site-to-Site VPN connection or AWS Direct Connect connection have the same destination CIDR block as other existing static routes (longest prefix match cannot be applied), we prioritize the static routes whose targets are an internet gateway, a virtual private gateway, a network interface, an instance ID, a VPC peering connection, a NAT gateway, a transit gateway, or a gateway VPC endpoint.

      Reference:

      https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNRoutingTypes.html

      Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!

      Regards,

      Jon Bonso @ Tutorials Dojo

  • Tutorials-Dojo

    Administrator
    May 15, 2021 at 7:02 am
    Hi NFS2,

    Thank you for posting your question. The question says:

    A multinational bank has a single transit gateway that has multiple VPC and VPN attachments. The Network team established an AWS Direct Connect connection from the company’s on-premises network to a Direct Connect location. Afterward, they provisioned an AWS Direct Connect Gateway that connects to the AWS Direct Connect location via a transit virtual interface. With this setup, what other network connections can be implemented? (Select TWO.)

    Each scenario in our practice tests comes with a detailed explanation and relevant AWS reference links that you can check.

    The official AWS documentation actually supports the provided answer. As per this document: https://aws.amazon.com/premiumsupport/knowledge-center/public-private-interface-dx/

    To connect to your resources hosted in an Amazon VPC (using their private IP addresses) through a transit gateway, use a transit virtual interface. With a transit virtual interface, you can:

    • Connect multiple VPCs in the same or different AWS account using DX.
    • Associate up to three transit gateways in the same AWS Region when you use a transit virtual interface to connect to a DX gateway.
    • Attach VPCs in the same AWS Region to the transit gateway. Then, access multiple VPCs in different AWS accounts in the same AWS Region using a transit virtual interface.

    Let us know if you need further assistance. The Tutorials Dojo team is dedicated in helping you pass your AWS exam on your first try!

    Regards,

    Jon Bonso @ Tutorials Dojo

Viewing 1 - 3 of 3 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now