Your company has installed an AWS Direct Connect connection in an ap-southeast-1 Direct Connect location. A public virtual interface is configured through a router to a dedicated firewall. You advertise your company's public /24 CIDR block to AWS with AS 65500. The company maintains a separate, corporate Internet firewall to map all outbound traffic to a single IP. This firewall maintains a BGP relationship with an upstream Internet provider that has delegated the public IP block your company uses. When the BGP session for the public virtual interface is up, corporate network users cannot access Amazon S3 resources in the ap-southeast-1 region. Which step should you take to provide concurrent AWS and Internet access?
A) Configure AS-PATH prepending for the public virtual interface.
B) Advertise a host route for the corporate firewall on the public virtual interface.
C) Advertise a host route for the corporate firewall to the upstream Internet provider.
D) NAT the traffic destined for AWS from the dedicated firewall using the public virtual interface.
Correct Answer:
Verified
Q372: A company has applications running in a
Q373: A VPC is deployed with a 10.0.0.0/16
Q374: A department in your company has created
Q375: A company's website is hosted on an
Q376: A company is running services in a
Q378: In Amazon CloudFront, while creating a web
Q379: You wish to host a mailserver on
Q380: A company has a VPC in the
Q381: A network engineer needs to create a
Q382: A company is migrating a legacy storefront
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents