How can the user make this happen?

A user has created a VPC with CIDR 20.0.0.0/16. The user has created public and VPN only
subnets along with hardware VPN access to connect to the user’s datacenter. The user wants to
make so that all traffic coming to the public subnet follows the organization’s proxy policy. How
can the user make this happen?

A user has created a VPC with CIDR 20.0.0.0/16. The user has created public and VPN only
subnets along with hardware VPN access to connect to the user’s datacenter. The user wants to
make so that all traffic coming to the public subnet follows the organization’s proxy policy. How
can the user make this happen?

A.
Setting up a NAT with the proxy protocol and configure that the public subnet receives traffic
from
NAT

B.
Settin up a proxy policy in the internet gateway connected with the public subnet

C.
It is not possible to setup the proxy policy for a public subnet

D.
Setting the route table and security group of the public subnet which receives traffic from a
virtual private gateway

Explanation:
The user can create subnets within a VPC. If the user wants to connect to VPC from his own data
centre, he can setup public and VPN only subnets which uses hardware VPN access to connect
with his data centre. When the user has configured this setup, it will update the main route table
used with the VPN-only subnet, create a custom route table and associate it with the public
subnet. It also creates an internet gateway for the public subnet. By default the internet traffic of
the VPN subnet is routed to a virtual private gateway while the internet traffic of the public subnet
is routed through the internet gateway. The user can set up the route and security group rules.
These rules enable the traffic to come from the organization’s network over the virtual private
gateway to the public subnet to allow proxy settings on that public subnet.



Leave a Reply 4

Your email address will not be published. Required fields are marked *


Anuj

Anuj

Setting route table will route traffic via proxy

Stan

Stan

Answer is D to pass exam

Jerome

Jerome

How could it be D? There is no such thing as a security group for a subnet