ANS-C01 · Question #37
ANS-C01 Question #37: Real Exam Question with Answer & Explanation
Sign in or unlock ANS-C01 to reveal the answer and full explanation for question #37. The question stem and answer options stay visible for context.
Question
A company has deployed a critical application on a fleet of Amazon EC2 instances behind an Application Load Balancer. The application must always be reachable on port 443 from the public internet. The application recently had an outage that resulted from an incorrect change to the EC2 security group. A network engineer needs to automate a way to verify the network connectivity between the public internet and the EC2 instances whenever a change is made to the security group. The solution also must notify the network engineer when the change affects the connection. Which solution will meet these requirements?
Options
- AEnable VPC Flow Logs on the elastic network interface of each EC2 instance to capture REJECT
- BEnable VPC Flow Logs on the elastic network interface of each EC2 instance to capture all traffic
- CCreate a VPC Reachability Analyzer path on port 443. Specify the security group as the source.
- DCreate a VPC Reachability Analyzer path on port 443. Specify the internet gateway of the VPC as
Unlock ANS-C01 to see the answer
You've previewed enough free ANS-C01 questions. Unlock ANS-C01 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.