AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 118

A company's AWS environment has two VPCs. VPC A has a CIDR block of 192.168.0.0/16. VPC B has a CIDR block of 10.0.0.0/16. Each VPC is deployed in a separate AWS Region. The company has remote users who work outside the company's offices. These users need to connect to an application that is running in the VPCs.

Traffic to and from the VPCs over the internet must be encrypted. A network engineer must set up connectivity between the remote users and the VPCs.

Which combination of steps should the network engineer take to meet these requirements with the LEAST management overhead? (Choose three.)

Answer options

• A. Establish an AWS Site-to-Site VPN connection between VPC A and VPC B.
• B. Establish a VPC peering connection between VPC A and VPC B.
• C. Create an AWS Client VPN endpoint in VPC A and VPC B Add an authorization rule to grant access to VPC A and VPC B.
• D. Create an AWS Client VPN endpoint in VPC A Add an authorization rule to grant access to VPC A and VPC B.
• E. Add a route to the AWS Client VPN endpoint’s route table to direct traffic to VPC B.
• F. Add a route to the AWS Client VPN endpoint's route table to direct traffic to VPC A.

Correct answer: B, D, E

Explanation

The correct steps are B, D, and E because establishing a VPC peering connection allows secure traffic flow between the two VPCs without additional VPN management. Setting up an AWS Client VPN endpoint in VPC A provides remote users with secure access, and adding a route to VPC B ensures that traffic can reach both VPCs. The other options either involve unnecessary complexity or do not fulfill the requirement for remote user access.