Amazon Exam SOA-C02 Topic 1 Question 116 Discussion

Actual exam question for Amazon's SOA-C02 exam

Question #: 116
Topic #: 1

[High Availability, Backup, and Recovery]

A SysOps administrator configuring AWS Client VPN to connect use's on a corporate network to AWS resources mat are running in a VPC According to compliance requirements, only traffic that is destined for the VPC can travel across the VPN tunnel.

How should the SysOps administrator configure Client VPN to meet these requirements?

AAssociate the Client VPN endpoint with a private subnet that has an internet route through a NAT gateway.

BOn the Client VPN endpoint, turns on the split-tunnel option.

COn the Client VPN endpoint, specify DNS server IP addresses

DSelect a private certificate to use as the identity certificate tor the VPN client.

Show Suggested Answer

Suggested Answer: B

Split-tunnel routing allows you to specify that only the traffic destined for your VPC is routed through the VPN tunnel. All other internet traffic is routed through the user's local network.

Steps:

Open the Client VPN Console:

Open the Amazon VPC console.

Modify the Client VPN Endpoint:

Select the Client VPN endpoint.

Choose 'Modify Client VPN endpoint'.

Enable the 'Split-tunnel' option.

Update Route Table:

Ensure that the route table associated with the Client VPN endpoint routes traffic destined for the VPC IP range to the appropriate target (e.g., VPC subnet).

This configuration ensures that only traffic destined for resources in the VPC is sent over the VPN tunnel, while other traffic uses the user's local internet connection.

Split-Tunnel VPN Routing

AWS Client VPN Documentation

by Tyisha at Jun 10, 2025, 06:50 AM

Limited Time Offer

25%

Off

Get Premium SOA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!