Answer-first summary for fast verification
Answer: Disable the Network Source/Destination check on the security appliance's elastic network interface.
The correct answer is C. In AWS, an elastic network interface (ENI) has a source/destination check enabled by default. This feature ensures that the instance is either the source or destination of any traffic it sends or receives. However, for a virtual security appliance to route traffic, it needs to handle traffic not originally destined for it. Disabling the Network Source/Destination check on the security appliance's ENI allows it to forward traffic to other destinations, effectively functioning as a router.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
In a test environment, a systems engineer is troubleshooting connectivity issues involving a virtual security appliance deployed inline. The development team aims to use both security groups and network ACLs to fulfill specific security requirements. What specific configuration is required on the virtual security appliance to ensure it can effectively route traffic within this setup?
A
Disable network ACLs.
B
Configure the security appliance's elastic network interface for promiscuous mode.
C
Disable the Network Source/Destination check on the security appliance's elastic network interface.
D
Place the security appliance in the public subnet with the internet gateway.
No comments yet.