Amazon ANS-C01 Exam - Topic 5 Question 11 Discussion

Actual exam question for Amazon's ANS-C01 exam

Question #: 11
Topic #: 5

A company has a global network and is using transit gateways to connect AWS Regions together. The company finds that two Amazon EC2 instances in different Regions are unable to communicate with each other. A network engineer needs to troubleshoot this connectivity issue.

What should the network engineer do to meet this requirement?

AUse AWS Network Manager Route Analyzer to analyze routes in the transit gateway route tables and in the VPC route tables. Use VPC flow logs to analyze the IP traffic that security group rules and network ACL rules accept or reject in the VPC.

BUse AWS Network Manager Route Analyzer to analyze routes in the transit gateway route tables. Verify that the VPC route tables are correct. Use AWS Firewall Manager to analyze the IP traffic that security group rules and network ACL rules accept or reject in the VPC.

CUse AWS Network Manager Route Analyzer to analyze routes in the transit gateway route tables. Verify that the VPC route tables are correct. Use VPC flow logs to analyze the IP traffic that security group rules and network ACL rules accept or reject in the VPC.

DUse VPC Reachability Analyzer to analyze routes in the transit gateway route tables. Verify that the VPC route tables are correct. Use VPC flow logs to analyze the IP traffic that security group rules and network ACL rules accept or reject in the VPC.

Show Suggested Answer

Suggested Answer: B, D

by Carin at Jul 25, 2023, 03:30 AM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Katina

3 months ago

B is okay, but I prefer A for thoroughness.

upvoted 0 times

...

Lilli

3 months ago

Surprised no one mentioned Firewall Manager, it's super useful!

upvoted 0 times

...

Lisbeth

4 months ago

D seems off, VPC Reachability Analyzer isn't the right tool here.

upvoted 0 times

...

Audria

4 months ago

I think C makes more sense, flow logs are crucial.

upvoted 0 times

...

Daren

4 months ago

A is the best choice, covers all bases!

upvoted 0 times

...

Lennie

4 months ago

I’m leaning towards option D because it mentions VPC Reachability Analyzer, which I think is specifically designed for this kind of issue, but I need to double-check how it compares to the other options.

upvoted 0 times

...

Kip

4 months ago

I feel like option C is the right choice since it mentions both the Route Analyzer and VPC flow logs, but I’m a bit confused about the role of Firewall Manager in this context.

upvoted 0 times

...

Nobuko

5 months ago

I practiced a similar question where we had to troubleshoot EC2 connectivity, and I remember VPC flow logs being really useful for analyzing traffic.

upvoted 0 times

...

Vicki

5 months ago

I think using AWS Network Manager Route Analyzer is definitely a good start, but I'm not sure if I remember the exact steps to verify the VPC route tables.

upvoted 0 times

...

Geraldo

5 months ago

Hmm, I'm a bit unsure about this one. There are a few different options listed, and I'm not totally sure which ones apply based on the information given. I'll have to read through it carefully and think it through.

upvoted 0 times

...

Marquetta

5 months ago

This looks like a classic fraud scenario. I'm pretty sure they're describing a fake sale - the employee and accomplice are working together to steal merchandise.

upvoted 0 times

...

Myra

5 months ago

Okay, let me think this through. The console is used to manage system settings, so that's likely one of the true statements. I'm not sure about the other options, though.

upvoted 0 times

...

Jin

5 months ago

I've worked with Windows event logs before, so I think I've got a good handle on this. I'll eliminate the options that don't seem to match the description and go with the one that best fits.

upvoted 0 times

...

Paulina

9 months ago

Hmm, Option D looks tempting, but why use VPC Reachability Analyzer when we have the tried and true VPC flow logs? Option C is the way to go, no doubt about it.

upvoted 0 times

Brigette

8 months ago

Agreed, let's go with Option C and use VPC flow logs to troubleshoot the connectivity issue.

upvoted 0 times

...

Paris

8 months ago

True, VPC flow logs are tried and true. We should go with Option C for a more accurate analysis.

upvoted 0 times

...

Kaitlyn

8 months ago

But VPC flow logs are more reliable for analyzing IP traffic, so Option C seems like the safer choice.

upvoted 0 times

...

Leonora

8 months ago

I think Option D is better because VPC Reachability Analyzer can provide more detailed information.

upvoted 0 times

...

Lucina

9 months ago

Haha, I bet the network engineer is scratching their head right now, trying to figure out why these EC2 instances can't talk to each other. Gotta love those transit gateway problems!

upvoted 0 times

...

Matthew

10 months ago

I agree, Option C seems to be the most comprehensive solution. Checking the routing tables and using VPC flow logs to identify any security or network ACL rules that might be blocking the communication is crucial.

upvoted 0 times

Antonio

8 months ago

Yes, using AWS Network Manager Route Analyzer and VPC flow logs will help pinpoint where the communication breakdown is happening.

upvoted 0 times

...

Arminda

8 months ago

I agree, analyzing the routes in the transit gateway and VPC route tables, as well as checking security group rules with VPC flow logs, is essential.

upvoted 0 times

...

Han

8 months ago

I think Option C is the best choice. It covers all the necessary steps to troubleshoot the connectivity issue.

upvoted 0 times

...

Kenneth

10 months ago

I think option A is the best choice because it covers all the necessary steps to troubleshoot the connectivity issue between the EC2 instances in different Regions.

upvoted 0 times

...

Golda

11 months ago

I agree with Jacinta. It's important to also use VPC flow logs to analyze the IP traffic that security group rules and network ACL rules accept or reject in the VPC.

upvoted 0 times

...

Florinda

11 months ago

Option C is the correct answer. Analyzing the transit gateway route tables and VPC route tables, along with using VPC flow logs, is the best approach to troubleshoot the connectivity issue.

upvoted 0 times

Elenor

9 months ago

Great, so option C is the best approach to troubleshoot the connectivity issue.

upvoted 0 times

...

Adelle

10 months ago

Don't forget to use VPC flow logs to analyze the IP traffic that security group rules and network ACL rules accept or reject in the VPC.

upvoted 0 times

...

Desirae

10 months ago

Yes, that sounds like a good idea. We also need to verify that the VPC route tables are correct.

upvoted 0 times

...

Shaniqua

10 months ago

I think we should use AWS Network Manager Route Analyzer to analyze routes in the transit gateway route tables and VPC route tables.

upvoted 0 times

...

Jacinta

11 months ago

I think the network engineer should use AWS Network Manager Route Analyzer to analyze routes in the transit gateway route tables and in the VPC route tables.

upvoted 0 times

...

Mila

11 months ago

I think option A is the best choice. It covers all the necessary steps to troubleshoot the connectivity issue between the EC2 instances in different Regions.

upvoted 0 times

...

Carmelina

11 months ago

I agree with Carmen. It's important to also use VPC flow logs to analyze the IP traffic that security group rules and network ACL rules accept or reject in the VPC.

upvoted 0 times

...

Carmen

11 months ago

I think the network engineer should use AWS Network Manager Route Analyzer to analyze routes in the transit gateway route tables and in the VPC route tables.

upvoted 0 times

...