AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 249

A company has several AWS Site-to-Site VPN connections between an on-premises customer gateway and a transit gateway. The company's application uses IPv4 to communicate through the VPN connections.

The company has updated the VPC to be dual stack and wants to transition to using IPv6-only for new workloads. When the company tries to communicate through the existing VPN connections, IPv6 traffic fails.

Which solution will provide IPv6 support with the LEAST operational overhead?

Answer options

• A. Create a new Site-to-Site VPN connection that supports IPv6.
• B. Create a new Site-to-Site VPN connection to a self-managed Amazon EC2 instance that runs open source software.
• C. Update the existing Site-to-Site VPN connections to support IPv6.
• D. Update the on-premises customer gateway's public IP address from IPv4 to IPv6.

Correct answer: A

Explanation

Creating a new Site-to-Site VPN connection that supports IPv6 is the most straightforward solution that requires the least overhead, as it avoids potential complications of modifying existing connections. Updating existing connections or changing the customer gateway's IP address could introduce more complexity or downtime. Setting up a self-managed EC2 instance for VPN adds unnecessary management tasks.