ANS-C01 Question #211: Real Exam Question with Answer & Explanation

Question

A company has started using AWS Cloud WAN with one edge location in the us-east-1 Region. The company has a production segment and a security segment in AWS Cloud WAN. The company also has a default core network policy. The company has created a production VPC for the production workload. The company has created an outbound inspection VPC to inspect internet-bound traffic from the production VPC. The company has attached the production VPC to the production segment and has attached the outbound inspection VPC to the security segment. The company has also created an AWS Network Firewall firewall in the outbound inspection VPC to inspect internet-based traffic. The company has updated a route table for the production VPC to send all internet-bound traffic to the AWS Cloud WAN core network. The company has updated a route table for the outbound inspection VPC to ensure that Network Firewall inspects any outgoing traffic and incoming traffic. During testing, an Amazon EC2 instance in the production VPC cannot reach the internet. The company checks the Network Firewall rules and confirms that the rules are not blocking the traffic. Which combination of steps will meet these requirements? (Choose two.)

Options

• AUpdate the core network policy to configure segment sharing. Share the production segment with
• BUpdate the core network policy to create a static route for the security segment. Specify 0.0.0.0/0
• CUpdate the core network policy to create a static route for the production segment. Specify
• DUpdate the core network policy to create a static route for the production segment. Specify
• ECreate an attachment to attach the outbound inspection VPC to the production segment. Update