ANS-C01 • Mock Exam 93
Free ANS-C01 mock exam — 25 questions with explanations. Set 93. No signup required.
A company has a Direct Connect connection with a private VIF to a VPC in us-east-1. The VPC has two subnets: a public subnet and a private subnet. The public subnet has an internet gateway attached. The private subnet has a NAT gateway. The company's on-premises network uses the 10.0.0.0/8 IP range. The VPC CIDR is 10.1.0.0/16. The on-premises router is advertising 10.1.0.0/16 over BGP to the Direct Connect router. The company needs EC2 instances in the private subnet to initiate outbound connections to the internet for updates. The NAT gateway is in the public subnet. The route table for the private subnet has a default route (0.0.0.0/0) pointing to the NAT gateway. However, the on-premises network team reports that they can ping the private IP of the NAT gateway (10.1.0.10) but not the private IP of an EC2 instance in the private subnet (10.1.1.50). The EC2 instance's security group allows ICMP from the on-premises IP range. The VPC's main route table has a route for 10.0.0.0/8 pointing to the virtual private gateway. The VPC is attached to a virtual private gateway. What is the most likely cause?