AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 58

An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF.
What additional configuration is required to enable the applications in VPCs to communicate with each other and access on-premises resources?

Answer options

• A. Configure each application VPC with a static route entry pointing the on-premises CIDR block to the software VPN instances.
• B. Configure the central VPC with a static route entry pointing the on-premises CIDR block to local VGWs.
• C. Advertise all application VPC CIDR blocks to on-premises resources via the VGW in the central VPC.
• D. Configure IPSec tunnels from the on-premises router into the software VPN instances with dynamic routing.

Correct answer: B

Explanation

The correct answer is B because the central VPC needs to have a static route that directs traffic from the on-premises CIDR block to its VGWs to facilitate communication. The other options either suggest incorrect routing configurations or do not address the requirement for the central VPC to properly route traffic to on-premises resources.