Ends in
00
days
00
hrs
00
mins
00
secs
LEARN MORE

72-Hour Flash Sale! Get our AZ-900, AZ-104, and GCP ACE Practice Exams at Super Low Prices

FacebookTwitterYouTubeLinkedInSlackSlack

AWS Transit Gateway

  • A networking service that uses a hub and spoke model to enable customers to connect their on-premises data centers and their Amazon Virtual Private Clouds (VPCs) to a single gateway.
  • With this service, customers only have to create and manage a single connection from the central gateway into each on-premises data center, remote office, or VPC across your network.
  • If a new VPC is created, it is automatically connected to the Transit Gateway and will also be available to every other network that is also connected to the Transit Gateway.

Features

  • Inter-region peering 
    • Transit Gateway leverages the AWS global network to allow customers to route traffic across AWS Regions. 
    • Inter-region peering provides an easy and cost-effective way to replicate data for geographic redundancy or to share resources between AWS Regions.
IT Certification Category (English)728x90
  • Multicast 
    • Enables customers to have fine-grain control on who can consume and produce multicast traffic. 
    • It allows you to easily create and manage multicast groups in the cloud instead of the time-consuming task of deploying and managing legacy hardware on-premises. 
    • This multicast solution is also scalable so the customers can simultaneously distribute a stream of content to multiple subscribers. 
  • Automated Provisioning 
    • Customers can automatically identify the Site-to-Site VPN connections and the on-premises resources with which they are associated using AWS Transit Gateway. 
    • Using the Transit Gateway Network Manager, you can also manually define your on-premises network.

Note: If you are studying for the AWS Certified Advanced Networking Specialty exam, we highly recommend that you take our AWS Certified Advanced Networking – Specialty Practice Exams and read our Advanced Networking Specialty exam study guide.

AWS Certified Advanced Networking Specialty Practice Exams

Validate Your Knowledge

Question 1

A multinational bank has a single transit gateway that has multiple VPC and VPN attachments. The Network team established an AWS Direct Connect connection from the company’s on-premises network to a Direct Connect location. Afterward, they provisioned an AWS Direct Connect Gateway that connects to the AWS Direct Connect location via a transit virtual interface.

With this setup, what other network connections can be implemented? (Select TWO.)

  1. Connect multiple VPCs in the same or different AWS account using the Direct Connect connection.
  2. Associate multiple transit gateways in different AWS Regions to the Direct Connect Gateway and use the same ASNs for each transit gateway.
  3. Allow on-premises servers to connect to AWS resources that are reachable via public IP addresses such as AWS public endpoints and S3 buckets.
  4. Use equal-cost multi-path routing (ECMP) to get higher VPN bandwidth by aggregating multiple VPN connections in different AWS Regions.
  5. Associate multiple transit gateways in the same AWS Region.

Show me the answer!

Correct Answers: 1,5

A transit gateway enables you to attach VPCs and VPN connections in the same Region and route traffic between them. A transit gateway works across AWS accounts, and you can use AWS Resource Access Manager to share your transit gateway with other accounts. After you share a transit gateway with another AWS account, the account owner can attach their VPCs to your transit gateway. A user from either account can delete the attachment at any time.

You can enable multicast on a transit gateway, and then create a transit gateway multicast domain that allows multicast traffic to be sent from your multicast source to multicast group members over VPC attachments that you associate with the domain.

A transit virtual interface should be used to access one or more Amazon VPC Transit Gateways associated with Direct Connect gateways. You can use transit virtual interfaces with 1/2/5/10 Gbps AWS Direct Connect connections.

To connect to your resources hosted in an Amazon VPC (using their private IP addresses) through a transit gateway, use a transit virtual interface. With a transit virtual interface, you can:

  • Connect multiple VPCs in the same or different AWS account using DX.
  • Associate up to three transit gateways in the same AWS Region when you use a transit virtual interface to connect to a DX gateway.
  • Attach VPCs in the same AWS Region to the transit gateway. Then, access multiple VPCs in different AWS accounts in the same AWS Region using a transit virtual interface.

You can also create a peering connection attachment between transit gateways in different AWS Regions. This enables you to route traffic between the transit gateways’ attachments across different Regions.

You can use equal-cost multi-path routing (ECMP) to get higher VPN bandwidth by aggregating multiple VPN connections. However, you can only aggregate connections in the same AWS Region only. Alternatively, you can create a peering connection attachment between transit gateways in different AWS Regions to enable you to route traffic between the transit gateways’ attachments across different Regions.

Hence, the correct answers are:

  • Connect multiple VPCs in the same or different AWS account using the Direct Connect connection.
  • Associate multiple transit gateways in the same AWS Region.

The option that says: Associate multiple transit gateways in different AWS Regions to the Direct Connect Gateway and use the same ASNs for each transit gateway is incorrect. Although this is possible, you have to use unique ASNs for each transit gateway.

The option that says: Allow on-premises servers to connect to AWS resources that are reachable via public IP addresses such as AWS public endpoints and S3 buckets is incorrect because this is only possible with a public virtual interface and not with a transit virtual interface.

The option that says: Use equal-cost multi-path routing (ECMP) to get higher VPN bandwidth by aggregating multiple VPN connections in different AWS Regions is incorrect. Although you can use ECMP and aggregate multiple VPNs with Transit Gateway, these resources should be in the same AWS Region. An alternative solution is to establish a peering connection between two transit gateways in different AWS Regions, however, the scenario clearly mentioned that there is only a single transit gateway.

References:
https://aws.amazon.com/premiumsupport/knowledge-center/public-private-interface-dx/
https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html
https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-gateways-intro.html

Note: This question was extracted from our AWS Certified Advanced Networking Specialty Practice Exams.

Tutorials Dojo Study Guide and Cheatsheet

For more AWS practice exam questions with detailed explanations, visit the Tutorials Dojo Portal:

Tutorials Dojo AWS Practice Tests

Reference:
https://aws.amazon.com/transit-gateway/

Save More with Our SAA, CDA, and SysOps Triple Bundle Reviewers!

AWS Certified SysOps Administrator Associate Video Course – Early Access Discount Ends Soon!

Pass your AWS, Azure, and Google Cloud Certifications with the Tutorials Dojo Portal

Tutorials Dojo portal

Our Bestselling AWS Certified Solutions Architect Associate Practice Exams

AWS Certified Solutions Architect Associate Practice Exams

Enroll Now – Our AWS Practice Exams with 95% Passing Rate

AWS Practice Exams Tutorials Dojo

FREE AWS Cloud Practitioner Essentials Course!

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Enroll Now – Our Google Cloud Certification Exam Reviewers

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

FREE Intro to Cloud Computing for Beginners

FREE AWS, Azure, GCP Practice Test Samplers

Browse Other Courses

Generic Category (English)300x250

Recent Posts

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?

error: Content is protected !!
72-HOUR FLASH SALE!

FLASH SALE MECHANICS

1. AZ-900 - 10.99 USD instead of 12.99 USD

2. AZ-104 and GCP ACE - 12.99 USD instead of 14.99 USD

MORE EXCITING BUNDLES

1. Video Course + Practice Test Bundle for only $24.98 instead of $29.98 USD

2. Video Course + Practice Test + eBook Bundle for only $29.98 instead of $36.97 USD

Video Course packages are only available for AWS Certified Solutions Architect AssociateAWS Certified Developer Associate, and AWS Certified SysOps Administrator Associate for now. But more video courses are coming soon!