ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 356 discussion

Exam question from Amazon's ANS-C00
Question #: 356
Topic #: 1
[All ANS-C00 Questions]

A company wants to use thin clients running virtual desktops to replace 500 desktop computers used by its call center employees. The company is evaluating
Amazon WorkSpaces as a solution.
A network engineer who is testing with a thin client is unable to connect to Amazon WorkSpaces. After entering credentials, the network engineer receives the following error:
`An error occurred while launching your WorkSpace. Please try again.`
What should the network engineer do to resolve this issue?

  • A. Update the inbound rules on the network ACL on the subnets used for Amazon WorkSpaces to allow UDP on port 4172 and TCP on port 4172.
  • B. Update the company's corporate firewall to allow outbound access to UDP on port 4172 and TCP on port 4172. Open inbound ephemeral ports explicitly to allow return communication.
  • C. Update the inbound rules on the security group assigned to Amazon WorkSpaces to allow UDP on port 4172 and TCP on port 4172.
  • D. Update the company's corporate firewall to allow inbound access to UDP on port 4172 and TCP on port 4172. Open outbound ephemeral ports explicitly to allow return communication.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by walkwolf3 at Sept. 1, 2021, 10:11 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
walkwolf3
Highly Voted 3 years, 7 months ago
A. This could be the answer. B. Wrong. If outbound ports are opened, no need to open inbound ports since all corporate firewalls are stateful, and return outbound ports should be allowed by default. C. This could be the answer. D. Wrong. The traffic from client to WordSpaces is outbound from corporate to AWS, no need to modify inbound access. Both A & C could be the answer. According to AWS document, if such error happened, suggested to check AWS security group. So exam perspective, my take is C "An error occurred while launching your WorkSpace. Please try again." You might also receive this error on the Amazon WorkSpaces client after a long delay if the WorkSpaces security group was modified to restrict outbound traffic. https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces-troubleshooting.html
upvoted 7 times
hugo1111
3 years, 3 months ago
A is incorrect because NACL is stateless For B, why assuming the corporate firewalls are stateful...
upvoted 4 times
...
sapien45
3 years, 1 month ago
RealLife : A and C Exam : C
upvoted 1 times
...
FunkyB
3 years, 3 months ago
I just took the exam, and this question was on the exam. I answered C based on the post that walkwolf3 shared. Thanks a lot.
upvoted 3 times
...
walkwolf3
3 years, 6 months ago
Each WorkSpace has the following network interfaces: The primary network interface (eth1) provides connectivity to the resources within your VPC and on the internet, and is used to join the WorkSpace to the directory. The management network interface (eth0) is connected to a secure WorkSpaces management network. It is used for interactive streaming of the WorkSpace desktop to WorkSpaces clients, and to allow WorkSpaces to manage the WorkSpace. The following ports must be open on the management network interface of all WorkSpaces: Inbound TCP on port 4172. This is used for establishment of the streaming connection on the PCoIP protocol. Inbound UDP on port 4172. This is used for streaming user input on the PCoIP protocol. https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-port-requirements.html#health_check
upvoted 3 times
ptpho
3 years, 6 months ago
It's hard question. But It's about client to WS, and we do not have DCX or VPN here -> It's public and issue is in your firewall -> Ans is B
upvoted 7 times
...
...
...
CloudSpecialist
Highly Voted 3 years, 2 months ago
Selected Answer: C
"An error occurred while launching your WorkSpace. Please try again." You might also receive this error on the Amazon WorkSpaces client after a long delay if the WorkSpaces security group was modified to restrict outbound traffic. https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces-troubleshooting.html
upvoted 5 times
...
joanneli77
Most Recent 2 years, 4 months ago
Most corporate firewalls don't block outbound, so B becomes less likely. C is certianly right. A could also be right, but nothing said it was blocked (arguable).
upvoted 1 times
...
R87
2 years, 10 months ago
Selected Answer: C
With B, you wont even get credential prompt. C makes more sense.
upvoted 2 times
...
douglasaws
2 years, 10 months ago
Selected Answer: C
If it a statefull firewall on the on-prem network, there's no need to open inbound ephemeral ports... the question does not say anything about the on-prem firewall... you would only have to open ephemeral ports on an stateless firewall... I think B is could be right... but I will go with C
upvoted 1 times
...
jerac58653
2 years, 11 months ago
If the error occurs when the outbound flow to the mentioned ports is not working, then the answer is B. The focus should to be on the session direction in my opinion, not on the ports.
upvoted 1 times
...
kpr2022
3 years, 1 month ago
Selected Answer: B
port 4172 is related to PCoIP and is initiated from user to workspace vpc managed by aws to which we have little control over. A is incorrect since NACL is stateless and no mention of outbound hence incomplete answer. B. most probable since per workspaces architecture user initiates port 4172 communication to workspace vpc and customer contact center is most likely in on-prem due to desktops (not laptops). C. security group rules for workspace management eni is in control of aws managed vpc. D. Refer to B and architecturally 4172 outbound is needed from customer environment.
upvoted 2 times
...
khchan123
3 years, 1 month ago
Selected Answer: B
It must be B. The port 4172 traffic is for WorkSpaces management (eth0) and not related to the subnet where WorkSpaces is launched (eth1). For for management traffic, it's sent from corporate network to AWS WorkSpaces. So you need outbound traffic allowed to AWS.
upvoted 2 times
...
Goiaba
3 years, 2 months ago
Why c is correct but A and B is incorrect?
upvoted 1 times
...
kopper2019
3 years, 2 months ago
C - Update the inbound rules on the security group assigned to Amazon Workspaces to allow UDP on port 4172 and TCP on port 4172
upvoted 1 times
...
ccieman2016
3 years, 3 months ago
Ans B lime Good, but “allow inbound epheme port?” I think letter A ia better here.
upvoted 1 times
...
panlm
3 years, 4 months ago
Selected Answer: B
go to C. outbound to access workspace 4172
upvoted 2 times
panlm
3 years, 4 months ago
go to B. type wrong.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago