AWS Certified Advanced Networking – Specialty ANS-C00 – Question395

A company uses an AWS Site-to-Site VPN to connect its corporate network. The company recently added an AWS Direct Connect connection. A network engineer wants all traffic to use the Direct Connect connection, and for the VPN to be used as backup. However, after the Direct Connect connection was added, traffic continued to pass through the VPN connection.
What should the network engineer do to route the traffic through the Direct Connect connection?

A.
Add routes to the VPC route tables that specify the Direct Connect connection.
B. Set local preference BGP community tags on the on-premises router.
C. Advertise the same network routes over the Direct Connect connection and VPN connection.
D. Ensure the Direct Connect connection AS_PATH is longer than the VPN connection AS_PATH.

Correct Answer: C

Explanation:

Explanation:
If you are advertising the same routes toward the AWS VPC, the Direct Connect path is always being preferred, regardless of AS path prepending.
Reference: https://aws.amazon.com/premiumsupport/knowledge-center/configure-vpn-backup-dx/