Examtopics

AWS Certified Advanced Networking - Specialty

  • Topic 1 Question 151

    A company is using a shared services VPC with two domain controllers. The domain controllers are deployed in the company's private subnets. The company is deploying a new application into a new VPC in the account. The application will be deployed onto an Amazon EC2 for Windows Server instance in the new VPC. The instance must join the existing Windows domain that is supported by the domain controllers in the shared services VPC.

    A transit gateway is attached to both the shared services VPC and the new VPC. The company has updated the route tables for the transit gateway, the shared services VPC, and the new VPC. The security groups for the domain controllers and the instance are updated and allow traffic only on the ports that are necessary for domain operations. The instance is unable to join the domain that is hosted on the domain controllers.

    Which combination of actions will help identify the cause of this issue with the LEAST operational overhead?

    2 つ選択

    • Use AWS Network Manager to perform a route analysis for the transit gateway network. Specify the existing EC2 instance as the source. Specify the first domain controller as the destination. Repeat the route analysis for the second domain controller.

    • Use port mirroring with the existing EC2 instance as the source and another EC2 instance as the target to obtain packet captures of the connection attempts.

    • Review the VPC flow logs on the shared services VPC and the new VPC.

    • Issue a ping command from one of the domain controllers to the existing EC2 instance.

    • Ensure that route propagation is turned off on the shared services VPC.

    シャッフルモード