Your organization adds two new application subnets to an existing cloud VPC. After deployment, the new back-end instances cannot be reached from the company's shared services subnet. Packet captures confirm that traffic never leaves the original subnet because no path exists to the new CIDR blocks. In a cloud environment, what change will enable traffic to reach the new instances?
Deploy an additional NAT or internet gateway on each new subnet
Publish a security rule that opens all ports between the existing and new resources
Add routes for the new CIDR blocks to the VPC's route table used by the shared services subnet
Consolidate the environment into a single larger subnet to avoid inter-subnet routing
In a cloud VPC, each subnet relies on a route table that determines where packets are forwarded. If the table lacks entries that match the CIDR blocks of newly created subnets, traffic destined for those networks is dropped before it exits the source subnet. Adding the appropriate routes-or associating the correct route table-with the shared services subnet populates the next-hop information required for connectivity. Opening every port, collapsing subnets into a single range, or deploying more gateways may change security boundaries or external access, but none of those actions establishes the missing internal path.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a CIDR block in a VPC?
Open an interactive chat with Bash
How does a route table work in a cloud VPC?
Open an interactive chat with Bash
Why are NAT or Internet Gateways not the solution in this scenario?