Q98 — AWS SCS-C02 Ch.1

Question 98 of 100 | ← Chapter 1

While securing the connection between a company’s VPC and its on-premises data center, a security engineer sent a ping command from an on-premises host (IP address 203.0.113.12) to an Amazon EC2 instance (IP address 172.31.16.139). The ping command did not return a response. The flow log in the VPC showed the following: What action should be performed to allow the ping to work?

Correct Answer: D. In the VPC’s NACL, allow outbound ICMP traffic.

Explanation

根据题目描述,ping命令没有返回响应,流日志显示有拒绝的流量。ICMP协议通常用于网络诊断和Echo请求/响应消息。为了允许ping命令正常工作,需要在VPC的网络ACL(NACL)中允许出站ICMP流量。选项D是正确的,因为它涉及在VPC的NACL中允许出站ICMP流量。