AWS Certified Advanced Networking – Specialty ANS-C00 – Question232

Your on-premises network has an IP address range of 11.11.0.0/16. Only IPs within this network range can be used for inter-server communication. The IP address range 11.11.253.0/24 has been allocated for the cloud.
You need to design a VPC in AWS. The servers within the VPC should be able to communicate with hosts both on the Internet and on-premises through a VPN connection.
What combination of configuration steps meets your needs? (Choose two)

A.
Set up the VPC with an IP address range of 11.11.253.0/24.
B. Set up the VPC with an RFC 1918 private IP address range (e.g., 10.10.10.0/24), and set up a NAT gateway to do translation between 10.10.10.0/24 and 11.11.253.0/24 for all outbound traffic.
C. Set up a VPN connection between a VGW and an on-premises router, set the VGW as the default gateway for all traffic, and configure the on-premises router to forward traffic to the Internet.
D. Set up a VPN connection between a VGW and an on-premises router, set the VGW as the default gateway for traffic destined to 11.11.0.0/24, and add a VPC subnet route to point the default gateway to an Internet gateway for Internet traffic.
E. Set up the VPC with an RFC 1918 private IP address range (e.g., 10.10.10.0/24), and set the VGW to do a source IP translation of all outbound packets to 11.11.0.0/16.

Correct Answer: AC

Explanation:

Explanation: The VPC needs to use a CIDR block in the assigned range (and be non-overlapping with the data center). All traffic not destined for the VPC is routed to the VGW (that route is assumed) and must then be forwarded to the Internet when it arrives on-premises. B and E are wrong because they are not in the assigned range (you can use non-RFC 1918 addresses in a VPC). D is wrong because it directs traffic to the Internet through the Internet gateway.