AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 233

A company has five VPCs in the us-east-1 Region. The company hosts an internal web application in us-east-1. One of the company's VPCs. named VPC-A, needs to connect to an external partner's AWS environment. The partner’s environment is in the same AWS Region where the partner hosts a new version of the company's web application. The partner hosts its version of the application in a VPC named VPC-B.

The company has Amazon EC2 instances in VPC-A that need to connect to the web application in VPC-B A network engineer notices that the partner's VPC-B and the company's VPC-A use the same IP space. The network engineer needs a solution to allow the EC2 instances to connect to the web application. The solution must not negatively affect the exiting environment of the company or the partner.

Which combination of steps should the network engineer take meet these requirements? (Choose two.)

Answer options

• A. Establish a VPC peering connection between VPC-A to VPC-B.
• B. Ensure the partner creates a VPC endpoint service that uses a Network Load Balancer in VPC-B.
• C. Deploy a VPC endpoint in VPC-A that uses a VPC endpoint service that is shared by the partner.
• D. Deploy a new routable VPC CIDR block as a secondary CIDR block to both VPC-A and VPC-B. Deploy a public NAT gateway in VPC-A.
• E. Establish an AWS Site-to-Site VPN connection between VPC-A and VPC-B.

Correct answer: B, C

Explanation

The correct answers are B and C because establishing a VPC endpoint service allows for secure communication between VPC-A and VPC-B without IP address conflicts. Options A and E would not resolve the IP space issue, while D would require significant changes to both VPCs, potentially disrupting existing environments.