ANS-C01 · Question #155
ANS-C01 Question #155: Real Exam Question with Answer & Explanation
Sign in or unlock ANS-C01 to reveal the answer and full explanation for question #155. The question stem and answer options stay visible for context.
Question
A company plans to run a computationally intensive data processing application on AWS. The data is highly sensitive. The VPC must have no direct internet access, and the company has applied strict network security to control access. Data scientists will transfer data from the company's on-premises data center to the instances by using an AWS Site-to-Site VPN connection. The on-premises data center uses the network range 172.31.0.0/20 and will use the network range 172.31.16.0/20 in the application VPC. The data scientists report that they can start new instances of the application but that they cannot transfer any data from the on-premises data center. A network engineer enables VPC flow logs and sends a ping to one of the instances to test reachability. The flow logs show the following: The network engineer must recommend a solution that will give the data scientists the ability to transfer data from the on-premises data center. Which solution will meet these requirements?
Options
- AModify the security group for the application. Add an inbound rule to allow traffic from the on-
- BModify the network ACLs for the VPC subnet. Add an inbound rule to allow traffic from the on-
- CModify the network ACLs for the VPC subnet. Add an outbound rule to allow traffic from the VPC
- DModify the security group for the application. Add an outbound rule to allow traffic from the
Unlock ANS-C01 to see the answer
You've previewed enough free ANS-C01 questions. Unlock ANS-C01 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.