ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 93 discussion

Exam question from Amazon's ANS-C00
Question #: 93
Topic #: 1
[All ANS-C00 Questions]

An organization has ordered a new AWS Direct Connect connection. The AWS Management Console reports that the connection is available and BGP status is up. However, the networking team is not able to reach instances in the VPC using ping on the organization's private IP address.
What could cause this connectivity issue? (Choose two.)

  • A. The VGW is not advertising the correct CIDR range back on-premises.
  • B. The instance security group does not allow ICMP traffic.
  • C. A public virtual interface must be configured for Amazon EC2 connectivity.
  • D. The on-premises router is not advertising the correct CIDR range to AWS.
  • E. There is a misconfiguration of the bi-directional forwarding detection.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by pechung1206 at May 7, 2020, 8:56 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ITstudy
Highly Voted 3 years, 8 months ago
B,D Might the specific routes are not advertise to Dx . Security group might be customized and the particular host / icmp is not allowed.
upvoted 12 times
...
MohamedSherif1
Most Recent 3 years ago
B&D are correct
upvoted 3 times
...
JohnnyBG
3 years, 4 months ago
Selected Answer: BD
per bellow comment
upvoted 2 times
...
borisgor
3 years, 5 months ago
Selected Answer: BD
B&D: B is the way of allowing/disallowing ICMP , certainly should be answer , D is more reasonable than A as there is no mention for VGW specific issue or specific config.
upvoted 1 times
...
AlirezaNetWorld
3 years, 6 months ago
B&D for sure
upvoted 1 times
...
TerrenceC
3 years, 7 months ago
From the AWS aspect, a possible cause of VPC does not show up the on-premises prefix(es) could be caused by the Route Propagation feature keeps the disabled state which is a default setting. If the Route Propagation is enabled then the on-premises prefix(es) will be automatically imported whenever VGW receives. However, if the Route Propagation is disabled then the on-premises prefix(es) must be imported manually.
upvoted 1 times
...
walkwolf3
3 years, 7 months ago
BD For someone is wondering why is not selecting A, AWS will allocate private IPs (/30) in the 169.x.x.x range for the BGP session and will advertise the VPC CIDR block over BGP. https://aws.amazon.com/directconnect/faqs/
upvoted 2 times
...
MaikM
3 years, 7 months ago
B for sure. Also A or D can cause the issue. Why do you choose D ?
upvoted 1 times
Huntkey
3 years, 7 months ago
You can't control what VGW advertises. It will always advertise the CIDR associated with the VPC. That part can't be wrong even if you want to. D is very possible on the other side.
upvoted 4 times
sapien45
3 years, 2 months ago
Thank you I was wondering with not A : So in short , ythere is no room for humar error on VGW side, there is room for error on On-premises Router Side
upvoted 1 times
...
...
...
Johnny_Green
3 years, 8 months ago
Is it possible the VGW is not advertising the correct CIDR range back on-premises?
upvoted 1 times
inf
3 years, 8 months ago
Answer: B, D The BGP routes populate the route tables for the return journey. If they are incorrect, the traffic isn't getting back on-prem. https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-vpc-route-table/ "Choose the Route Table view, then confirm that there is a route with the destination of your network and a target of the virtual private gateway . Note: If you are using BGP, be sure that the routes are received by AWS. You can enable route propagation to confirm that the BGP routes are being propagated to the virtual private gateway" For S2SVPN, https://docs.aws.amazon.com/vpn/latest/s2svpn/HowToTestEndToEnd_Linux.html "Dynamic routing ... Ensure that routes are advertised with BGP correctly and showing in the subnet route table, so that traffic can get back to your customer gateway"
upvoted 4 times
certificatores
3 years, 7 months ago
the link does not say anything about the "BGP status is up" situation. it does not isolate answer A. answer D is for sure but answer A or B is not verified in any link provided
upvoted 2 times
...
...
...
SilverT
3 years, 8 months ago
B,D On-prem router needs to advertise routes otherwise even if ICMP is allowed in the SG the traffic won't be able to make its way back to on-prem.
upvoted 4 times
...
pechung1206
3 years, 8 months ago
B & D https://aws.amazon.com/premiumsupport/knowledge-center/virtual-interface-bgp-down/
upvoted 3 times
certificatores
3 years, 8 months ago
In the question, it clearly says "BGP is up". the link you provided is for the "BGP is down" issue so it is misleading
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel