Q53 — AWS ANS-C01 Ch.1
Question 53 of 100 | ← Chapter 1
A company has a global network and is using transit gateways to connect AWS Regions together. The company finds that two Amazon EC2 Instances in different Regions are unable to communicate with each other. A network engineer needs to troubleshoot this connectivity issue. What should the network engineer do to meet this requirement?
- A. Use AWS Network Manager Route Analyzer to analyze routes in the transit gateway route tables and in the VPC route tables. Use VPC flow Logs to analyze the IP traffic that security group rules and network ACL rules accept or reject in the VPC.
- B. Use AWS Network Manager Route Analyzer to analyze routes in the transit gateway route tables. Verify that the VPC route tables are Correct. Use AWS Firewall Manager to analyze the IP traffic that security group rules and network ACL rules accept or reject in the VPC.
- C. Use AWS Network Manager Route Analyzer to analyze routes in the transit gateway route tables. Verify that the VPC route tables are Correct. Use VPC flow logs to analyze the IP traffic that security group rules and network ACL rules accept or reject in the VPC. ✓
- D. Use VPC Reachability Analyzer to analyze routes in the transit gateway route tables. Verify that the VPC route tables are correct. Use VPC Flow logs to analyze the IP traffic that security group rules and network ACL rules accept or reject in the VPC.
Correct Answer: C. Use AWS Network Manager Route Analyzer to analyze routes in the transit gateway route tables. Verify that the VPC route tables are Correct. Use VPC flow logs to analyze the IP traffic that security group rules and network ACL rules accept or reject in the VPC.
Explanation
AWS Transit Gateway连接多个区域时,路由表和VPC配置是关键。AWS官方文档指出,Transit Gateway的路由表必须正确传播各区域的路由,VPC子网路由表需指向Transit Gateway。VPC流日志用于监控安全组和网络ACL的流量拦截情况。选项A的错误在于使用Route Analyzer检查VPC路由表,Route Analyzer仅适用于Transit Gateway路由分析。选项B的Firewall Manager不适合分析具体流量拦截情况。选项D的Reachability Analyzer用于路径测试而非路由表分析。选项C正确组合了Route Analyzer检查Transit Gateway路由、手动验证VPC路由表、VPC流日志分析流量拦截。