ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 355 discussion

Exam question from Amazon's ANS-C00
Question #: 355
Topic #: 1
[All ANS-C00 Questions]

A company installed an AWS Site-to-Site VPN and configured it to use two tunnels. The company has learned that the VPN connectivity is unstable. During a ping test from the on-premises data center to AWS, a network engineer notices that the first few ICMP replies time out but that subsequent requests are successful.
The AWS Management Console shows that the status for both tunnels last changed at the same time the ping responses were successfully received.
Which steps should the network engineer take to resolve the instability? (Choose two.)

  • A. Enable dead peer detection (DPD) on the customer gateway device.
  • B. Change the tunnel configuration to active/standby on the virtual private gateway.
  • C. Use AS PATH prepending on one path to cause all traffic to prefer that tunnel.
  • D. Send ICMP requests to an instance in the VPC every 5 seconds from the on-premises network.
  • E. Use a higher multi-exit discriminator (MED) value on the preferred path to prefer that tunnel.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by walkwolf3 at Sept. 1, 2021, 7:49 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
walkwolf3
Highly Voted 3 years, 8 months ago
AD A. Dead Peer Detection (DPD) is a method of detecting a dead Internet Key Exchange (IKE) peer. The method uses IPsec traffic patterns to minimize the number of messages required to confirm the availability of a peer. But keep in mind, you need to ensure both ends agree the parameters of BPD, otherwise, BPD could cause issue. https://en.wikipedia.org/wiki/Dead_Peer_Detection B. Wrong. AWS suggests to keep both tunnels' up as active/active, active/standby won't help. C. Wrong. AS Path prepending will make that path to be less preferrable. D. If you're experiencing idle timeouts due to low traffic on a VPN tunnel: Be sure that there's constant bidirectional traffic between your local network and your VPC. If necessary, create a host that sends ICMP requests to an instance in your VPC every 5 seconds. https://aws.amazon.com/premiumsupport/knowledge-center/vpn-tunnel-instability-inactivity/ E. Wrong. The path with the lowest MED value is preferred. https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNRoutingTypes.html
upvoted 16 times
ptpho
3 years, 7 months ago
Agreed with AD
upvoted 1 times
ptpho
3 years, 7 months ago
They used DPD to detect and the recommended method is send ping from on-prems to any reachable resources in VPC in each every 5s
upvoted 1 times
...
...
...
Marty2021
Most Recent 2 years, 11 months ago
Selected Answer: AD
Agree on A and D, MED and Path Prepending are traffic steering mechanisms
upvoted 2 times
...
clooudy
3 years ago
Selected Answer: AD
Answer A and D
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel