AWS Certified SysOps Administrator – Associate (legacy) — Question 332

A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24) and VPN only subnets CIDR
(20.0.1.0/24) along with the VPN gateway (vgw-12345) to connect to the user's data center. The user's data center has CIDR 172.28.0.0/12. The user has also setup a NAT instance (i-123456) to allow traffic to the internet from the VPN subnet. Which of the below mentioned options is not a valid entry for the main route table in this scenario?

Answer options

• A. Destination: 20.0.1.0/24 and Target: i-12345
• B. Destination: 0.0.0.0/0 and Target: i-12345
• C. Destination: 172.28.0.0/12 and Target: vgw-12345
• D. Destination: 20.0.0.0/16 and Target: local

Correct answer: A

Explanation

The route with destination 20.0.0.0/16 and target local is automatically created to manage all internal VPC communication, meaning subnets within the VPC are already routed locally. Trying to route a specific subnet within that VPC range (20.0.1.0/24) to a NAT instance (i-12345) is invalid. The other options correctly define the default route to the NAT instance for internet access and the corporate network route to the virtual private gateway.