Examice

Exam ANS-C01 All QuestionsBrowse all questions from this exam

Question 180

A company has a transit gateway in AWS Account A. The company uses AWS Resource Access Manager (AWS RAM) to share the transit gateway so that users in other accounts can connect to multiple VPCs in the same AWS Region. AWS Account B contains a VPC (10.0.0.0/16) with subnet 10.0.0.0/24 in the us-west-2a Availability Zone and subnet 10.0.1.0/24 in the us-west-2b Availability Zone. Resources in these subnets can communicate with other VPCs.

A network engineer creates two new subnets: 10.0.2.0/24 in the us-west-2b Availability Zone and 10.0.3.0/24 in the us-west-2c Availability Zone. All the subnets share one route table. The default route 0.0.0.0/0 is pointing to the transit gateway. Resources in subnet 10.0.2.0/24 can communicate with other VPCs, but resources in subnet 10.0.3.0/24 cannot communicate with other VPCs.

What should the network engineer do so that resources in subnet 10.0.3.0/24 can communicate with other VPCs?

In Account B, add 10.0.2.0/24 and 10.0.3.0/24 as the destinations to the route table. Use the transit gateway as the target.

In Account B, update the transit gateway attachment. Attach the new subnet ID that is associated with us-west-2c to Account B's VPC.

In Account A, create a static route for 10.0.3.0/24 in the transit gateway route tables.

In Account A, recreate propagation for 10.0.0.0/16 in the transit gateway route tables.

Correct Answer: B

When you attach a VPC to a transit gateway, you must specify one subnet from each Availability Zone to be used by the transit gateway to route traffic. In this scenario, resources in the new subnet 10.0.3.0/24 in the us-west-2c Availability Zone cannot communicate with other VPCs likely because the new subnet has not been attached to the transit gateway. Updating the transit gateway attachment to include the new subnet in us-west-2c would ensure that the transit gateway can route traffic for resources in this subnet, enabling communication with other VPCs.

Discussion

KobDragoonOption: C

If all subnets share one route table then new subnet in AZ C should also have a route to the TGW, and we don't need necessarily a TGW attachment associated with the new subnet C, it should be able to route to the existing TGW attachments inside the VPC. Only answer that makes sense to me then is C if we assume that Account B doesn't have route propagation enabled by default and the TGW route tables are using instead static routes. This would explain why traffic can't reach the new subnet but can reach the others.

acloudguruOption: B

Option C is incorrect because the transit gateway route tables are managed by Account A, which owns the transit gateway. Account B cannot modify the route tables in Account A's transit gateway. Option D is incorrect because propagation is not relevant in this scenario. Propagation is used when you have multiple transit gateways in different AWS Regions, and you want to propagate routes between them.

kajiyatta

When you attach a VPC to a transit gateway, you must specify one subnet from each Availability Zone to be used by the transit gateway to route traffic. Specifying one subnet from an Availability Zone enables traffic to reach resources in every subnet in that Availability Zone. https://docs.aws.amazon.com/vpc/latest/tgw/tgw-vpc-attachments.html

hedglin

The correct answer is B: In Account B, update the transit gateway attachment. Attach the new subnet ID that is associated with us-west-2c to Account B's VPC. C is wrong. Creating a static route in Account A's transit gateway route tables is not necessary and wouldn't solve the issue, as the problem is with the attachment, not routing.

seochanOption: C

There’s no such thing as ‘Attach the new subnet ID’ in TGW attachments.

KupaloidOption: B

The most likely cause is that the new subnet has not been attached to the transit gateway.