AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 239

A company runs workloads in multiple VPCs. The company needs to securely access a workload in one of the VPCs, named VPC-A, from an on-premises data center. A network engineer sets up an AWS Site-to-Site VPN connection to a transit gateway. The network engineer configures dynamic routing for the connection, and communication works properly.

Recently, the owner of VPC-A added another CIDR range to the VPC. The VPC-A owner created workloads that use the additional CIDR range.

The company's on-premises network is unable to reach the new workloads. The network engineer needs to resolve the network connectivity issue and ensure that connectivity will not be affected if additional VPC CIDR ranges are added to the VPC in the future.

Which solution will meet these requirements with the MOST operational efficiency?

Answer options

• A. Configure route propagation for VPC-A to the VPN attachment route table.
• B. Manually update the VPN attachment route table to include the new CIDR range.
• C. Configure an Amazon EventBridge rule to invoke an AWS Lambda function when the rule to matches an update to the VPC-A CIDR range. Configure the Lambda function to update the VPN attachment route table.
• D. Configure an Amazon CloudWatch alarm to invoke an AWS Lambda function when there is an update to the VPC-A CIDR range. Configure the Lambda function to update the VPN attachment route table. Restart the VPN tunnels.

Correct answer: A

Explanation

The correct answer is A, as configuring route propagation allows for automatic updates to the route table when new CIDR ranges are added, ensuring continuous connectivity with minimal manual intervention. Option B requires manual updates, which is less efficient. Options C and D involve additional complexity with Lambda functions and event-driven updates, which are not necessary given that route propagation can handle the updates more efficiently.