ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 15 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 15
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has multiple AWS accounts. Each account contains one or more VPCs. A new security guideline requires the inspection of all traffic between VPCs.
The company has deployed a transit gateway that provides connectivity between all VPCs. The company also has deployed a shared services VPC with Amazon EC2 instances that include IDS services for stateful inspection. The EC2 instances are deployed across three Availability Zones. The company has set up VPC associations and routing on the transit gateway. The company has migrated a few test VPCs to the new solution for traffic inspection.
Soon after the configuration of routing, the company receives reports of intermittent connections for traffic that crosses Availability Zones.
What should a network engineer do to resolve this issue?

  • A. Modify the transit gateway VPC attachment on the shared services VPC by enabling cross-Availability Zone load balancing.
  • B. Modify the transit gateway VPC attachment on the shared services VPC by enabling appliance mode support.
  • C. Modify the transit gateway by selecting VPN equal-cost multi-path (ECMP) routing support.
  • D. Modify the transit gateway by selecting multicast support.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by zaazanuna at March 18, 2023, 9:25 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
study_aws1
Highly Voted 1 year, 4 months ago
Please note "IDS services for stateful inspection" - this implies the same appliance is followed for the life of the connection. This is only achieved by on the shared services VPC by enabling appliance mode support
upvoted 13 times
...
navi7
Highly Voted 1 year, 4 months ago
Selected Answer: B
Appliance mode should be enabled to ensure that the returning traffic (in case of stateful connections) takes the same path as incoming traffic, otherwise it might go to different AZs
upvoted 6 times
...
Raphaello
Most Recent 3 months, 3 weeks ago
Selected Answer: B
B is the correct answer. Need to ensure that Appliance mode is enabled for traffic to remain on the same inspecting IDS, regardless of the source and destination AZ's (to overcome AZ affinity).
upvoted 1 times
...
patanjali
4 months, 3 weeks ago
Selected Answer: B
https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-appliance-scenario.html#transit-gateway-appliance-support
upvoted 1 times
...
vikasj1in
5 months, 2 weeks ago
Selected Answer: B
The issue described suggests a problem with the inspection of traffic that crosses Availability Zones. To resolve this, you should enable "appliance mode" on the transit gateway attachment for the shared services VPC. In the context of AWS Transit Gateway, appliance mode is a feature designed for network appliances, such as intrusion detection or prevention systems (IDS/IPS). When appliance mode is enabled, the transit gateway forwards traffic to the appliance instances in a more predictable manner, ensuring that the same flow of traffic goes consistently to the same appliance.
upvoted 1 times
...
Marfee400704
5 months, 2 weeks ago
I think that it's correct answer is B according to SPOTO products.
upvoted 2 times
...
marfee
5 months, 3 weeks ago
I think that it's correcty answer is A.
upvoted 1 times
...
prajkash
1 year ago
Selected answer: B
upvoted 1 times
...
emmanuelodenyire
1 year, 2 months ago
Selected Answer: A
To resolve the issue of intermittent connections for traffic that crosses Availability Zones in a transit gateway setup that provides connectivity between multiple VPCs, the correct answer is A. Modify the transit gateway VPC attachment on the shared services VPC by enabling cross-Availability Zone load balancing. Option A is the correct answer because enabling cross-Availability Zone load balancing will distribute the traffic across multiple Availability Zones, thereby preventing the issue of intermittent connections. This solution will ensure that traffic is not bottlenecked on a single Availability Zone, reducing the likelihood of connection issues.
upvoted 3 times
...
Cappy46789
1 year, 4 months ago
Selected Answer: B
B - https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-appliance-scenario.html
upvoted 5 times
...
zaazanuna
1 year, 4 months ago
I know I answered B earlier but after some digging, I am kind of leaning towards A. Would not modifying the transit gateway VPC attachment on the shared services VPC by enabling cross-Availability Zone load balancing will ensure that traffic is evenly distributed across all Availability Zones, improving the overall performance and availability of the solution
upvoted 1 times
slackbot
1 year, 3 months ago
there is no such thing
upvoted 2 times
...
...
flowers00
1 year, 4 months ago
B - correct.
upvoted 1 times
...
zaazanuna
1 year, 4 months ago
B - correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago