BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam SAP-C02 Topic 1 Question 43 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 43
Topic #: 1
[All SAP-C02 Questions]

A company has implemented a new security requirement According to the new requirement, the company must scan all traffic from corporate AWS instances in the company's VPC for violations of the company's security policies. As a result of these scans the company can block access to and from specific IP addresses.

To meet the new requirement, the company deploys a set of Amazon EC2 instances in private subnets to serve as transparent proxies The company installs approved proxy server software on these EC2 instances The company modifies the route tables on all subnets to use the corresponding EC2 instances with proxy software as the default route The company also creates security groups that are compliant with the security policies and assigns these security groups to the EC2 instances

Despite these configurations, the traffic of the EC2 instances in their private subnets is not being properly forwarded to the internet.

What should a solutions architect do to resolve this issue?

Show Suggested Answer Hide Answer
Suggested Answer: A

Identify Proxy EC2 Instances:

Determine which EC2 instances in the private subnets are running the proxy server software.

Disable Source/Destination Checks:

For each of these EC2 instances, go to the AWS Management Console.

Navigate to the EC2 dashboard, select the instance, and choose 'Actions' > 'Networking' > 'Change Source/Dest. Check'.

Disable the source/destination check for these instances.

Disabling source/destination checks allows the EC2 instances to route traffic appropriately, enabling them to function as network appliances or proxies. This ensures that traffic from other instances in the private subnets can be routed through the proxy instances to the internet, meeting the company's security requirements.

Reference

Amazon EC2 User Guide on Source/Destination Checks


by Chaya at Sep 16, 2024, 10:51 PM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Melinda
20 days ago
Option D looks like the most comprehensive solution. Splitting the network interfaces and routing appropriately seems like the way to go. Just don't forget to check for any 'Socks in the proxy' issues!
upvoted 0 times
Carole
8 days ago
Splitting the network interfaces and routing appropriately seems like the way to go.
upvoted 0 times
...
Susana
9 days ago
Option D looks like the most comprehensive solution.
upvoted 0 times
...
...
Pete
28 days ago
Ha! Changing the DHCP options to point to the proxy instances? That's like trying to fit a square peg into a round hole. Not the most elegant solution if you ask me.
upvoted 0 times
...
Felix
29 days ago
Hmm, adding a rule to the security group to allow all traffic seems a bit risky. I'd prefer a more targeted approach like option D.
upvoted 0 times
Kasandra
2 days ago
I agree, option D seems like a more secure solution.
upvoted 0 times
...
...
Dong
1 months ago
I'm not sure about that. Disabling source/destination checks could open up some security vulnerabilities. Maybe we should consider option D instead?
upvoted 0 times
Willetta
4 days ago
Option D sounds like a better solution. Assigning additional network interfaces could help with forwarding the traffic properly.
upvoted 0 times
...
Rueben
5 days ago
I think you're right. Disabling source/destination checks might not be the best option.
upvoted 0 times
...
...
Thaddeus
1 months ago
I think changing the VPC's DHCP options set to point to the addresses of the proxy EC2 instances is the best solution to resolve the issue.
upvoted 0 times
...
Royal
2 months ago
Option A seems like the way to go. Disabling source/destination checks should allow the traffic to flow properly through the proxy instances.
upvoted 0 times
Teresita
25 days ago
D) Assign one additional elastic network interface to each proxy EC2 instance Ensure that one of these network interfaces has a route to the private subnets Ensure that the other network interface has a route to the internet.
upvoted 0 times
...
Bette
26 days ago
Yes, that could be the issue. Disabling source/destination checks might help.
upvoted 0 times
...
Willow
29 days ago
A) Disable source'destination checks on the EC2 instances that run the proxy software
upvoted 0 times
...
...
Clemencia
2 months ago
I disagree, I believe adding a rule to the security group to allow all traffic between instances with the security group assigned is the way to go.
upvoted 0 times
...
Essie
2 months ago
I think the solution architect should disable source'destination checks on the EC2 instances running the proxy software.
upvoted 0 times
...

Save Cancel