AWS Certified Advanced Networking - Specialty ANS-C01 Exam QuestionsBrowse all questions from this exam
Go to Exam

AWS Certified Advanced Networking - Specialty ANS-C01 Exam - Question 183

A company has an AWS Site-to-Site VPN connection between AWS and its branch office. A network engineer is troubleshooting connectivity issues that the connection is experiencing. The VPN connection terminates at a transit gateway and is statically routed. In the transit gateway route table, there are several static route entries that target specific subnets at the branch office.

The network engineer determines that the root cause of the issues was the expansion of underlying subnet ranges in the branch office during routine maintenance.

Which solution will solve this problem with the LEAST administrative overhead for future expansion efforts?

Show Answer
Correct Answer: C

The company should create a dynamically routed VPN to handle future subnet expansions with minimal administrative overhead. Using a dynamically routed VPN with BGP (Border Gateway Protocol) allows for the automatic propagation of route changes, which dynamically adapts to network changes and expansions. This removes the need for manual updates in the route table each time there's a change or addition to the subnet ranges, unlike static routing where manual updates are necessary. Therefore, implementing a dynamic routing system is the most future-proof and administratively efficient solution for this scenario.

Discussion

11 comments
Sign in to comment
KupaloidOption: C
May 16, 2024

Move from static to dynamic routing to remove administrative overhead

Kayceetalks
Mar 21, 2024

A - Correct

rltk8029
Apr 29, 2024

Why not C? Site-to-Site VPN config lets use BGP. As a traditional network engineer I'd always prefer dynamic routing.

JoellaLiOption: D
Apr 5, 2024

You can reference a prefix list in your transit gateway route table. A prefix list is a set of one or more CIDR block entries that you define and manage. You can use a prefix list to simplify the management of the IP addresses that you reference in your resources to route network traffic. For example, if you frequently specify the same destination CIDRs across multiple transit gateway route tables, you can manage those CIDRs in a single prefix list, instead of repeatedly referencing the same CIDRs in each route table. If you need to remove a destination CIDR block, you can remove its entry from the prefix list instead of removing the route from every affected route table. When you create a prefix list reference in your transit gateway route table, each entry in the prefix list is represented as a route in your transit gateway route table.

973b658Option: A
Apr 9, 2024

it is A.

Spaurito
Nov 2, 2024

C - Let dynamic routing do the work. Static routes are operational overhead.

psou7
Mar 21, 2024

I vote C

6cae226Option: A
Sep 3, 2024

The solution that provides the LEAST administrative overhead for future expansion efforts is Option A. By determining a supernet and using an aggregate route, you can significantly reduce the need for future updates to the Transit Gateway route table as the branch office network expands. This approach ensures that as long as the expansion stays within the defined supernet, no further route updates will be necessary.

woorkimOption: C
Dec 9, 2024

A: Using a supernet (aggregate route) can work if the branch office subnets fit neatly within a single supernet. However, if future expansions include subnets outside the supernet, manual updates will still be required. This does not fully solve the problem of minimizing administrative overhead. B: While AWS Direct Connect offers high bandwidth and low latency, it is unnecessary for addressing the root cause (static route updates). It also involves additional costs and complexity. D: A prefix list simplifies management compared to individual static routes, but it still requires manual updates whenever new subnets are added or existing ones change. This does not eliminate administrative overhead as effectively as dynamic routing.

AzureDP900Option: C
Dec 29, 2024

Here's why: Option C: This solution involves creating a dynamically routed VPN connection on the transit gateway and connecting it to the branch office. It then creates a propagation for the VPN attachment to the transit gateway route table. After that, it removes the existing static VPN connection.

TechAwesomeOption: D
Mar 23, 2025

D is correct. A for sure is wrong. The on-premises could expand it's network with a different RFC1918 subnet. For C, you need to build another connection.