ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 43 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 43
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has stateful security appliances that are deployed to multiple Availability Zones in a centralized shared services VPC. The AWS environment includes a transit gateway that is attached to application VPCs and the shared services VPC. The application VPCs have workloads that are deployed in private subnets across multiple Availability Zones. The stateful appliances in the shared services VPC inspect all east west (VPC-to-VPC) traffic.
Users report that inter-VPC traffic to different Availability Zones is dropping. A network engineer verified this claim by issuing Internet Control Message Protocol (ICMP) pings between workloads in different Availability Zones across the application VPCs. The network engineer has ruled out security groups, stateful device configurations and network ACLs as the cause of the dropped traffic.
What is causing the traffic to drop?

  • A. The stateful appliances and the transit gateway attachments are deployed in a separate subnet in the shared services VPC.
  • B. Appliance mode is not enabled on the transit gateway attachment to the shared services VPC.
  • C. The stateful appliances and the transit gateway attachments are deployed in the same subnet in the shared services VPC.
  • D. Appliance mode is not enabled on the transit gateway attachment to the application VPCs.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by zaazanuna at March 18, 2023, 11:59 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
study_aws1
Highly Voted 1 year, 3 months ago
https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-appliance-scenario.html Option B)
upvoted 18 times
...
devopsbro
Highly Voted 1 year, 2 months ago
B - Transit gateway Appliance mode should be enabled for the appliance VPC attachment to avoid dropping of the cross AZ traffics.
upvoted 8 times
...
kourosh
Most Recent 1 month, 3 weeks ago
Selected Answer: B
B - Should be enabled under VPC which the appliance is located.
upvoted 2 times
...
Raphaello
2 months, 2 weeks ago
Selected Answer: B
B is the correct answer. Appliance mode needs to be enabled on the shared VPC where the stateful inspection appliance resides.
upvoted 2 times
...
marfee
4 months, 2 weeks ago
I think that it's correcty answer is B.
upvoted 2 times
...
Arad
7 months, 4 weeks ago
Selected Answer: B
For sure B.
upvoted 1 times
...
ohcan
1 year, 2 months ago
Selected Answer: B
B. Appliance mode needs to be enabled in the appliance VPC
upvoted 7 times
...
helloworldabc
1 year, 3 months ago
AAAAAAAAAAAA
upvoted 1 times
...
zaazanuna
1 year, 3 months ago
A - correct. Option D suggests that the issue is caused by Appliance Mode not being enabled on the transit gateway attachment to the application VPCs. However, this is unlikely to be the cause of the problem described in the scenario, because Appliance Mode is used to forward all traffic to the next hop, without performing routing table lookups or IP address translations. In this case, the issue is related to inter-VPC traffic between different Availability Zones, and the fact that the stateful security appliances in the shared services VPC are dropping the traffic. Therefore, the root cause of the problem is related to the deployment of the stateful security appliances and the transit gateway attachments in the shared services VPC, as well as the fact that they are not able to handle the inter-Availability Zone traffic from the application VPCs. This is why the correct answer is option A, which suggests that the stateful appliances and the transit gateway attachments are deployed in a separate subnet in the shared services VPC.
upvoted 1 times
Fukat
11 months, 2 weeks ago
If you read carefully the option says the stateful appliances and the transit gateway attachments are deployed in a "separate subnet". It does not mentions anything about AZ. If you see the diagram following doc, then it is actually required that appliance and TGW attachment ENI should in different subnet, ow routing will not work - https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-appliance-scenario.html So answer B is correct
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago