Answer-first summary for fast verification
Answer: Ensure that the NACL associated with the logging service subnet permits traffic to and from the NLB subnets. Also, confirm that the NACL linked to the NLB subnet allows traffic to and from the logging service subnets where EC2 instances are running., Examine the security group settings for the EC2 instances running the logging service to ensure they accept incoming traffic from the NLB subnets.
The correct answers are A and C. Option A ensures that the Network ACLs (NACLs) are correctly configured to allow communication between the logging service subnets and the NLB subnets, which is crucial for proper routing of traffic. Option C addresses the security group settings for the EC2 instances running the logging service, ensuring they allow ingress from the NLB subnets. Together, these steps ensure that network traffic can properly flow to and from the logging service and the NLB, resolving connectivity issues. This aligns with AWS best practices for configuring security groups and NACLs when using AWS PrivateLink and Network Load Balancers.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company is developing a centralized logging service on Amazon EC2 to collect and analyze logs from numerous AWS accounts. They are utilizing AWS PrivateLink for secure connectivity between client services and the logging service. In each client AWS account, an interface endpoint for the logging service has been established and is operational. The logging service, hosted on EC2 instances with a Network Load Balancer (NLB), is deployed across multiple subnets. However, clients are experiencing difficulties in sending logs through the VPC endpoint. What should a solutions architect do to address this connectivity issue? (Select two actions.)
A
Ensure that the NACL associated with the logging service subnet permits traffic to and from the NLB subnets. Also, confirm that the NACL linked to the NLB subnet allows traffic to and from the logging service subnets where EC2 instances are running.
B
Verify that the NACL attached to the logging service subnets enables traffic to and from the interface endpoint subnets. Additionally, check that the NACL connected to the interface endpoint subnet allows traffic to and from the logging service subnets hosting EC2 instances.
C
Examine the security group settings for the EC2 instances running the logging service to ensure they accept incoming traffic from the NLB subnets.
D
Review the security group configuration for the EC2 instances hosting the logging service to confirm they allow incoming traffic from the clients.
E
Inspect the security group for the NLB to guarantee it accepts incoming traffic from the interface endpoint subnets.