New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon ANS-C01 Exam - Topic 4 Question 35 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 35
Topic #: 4
[All ANS-C01 Questions]

A company has stateful security appliances that are deployed to multiple Availability Zones in a centralized shared services VPC. The AWS environment includes a transit gateway that is attached to application VPCs and the shared services VPC. The application VPCs have workloads that are deployed in private subnets across multiple Availability Zones. The stateful appliances in the shared services VPC inspect all east-west (VPC-to-VPC) traffic.

Users report that inter-VPC traffic to different Availability Zones is dropping. A network engineer verified this claim by issuing Internet Control Message Protocol (ICMP) pings between workloads in different Availability Zones across the application VPCs. The network engineer has ruled out security groups, stateful device configurations, and network ACLs as the cause of the dropped traffic.

What is causing the traffic to drop?

Show Suggested Answer Hide Answer
Suggested Answer: B

The correct approach is to use AWS Systems Manager Session Manager, which allows you to manage your EC2 instances through a secure and browser-based interface. By deploying and configuring SSM Agent on each instance, you can enable Session Manager to communicate with the instances. By deploying VPC endpoints for Session Manager, you can enable the instances to connect to the AWS service without requiring an internet gateway, NAT device, or VPN connection. You can also use IAM policies and SSM documents to implement role-based access control for managing the instances. This approach has the least maintenance overhead, as it does not require any additional infrastructure or configuration.


by Verdell at Sep 06, 2024, 01:52 PM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Dell
3 months ago
This is confusing! How can both appliances and transit gateway be in the same subnet?
upvoted 0 times
...
Aleshia
3 months ago
I agree with B, but I wouldn't rule out D just yet.
upvoted 0 times
...
Dolores
3 months ago
Wait, are we sure it's not A? That subnet thing could be an issue.
upvoted 0 times
...
Willodean
4 months ago
I think it's D. The application VPCs need that mode too!
upvoted 0 times
...
Evan
4 months ago
Sounds like it's B, right? Appliance mode needs to be on.
upvoted 0 times
...
Jettie
4 months ago
I feel like I might be mixing things up, but I thought the appliances needed to be in a separate subnet for proper inspection. Maybe option A is the right answer?
upvoted 0 times
...
Lizette
4 months ago
I'm leaning towards option B because if appliance mode isn't enabled on the transit gateway attachment to the shared services VPC, that could definitely cause dropped traffic.
upvoted 0 times
...
Gretchen
4 months ago
I think I came across a similar question where the placement of appliances in subnets was crucial. Could it be that the appliances and transit gateway attachments are in the same subnet, like option C?
upvoted 0 times
...
Loreen
5 months ago
I remember studying about transit gateways and how appliance mode affects traffic flow, but I'm not entirely sure if it's option B or D that's causing the issue.
upvoted 0 times
...
Emerson
5 months ago
Based on the information provided, I believe the answer is option D. The transit gateway attachment to the application VPCs needs to have appliance mode enabled for the traffic to be routed through the stateful appliances.
upvoted 0 times
...
Wilda
5 months ago
I'm a bit confused about the role of the transit gateway and how it's connected to the different VPCs. I'll need to re-read the question carefully to make sure I don't miss any important details.
upvoted 0 times
...
Colene
5 months ago
Okay, I think I've got it. The issue is likely related to the transit gateway attachment configuration, not the stateful appliances themselves.
upvoted 0 times
...
Carrol
5 months ago
Hmm, the key information seems to be around the transit gateway and the stateful appliances. I'll need to carefully consider how they're configured and where they're deployed.
upvoted 0 times
...
Florinda
5 months ago
This question seems straightforward, but I want to make sure I understand the details correctly before answering.
upvoted 0 times
...
Renea
5 months ago
Okay, I think I know the answer to this one. Let me double-check the options and see which one aligns with the guiding principles.
upvoted 0 times
...
Hoa
5 months ago
Receptive language, that's got to be the answer. The kid is understanding and responding to what his dad is saying, right?
upvoted 0 times
...
Elmer
10 months ago
This is a real head-scratcher, isn't it? I'm going to go with option D just to keep the other candidates on their toes. Appliance mode not enabled on the transit gateway attachment to the application VPCs? Why not!
upvoted 0 times
Danica
8 months ago
That's a good point. We should definitely look into that as a possible cause of the dropped traffic.
upvoted 0 times
...
Yoko
9 months ago
Yeah, I agree. It could be that the appliance mode is not enabled on that attachment.
upvoted 0 times
...
Malinda
9 months ago
I think the issue might be with the transit gateway attachment to the application VPCs.
upvoted 0 times
...
...
Christoper
10 months ago
Hold on, I'm not convinced. Maybe the problem is that the stateful appliances and the transit gateway attachments are deployed in a separate subnet in the shared services VPC. I'll go with option A just to be different.
upvoted 0 times
Germaine
9 months ago
User3: I'm not sure, but I'll go with option A and say the stateful appliances and transit gateway attachments are in separate subnets in the shared services VPC.
upvoted 0 times
...
Benedict
9 months ago
User2: I believe the problem could be that appliance mode is not enabled on the transit gateway attachment to the shared services VPC.
upvoted 0 times
...
Toi
9 months ago
User1: I think the issue might be that the stateful appliances and transit gateway attachments are in separate subnets in the shared services VPC.
upvoted 0 times
...
...
Dottie
10 months ago
Hmm, I'm not so sure about that. What if the stateful appliances and the transit gateway attachments are deployed in the same subnet in the shared services VPC? That could also be causing the issue. I'll go with option C.
upvoted 0 times
Evette
9 months ago
Reuben: That could be a possibility. I'll go with option C.
upvoted 0 times
...
Maryln
9 months ago
User 3: What if the stateful appliances and the transit gateway attachments are in the same subnet in the shared services VPC?
upvoted 0 times
...
Reuben
9 months ago
User 2: Maybe the transit gateway attachment doesn't have Appliance mode enabled?
upvoted 0 times
...
Kenny
10 months ago
User 1: I think the issue might be with the transit gateway attachment to the shared services VPC.
upvoted 0 times
...
...
Francine
10 months ago
I believe option B is the correct answer. The transit gateway attachment needs to have the appliance mode enabled to inspect the traffic properly.
upvoted 0 times
...
Breana
11 months ago
I agree with Amalia. If the appliance mode is not enabled on the transit gateway attachment, it could be causing the traffic to drop.
upvoted 0 times
...
Brittni
11 months ago
Well, this is a tricky one. I'm going to go with option B - appliance mode is not enabled on the transit gateway attachment to the shared services VPC. Seems like the most logical explanation for the dropped traffic.
upvoted 0 times
Ashton
10 months ago
Yeah, I agree. Option B seems to be the most logical explanation for the issue.
upvoted 0 times
...
Valentine
10 months ago
I don't think so, option B makes more sense in this scenario.
upvoted 0 times
...
Bulah
10 months ago
But what about option D? Could that also be a potential reason for the traffic dropping?
upvoted 0 times
...
Jarvis
10 months ago
I think you're right, option B does seem like the most likely cause of the dropped traffic.
upvoted 0 times
...
...
Amalia
11 months ago
I think the issue might be with the transit gateway attachment to the shared services VPC.
upvoted 0 times
...

Save Cancel