ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 348 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 348
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A company has set up an IPsec tunnel between its AWS environment and its on-premises data center. The tunnel is reporting as UP, but the Amazon EC2 instances are not able to ping any on-premises resources.

What should a SysOps administrator do to resolve this issue?

  • A. Create a new inbound rule on the EC2 instances’ security groups to allow ICMP traffic from the on-premises CIDR.
  • B. Create a peering connection between the IPsec tunnel and the subnet of the EC2 instances.
  • C. Enable route propagation for the virtual private gateway in the route table that is assigned to the subnet of the EC2 instances.
  • D. Modify the VPC’s DHCP options set. Add the IPsec tunnel to the VPN section.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Pete987 at June 30, 2023, 5:35 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
james2033
10 months ago
UP = up (in constract with 'down')
upvoted 1 times
...
March2023
1 year, 2 months ago
Selected Answer: C
Going with C
upvoted 2 times
...
r2c3po
1 year, 4 months ago
Selected Answer: A
If the IPsec tunnel is UP but the EC2 instances are not able to ping on-premises resources, it might be due to the security group settings. Security groups act as virtual firewalls for your instances, and you need to ensure that the inbound rules allow the necessary traffic. In this case, creating a new inbound rule on the EC2 instances' security groups to allow ICMP traffic (ping) from the on-premises CIDR (Customer-Premises Equipment, CPE) would likely resolve the issue, assuming the security groups are currently configured to block such traffic. Option A addresses the issue at the security group level by allowing ICMP traffic from the on-premises CIDR.
upvoted 3 times
AgboolaKun
1 year ago
According to the question, the issue is “the Amazon EC2 instances are not able to ping any on-premises resources”. Opening IMCP port for the EC2 security group won’t resolve EC2 inability to ping the on-prem resources. Enabling pinging on the on-prem resources could resolve this issue but this is not what option A is saying. Therefore, option C is a reasonable solution to this issue and it is the only option that makes sense.
upvoted 4 times
...
...
paultantony
1 year, 8 months ago
Selected Answer: C
https://docs.aws.amazon.com/vpc/latest/userguide/WorkWithRouteTables.html#EnableDisableRouteProp
upvoted 3 times
...
[Removed]
1 year, 9 months ago
ccccccccccccccccccCCC
upvoted 2 times
...
Pete987
1 year, 10 months ago
Selected Answer: C
C: Enabling route propagation for the virtual private gateway in the route table associated with the subnet of the EC2 instances will allow the VPC route table to learn and propagate the routes for the on-premises network. This ensures that the EC2 instances know how to reach the on-premises resources through the IPsec tunnel.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago