ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 340 - SOA-C02 discussion

Report
Export

A company has an AWS Site-to-Site VPN connection between on-premises resources and resources that are hosted in a VPC. A SysOps administrator launches an Amazon EC2 instance that has only a private IP address into a private subnet in the VPC. The EC2 instance runs Microsoft Windows Server.

A security group for the EC2 instance has rules that allow inbound traffic from the on-premises network over the VPN connection. The on-premises environment contains a third-party network firewall. Rules in the third-party network firewall allow Remote Desktop Protocol (RDP) traffic to flow between the on-premises users over the VPN connection.

The on-premises users are unable to connect to the EC2 instance and receive a timeout error.

What should the SysOps administrator do to troubleshoot this issue?

A.
Create Amazon CloudWatch logs for the EC2 instance to check for blocked traffic.
Answers
A.
Create Amazon CloudWatch logs for the EC2 instance to check for blocked traffic.
B.
Create Amazon CloudWatch logs for the Site-to-Site VPN connection to check for blocked traffic.
Answers
B.
Create Amazon CloudWatch logs for the Site-to-Site VPN connection to check for blocked traffic.
C.
Create VPC flow logs for the EC2 instance's elastic network interface to check for rejected traffic.
Answers
C.
Create VPC flow logs for the EC2 instance's elastic network interface to check for rejected traffic.
D.
Instruct users to use EC2 Instance Connect as a connection method.
Answers
D.
Instruct users to use EC2 Instance Connect as a connection method.
Suggested answer: C

Explanation:

To troubleshoot connectivity issues for an EC2 instance that's not accessible via RDP after moving to a private subnet, VPC flow logs are the most direct and useful tool. VPC flow logs capture information about the IP traffic going to and from network interfaces in your VPC, enabling you to identify whether the traffic to the EC2 instance is being allowed or rejected. Setting up flow logs for the EC2 instance's network interface will help pinpoint any blocks or drops in traffic that could be causing the timeout error. Option C is the correct action as it directly investigates the traffic flow, which is crucial for resolving connectivity issues. AWS documentation on VPC flow logs provides further details VPC Flow Logs.

asked 16/09/2024
Mateusz Zielinski
34 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first