Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam ANS-C01 Topic 4 Question 35 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 35
Topic #: 4
[All ANS-C01 Questions]

A company has stateful security appliances that are deployed to multiple Availability Zones in a centralized shared services VPC. The AWS environment includes a transit gateway that is attached to application VPCs and the shared services VPC. The application VPCs have workloads that are deployed in private subnets across multiple Availability Zones. The stateful appliances in the shared services VPC inspect all east-west (VPC-to-VPC) traffic.

Users report that inter-VPC traffic to different Availability Zones is dropping. A network engineer verified this claim by issuing Internet Control Message Protocol (ICMP) pings between workloads in different Availability Zones across the application VPCs. The network engineer has ruled out security groups, stateful device configurations, and network ACLs as the cause of the dropped traffic.

What is causing the traffic to drop?

Show Suggested Answer Hide Answer
Suggested Answer: B

The correct approach is to use AWS Systems Manager Session Manager, which allows you to manage your EC2 instances through a secure and browser-based interface. By deploying and configuring SSM Agent on each instance, you can enable Session Manager to communicate with the instances. By deploying VPC endpoints for Session Manager, you can enable the instances to connect to the AWS service without requiring an internet gateway, NAT device, or VPN connection. You can also use IAM policies and SSM documents to implement role-based access control for managing the instances. This approach has the least maintenance overhead, as it does not require any additional infrastructure or configuration.


by Verdell at Sep 06, 2024, 01:52 PM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Elmer
30 days ago
This is a real head-scratcher, isn't it? I'm going to go with option D just to keep the other candidates on their toes. Appliance mode not enabled on the transit gateway attachment to the application VPCs? Why not!
upvoted 0 times
Yoko
15 hours ago
Yeah, I agree. It could be that the appliance mode is not enabled on that attachment.
upvoted 0 times
...
Malinda
20 days ago
I think the issue might be with the transit gateway attachment to the application VPCs.
upvoted 0 times
...
...
Christoper
1 months ago
Hold on, I'm not convinced. Maybe the problem is that the stateful appliances and the transit gateway attachments are deployed in a separate subnet in the shared services VPC. I'll go with option A just to be different.
upvoted 0 times
Germaine
3 days ago
User3: I'm not sure, but I'll go with option A and say the stateful appliances and transit gateway attachments are in separate subnets in the shared services VPC.
upvoted 0 times
...
Benedict
8 days ago
User2: I believe the problem could be that appliance mode is not enabled on the transit gateway attachment to the shared services VPC.
upvoted 0 times
...
Toi
14 days ago
User1: I think the issue might be that the stateful appliances and transit gateway attachments are in separate subnets in the shared services VPC.
upvoted 0 times
...
...
Dottie
1 months ago
Hmm, I'm not so sure about that. What if the stateful appliances and the transit gateway attachments are deployed in the same subnet in the shared services VPC? That could also be causing the issue. I'll go with option C.
upvoted 0 times
Maryln
2 days ago
User 3: What if the stateful appliances and the transit gateway attachments are in the same subnet in the shared services VPC?
upvoted 0 times
...
Reuben
17 days ago
User 2: Maybe the transit gateway attachment doesn't have Appliance mode enabled?
upvoted 0 times
...
Kenny
30 days ago
User 1: I think the issue might be with the transit gateway attachment to the shared services VPC.
upvoted 0 times
...
...
Francine
2 months ago
I believe option B is the correct answer. The transit gateway attachment needs to have the appliance mode enabled to inspect the traffic properly.
upvoted 0 times
...
Breana
2 months ago
I agree with Amalia. If the appliance mode is not enabled on the transit gateway attachment, it could be causing the traffic to drop.
upvoted 0 times
...
Brittni
2 months ago
Well, this is a tricky one. I'm going to go with option B - appliance mode is not enabled on the transit gateway attachment to the shared services VPC. Seems like the most logical explanation for the dropped traffic.
upvoted 0 times
Ashton
23 days ago
Yeah, I agree. Option B seems to be the most logical explanation for the issue.
upvoted 0 times
...
Valentine
24 days ago
I don't think so, option B makes more sense in this scenario.
upvoted 0 times
...
Bulah
27 days ago
But what about option D? Could that also be a potential reason for the traffic dropping?
upvoted 0 times
...
Jarvis
1 months ago
I think you're right, option B does seem like the most likely cause of the dropped traffic.
upvoted 0 times
...
...
Amalia
2 months ago
I think the issue might be with the transit gateway attachment to the shared services VPC.
upvoted 0 times
...

Save Cancel