Topic 1 Question 125
A company plans to run a computationally intensive data processing application on AWS. The data is highly sensitive. The VPC must have no direct internet access, and the company has applied strict network security to control access.
Data scientists will transfer data from the company's on-premises data center to the instances by using an AWS Site-to-Site VPN connection. The on-premises data center uses the network range 172.31.0.0/20 and will use the network range 172.31.16.0/20 in the application VPC.
The data scientists report that they can start new instances of the application but that they cannot transfer any data from the on-premises data center. A network engineer enables VPC flow logs and sends a ping to one of the instances to test reachability. The flow logs show the following:
The network engineer must recommend a solution that will give the data scientists the ability to transfer data from the on-premises data center.
Which solution will meet these requirements?
Modify the security group for the application. Add an inbound rule to allow traffic from the on-premises data center network range to the application.
Modify the network ACLs for the VPC subnet. Add an inbound rule to allow traffic from the on-premises data center network range to the VPC subnet range.
Modify the network ACLs for the VPC subnet. Add an outbound rule to allow traffic from the VPC subnet range to the on-premises data center network range.
Modify the security group for the application. Add an outbound rule to allow traffic from the application to the on-premises data center network range.
ユーザの投票
コメント(9)
- 正解だと思う選択肢: C
issue with Outbound NACL
👍 3RVD2023/06/17 Answer should be C
👍 2Awadhesh2023/06/06C for sure
👍 2tcp222023/06/19
シャッフルモード