Q97 — AWS ANS-C01 Ch.1
Question 97 of 100 | ← Chapter 1
A company has stateful security appliances that are deployed to multiple Availability Zones in a centralized shared services VPC. The AWS Environment includes a transit gateway that is attached to application VPCs and the shared services VPC. The application VPCs have workloads That are deployed in private subnets across multiple Availability Zones. The stateful appliances in the shared services VPC inspect all east west (VPC-to-VPC) tra¨c. Users report that inter-VPC tra¨c to different Availability Zones is dropping. A network engineer veri¦ed this claim by issuing Internet Control Message Protocol (ICMP) pings between workloads in different Availability Zones across the application VPCs. The network engineer has ruled Out security groups, stateful device con¦gurations and network ACLs as the cause of the dropped tra¨c What is causing the tra¨c to drop?
- A. The stateful appliances and the transit gateway attachments are deployed in a separate subnet in the shared services VPC.
- B. Appliance mode is not enabled on the transit gateway attachment to the shared services VPC. ✓
- C. The stateful appliances and the transit gateway attachments are deployed in the same subnet in the shared services VPC
- D. Appliance mode is not enabled on the transit gateway attachment to the application VPCs.
Correct Answer: B. Appliance mode is not enabled on the transit gateway attachment to the shared services VPC.
Explanation
在这种网络架构中,用户报告跨不同可用区的VPC间流量下降,且已排除安全组、有状态设备配置和网络ACL等因素。选项A中关于子网部署位置不是导致流量下降的关键原因。选项C子网部署位置相同与否并非问题所在。而选项B中,如果在共享服务VPC的中转网关附件上未启用设备模式,就可能导致流量无法正常处理和传输,从而造成流量下降。因此,答案选B。 查看全部