Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SAP-C02 Topic 1 Question 43 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 43
Topic #: 1
[All SAP-C02 Questions]

A company has implemented a new security requirement According to the new requirement, the company must scan all traffic from corporate AWS instances in the company's VPC for violations of the company's security policies. As a result of these scans the company can block access to and from specific IP addresses.

To meet the new requirement, the company deploys a set of Amazon EC2 instances in private subnets to serve as transparent proxies The company installs approved proxy server software on these EC2 instances The company modifies the route tables on all subnets to use the corresponding EC2 instances with proxy software as the default route The company also creates security groups that are compliant with the security policies and assigns these security groups to the EC2 instances

Despite these configurations, the traffic of the EC2 instances in their private subnets is not being properly forwarded to the internet.

What should a solutions architect do to resolve this issue?

Show Suggested Answer Hide Answer
Suggested Answer: A

Identify Proxy EC2 Instances:

Determine which EC2 instances in the private subnets are running the proxy server software.

Disable Source/Destination Checks:

For each of these EC2 instances, go to the AWS Management Console.

Navigate to the EC2 dashboard, select the instance, and choose 'Actions' > 'Networking' > 'Change Source/Dest. Check'.

Disable the source/destination check for these instances.

Disabling source/destination checks allows the EC2 instances to route traffic appropriately, enabling them to function as network appliances or proxies. This ensures that traffic from other instances in the private subnets can be routed through the proxy instances to the internet, meeting the company's security requirements.

Reference

Amazon EC2 User Guide on Source/Destination Checks


Contribute your Thoughts:

Melinda
2 months ago
Option D looks like the most comprehensive solution. Splitting the network interfaces and routing appropriately seems like the way to go. Just don't forget to check for any 'Socks in the proxy' issues!
upvoted 0 times
Stefan
22 days ago
Just don't forget to check for any 'Socks in the proxy' issues!
upvoted 0 times
...
Carole
1 months ago
Splitting the network interfaces and routing appropriately seems like the way to go.
upvoted 0 times
...
Susana
1 months ago
Option D looks like the most comprehensive solution.
upvoted 0 times
...
...
Pete
2 months ago
Ha! Changing the DHCP options to point to the proxy instances? That's like trying to fit a square peg into a round hole. Not the most elegant solution if you ask me.
upvoted 0 times
...
Felix
2 months ago
Hmm, adding a rule to the security group to allow all traffic seems a bit risky. I'd prefer a more targeted approach like option D.
upvoted 0 times
Sang
24 days ago
Yeah, option D with additional network interfaces seems like a safer bet.
upvoted 0 times
...
Samira
25 days ago
I think option D is the best choice to ensure proper forwarding of traffic.
upvoted 0 times
...
Kasandra
1 months ago
I agree, option D seems like a more secure solution.
upvoted 0 times
...
...
Dong
2 months ago
I'm not sure about that. Disabling source/destination checks could open up some security vulnerabilities. Maybe we should consider option D instead?
upvoted 0 times
Lettie
26 days ago
Agreed. Option D seems like the best course of action to ensure the traffic is properly forwarded.
upvoted 0 times
...
Marge
29 days ago
Let's go with option D then. It seems like the most secure and effective way to resolve the issue.
upvoted 0 times
...
Willetta
1 months ago
Option D sounds like a better solution. Assigning additional network interfaces could help with forwarding the traffic properly.
upvoted 0 times
...
Rueben
1 months ago
I think you're right. Disabling source/destination checks might not be the best option.
upvoted 0 times
...
...
Thaddeus
2 months ago
I think changing the VPC's DHCP options set to point to the addresses of the proxy EC2 instances is the best solution to resolve the issue.
upvoted 0 times
...
Royal
3 months ago
Option A seems like the way to go. Disabling source/destination checks should allow the traffic to flow properly through the proxy instances.
upvoted 0 times
Teresita
2 months ago
D) Assign one additional elastic network interface to each proxy EC2 instance Ensure that one of these network interfaces has a route to the private subnets Ensure that the other network interface has a route to the internet.
upvoted 0 times
...
Bette
2 months ago
Yes, that could be the issue. Disabling source/destination checks might help.
upvoted 0 times
...
Willow
2 months ago
A) Disable source'destination checks on the EC2 instances that run the proxy software
upvoted 0 times
...
...
Clemencia
3 months ago
I disagree, I believe adding a rule to the security group to allow all traffic between instances with the security group assigned is the way to go.
upvoted 0 times
...
Essie
3 months ago
I think the solution architect should disable source'destination checks on the EC2 instances running the proxy software.
upvoted 0 times
...

Save Cancel