ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 183 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 183
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A Security Engineer is troubleshooting a connectivity issue between a web server that is writing log files to the logging server in another VPC. The Engineer has confirmed that a peering relationship exists between the two VPCs. VPC flow logs show that requests sent from the web server are accepted by the logging server, but the web server never receives a reply.
Which of the following actions could fix this issue?

  • A. Add an inbound rule to the security group associated with the logging server that allows requests from the web server.
  • B. Add an outbound rule to the security group associated with the web server that allows requests to the logging server.
  • C. Add a route to the route table associated with the subnet that hosts the logging server that targets the peering connection.
  • D. Add a route to the route table associated with the subnet that hosts the web server that targets the peering connection.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by DayQuil at March 12, 2021, 9:34 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ChinkSantana
Highly Voted 3 years, 8 months ago
C is correct here. Logging server receives the traffic but doesnt know how to send it back. Its a routing issue.
upvoted 29 times
...
DayQuil
Highly Voted 3 years, 9 months ago
C. A doesn't make sense as the VPC flow logs tell us that the request is accepted initially.
upvoted 8 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: C
I'd go with C in this one. Routing back to webserver VPC.
upvoted 1 times
...
jishrajesh
2 years, 6 months ago
C is the Answer
upvoted 1 times
...
dcasabona
2 years, 11 months ago
Selected Answer: C
Option C.
upvoted 1 times
...
sapien45
2 years, 11 months ago
Selected Answer: C
We are not on Azure. on AWS, peering two VPCs will not automatically create the routing tables between the two VPcs. You need to return the in outbount traffic to the source VPC
upvoted 2 times
...
TigerInTheCloud
3 years, 2 months ago
Selected Answer: C
A - Wrong, as the log server accepts request B - Wrong, as the log server accepts request C - the only choice D - Wrong, as the log server accepts request
upvoted 2 times
...
Radhaghosh
3 years, 5 months ago
Answer C "The VPC flow logs indicate that although the logging server accepts requests received by the web server, the web server never gets a response." --> This is the difference between C & D. No Problem at Route Table at web server VPC
upvoted 2 times
...
HPCloud
3 years, 7 months ago
Selected Answer: C
SG are stateful
upvoted 2 times
...
Elva
3 years, 8 months ago
It is C, Quote: "To enable the routing of traffic between VPCs in a VPC peering connection, you must add a route to one or more of your subnet route tables that points to the VPC peering connection. This allows you to access all or part of the CIDR block of the other VPC in the peering connection. Similarly, the owner of the other VPC must add a route to their subnet route table to route traffic back to your VPC" Link: https://docs.aws.amazon.com/vpc/latest/userguide/route-table-options.html#route-tables-vpc-peering
upvoted 2 times
...
skipbaylessfor3
3 years, 8 months ago
Yeah I'm pretty sure I've troubleshooted this on my job when a peering connection wasn't working. I too believe its C
upvoted 2 times
...
Ponzy
3 years, 8 months ago
C is the answer because the return path is broken and that needs a fix.
upvoted 2 times
...
unspeakable799
3 years, 8 months ago
i go with D: Logging server needs to know the return route of the web server network
upvoted 3 times
...
Ponzy
3 years, 8 months ago
C. is the obvious answer
upvoted 2 times
...
sanjaym
3 years, 8 months ago
I'll go with C
upvoted 2 times
...
Justu
3 years, 8 months ago
D is correct, "Logging server receives the traffic but doesnt know how to send it back. Its a routing issue". As stated, Logging server receives traffic and thus logging server is already on the route table. What is missing, is the route back to the webserver and it needs to be added towards peering connection.
upvoted 3 times
Daniel76
3 years, 8 months ago
You are right to say that logging server receives traffic. However, that should imply that web server has route table correctly configured. The logging server is unable to respond likely due to route table not configured to allow response. So answer is C.
upvoted 1 times
...
...
cldy
3 years, 8 months ago
C. Right
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel