ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 431 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 431
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A company has an AWS Site-to-Site VPN connection between on-premises resources and resources that are hosted in a VPC. A SysOps administrator launches an Amazon EC2 instance that has only a private IP address into a private subnet in the VPC. The EC2 instance runs Microsoft Windows Server.

A security group for the EC2 instance has rules that allow inbound traffic from the on-premises network over the VPN connection. The on-premises environment contains a third-party network firewall. Rules in the third-party network firewall allow Remote Desktop Protocol (RDP) traffic to flow between the on-premises users over the VPN connection.

The on-premises users are unable to connect to the EC2 instance and receive a timeout error.

What should the SysOps administrator do to troubleshoot this issue?

  • A. Create Amazon CloudWatch logs for the EC2 instance to check for blocked traffic.
  • B. Create Amazon CloudWatch logs for the Site-to-Site VPN connection to check for blocked traffic.
  • C. Create VPC flow logs for the EC2 instance's elastic network interface to check for rejected traffic.
  • D. Instruct users to use EC2 Instance Connect as a connection method.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by mpl203 at March 21, 2024, 2:06 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
seetpt
6 months, 3 weeks ago
Selected Answer: C
I agree with C
upvoted 1 times
...
klayytech
7 months, 1 week ago
Selected Answer: C
Here's why the other options are less likely: (A) CloudWatch logs for the EC2 instance wouldn't show blocked traffic, but might reveal internal server issues. (B) CloudWatch logs for the VPN connection wouldn't provide details on traffic reaching the specific instance. (D) EC2 Instance Connect wouldn't be relevant since RDP is the desired connection method. Therefore, the best course of action is: (C) Create VPC flow logs for the EC2 instance's elastic network interface. This will show whether RDP traffic is even reaching the instance and if it's being rejected by security groups or Network ACLs within the VPC.
upvoted 3 times
...
mpl203
7 months, 1 week ago
Selected Answer: C
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago