AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 348

A company is running services in a VPC with a CIDR block of 10.5.0.0/22. End users report that they no longer can provision new resources because some of the subnets in the VPC have run out of IP addresses.
How should a network engineer resolve this issue?

Answer options

• A. Add 10.5.2.0/23 as a second CIDR block to the VPC. Create a new subnet with a new CIDR block, and provision new resources in the new subnet.
• B. Add 10.5.4.0/21 as a second CIDR block to the VPC. Assign a second network from this CIDR block to the existing subnets that have run out of IP addresses.
• C. Add 10.5.4.0/22 as a second CIDR block to the VPC. Assign a second network from this CIDR block to the existing subnets that have run out of IP addresses.
• D. Add 10.5.4.0/22 as a second CIDR block to the VPC. Create a new subnet with a new CIDR block, and provision new resources in the new subnet.

Correct answer: D

Explanation

To resolve the IP exhaustion, a non-overlapping secondary CIDR block must be added to the VPC. The range 10.5.4.0/22 does not overlap with the existing 10.5.0.0/22 range (which covers 10.5.0.0 to 10.5.3.255), whereas 10.5.2.0/23 does overlap and is invalid. Additionally, because AWS does not allow you to assign multiple CIDR blocks to an existing subnet or dynamically expand its range, you must create a new subnet within the secondary CIDR block to provision new resources.