A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR
(20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to
the user’s data centre. Which of the below mentioned options is a valid entry for the main route table in this
scenario?
A.
Destination: 20.0.0.0/24 and Target: vgw-12345
B.
Destination: 20.0.0.0/16 and Target: ALL
C.
Destination: 20.0.1.0/16 and Target: vgw-12345
D.
Destination: 0.0.0.0/0 and Target: vgw-12345
Explanation:
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his
own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with
his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to
route all traffic of the VPN subnet. Here are the valid entries for the main route table in this scenario:
Destination: 0.0.0.0/0 & Target: vgw-12345 (To route all internet traffic to the VPN gateway.
Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC.
D.
Destination: 0.0.0.0/0 and Target: vgw-12345
0
0
I feel C is correct
Destination: 20.0.1.0/16 and Target: vgw-12345
0
0
“VPN only subnets CIDR (20.0.1.0/24”
C. Destination: 20.0.1.0/16 and Target: vgw-12345
I think CIDR are different if you would put 20.0.1.0/16 it would try to route whole VPC traffic through VPN
0
0
D.
Here are the valid entries for the main route table in this scenario: Destination:
0.0.0.0/0 & Target: vgw-12345 (To route all internet traffic to the VPN gateway.
Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC.
0
0
c
0
0
The answer should be D.
The main route table came with the VPC, and it also has a route for the VPN-only subnet. A custom route table is associated with the public subnet. The custom route table has a route over the Internet gateway (the destination is 0.0.0.0/0, and the target is the Internet gateway).
If you create a new subnet in this VPC, it’s automatically associated with the main route table, which routes its traffic to the virtual private gateway. If you were to set up the reverse configuration (the main route table with the route to the Internet gateway, and the custom route table with the route to the virtual private gateway), then a new subnet automatically has a route to the Internet gateway.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html
1
0
d
0
0
D
0
0
C
0
0
Actually none looks right.
0
0
None – all answers are wrong.
0.0 – means you trying to go to internet not your DC
0
0
Sorry my bad (what was I thinking – haste is waste)
D is correct answer
0
0