Q77 — AWS SOA-C02 Ch.1

Question 77 of 100 | ← Chapter 1

A company has set up an IPsec tunnel between its AWS environment and its on-premises data center. The tunnel is reporting as UP, but the Amazon EC2 instances are not able to ping any on-premises resources. What should a SysOps administrator do to resolve this issue?

Correct Answer: C. Enable route propagation for the virtual private gateway in the route table that is assigned to the subnet of the EC2 instances.

Explanation

IPsec隧道状态正常但EC2实例无法与本地资源通信,通常涉及路由问题。AWS文档指出,虚拟私有网关必须将路由传播到子网的路由表,流量才能通过VPN正确路由。选项C的启用路由传播确保本地网络的路径添加到EC2实例所在子网的路由表中。选项A的安全组允许ICMP可能相关,但问题更可能由缺失路由导致。选项B的VPC对等连接不适用于混合环境VPN场景。选项D的DHCP选项集不影响路由配置。正确答案为C。