AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 106

A company recently started using AWS Client VPN to give its remote users the ability to access resources in multiple peered VPCs and resources in the company's on-premises data center. The Client VPN endpoint route table has a single entry of 0.0.0.0/0. The Client VPN endpoint is using a new security group that has no inbound rules and a single outbound rule that allows all traffic to 0.0.0.0/0.

Multiple remote users report that web search results are showing incorrect geographic location information for the users.

Which combination of steps should a network engineer take to resolve this issue with the LEAST amount of service interruption? (Choose three.)

Answer options

• A. Switch users to AWS Site-to-Site VPNs.
• B. Enable the split-tunnel option on the Client VPN endpoint.
• C. Add routes for the peered VPCs and for the on-premises data center to the Client VPN route table.
• D. Remove the 0.0.0.0/0 outbound rule from the security group that the Client VPN endpoint uses.
• E. Delete and recreate the Client VPN endpoint in a different VPC.
• F. Remove the 0.0.0.0/0 entry from the Client VPN endpoint route table.

Correct answer: B, C, F

Explanation

The correct answer includes enabling split-tunnel (B), which allows users to access the internet directly, mitigating incorrect geolocation issues. Adding routes for the peered VPCs and on-premises data center (C) is necessary for proper resource access. Removing the 0.0.0.0/0 entry (F) helps in redirecting traffic appropriately. Other options either complicate the setup or do not address the core issue of geolocation inaccuracies.