AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 184

Your on-premises network has an IP address range of 11.11.0.0/16. Only IPs within this network range can be used for inter-server communication. The IP address range 11.11.253.0/24 has been allocated for the cloud.
You need to design a VPC in AWS. The servers within the VPC should be able to communicate with hosts both on the Internet and on-premises through a VPN connection.
What combination of configuration steps meets your needs? (Choose two)

Answer options

• A. Set up the VPC with an IP address range of 11.11.253.0/24.
• B. Set up the VPC with an RFC 1918 private IP address range (e.g., 10.10.10.0/24), and set up a NAT gateway to do translation between 10.10.10.0/24 and 11.11.253.0/24 for all outbound traffic.
• C. Set up a VPN connection between a VGW and an on-premises router, set the VGW as the default gateway for all traffic, and configure the on-premises router to forward traffic to the Internet.
• D. Set up a VPN connection between a VGW and an on-premises router, set the VGW as the default gateway for traffic destined to 11.11.0.0/24, and add a VPC subnet route to point the default gateway to an Internet gateway for Internet traffic.
• E. Set up the VPC with an RFC 1918 private IP address range (e.g., 10.10.10.0/24), and set the VGW to do a source IP translation of all outbound packets to 11.11.0.0/16.

Correct answer: A, C

Explanation

The correct answers, A and C, ensure that the VPC is correctly set up for communication with both the cloud and on-premises environment. Option A allocates the appropriate IP range for the VPC, and option C establishes the necessary VPN connection to allow traffic between the two networks. The other options do not meet the requirements as they either use incorrect IP ranges for the VPC or misconfigure the routing for Internet access.