AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 239

You are your company's AWS cloud architect. You have created a VPC topology that consists of 3 VPCs. You have a centralised VPC (VPC-Shared) that provides shared services to the remaining 2 departmental dedicated VPCs (VPC-Dept1 and VPC-Dept2). The centralised VPC is VPC peered to both of the departmental VPCs, that is a VPC peering connection exists between VPC-Shared and VPC-Dept1, and a VPC peering connection exists between VPC-Shared and VPC-Dept2.
Select the correct option from the list below.

Answer options

• A. Network traffic is possible between VPC-Shared instances and VPC-Dept1 and VPC-Dept2 instances as long as the appropriate routes and security groups are in place, but only for communication that is initiated from VPC1-Shared instances as the default peering bi-directional communication flag has been disabled.
• B. Instances within VPC-Dept1 can communicate directly with instances in VPC-Shared, as long as the appropriate routes and security groups are in place, and vice versa regardless of who initiates communication
• C. All network communication remains blocked between all VPCs until the respective peering bi-directional communication flags are set to the appropriate setting that allows traffic to flow.
• D. Network traffic is possible between VPC-Shared instances and VPC-Dept1 and VPC-Dept2 instances as long as the appropriate routes and security groups are in place, but only for communication that is initiated from VPC1-Shared instances as the default peering bi-directional communication flag has been enabled.

Correct answer: B

Explanation

Option B is correct because VPC peering allows for bi-directional communication between the VPCs, assuming that the necessary routes and security groups are configured correctly. The other options incorrectly state limitations on communication direction or imply that additional flags need to be set for communication to occur, which is not accurate for VPC peering.