Answer-first summary for fast verification
Answer: Disable source/destination checks on the EC2 instances running the proxy software.
The correct answer is A: Disable source/destination checks on the EC2 instances running the proxy software. In AWS, instances are designed to reject traffic that is not specifically addressed to them (source/destination checks). Since the proxy EC2 instances need to intercept and forward traffic not explicitly addressed to them, source/destination checks must be disabled to allow this behavior. This change will enable the instances to properly route internet traffic through the configured proxies.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company has introduced a new security policy that mandates scanning all traffic from AWS instances within its VPC for security policy violations, enabling the blocking of access to and from specific IP addresses. To comply, the company has set up Amazon EC2 instances in private subnets as transparent proxies, installed approved proxy software on these instances, and configured route tables to route traffic through these proxies. Additionally, security groups adhering to the security policies have been assigned to these EC2 instances. Despite these measures, internet traffic from the EC2 instances in the private subnets is not being correctly routed. What action should a solutions architect take to rectify this issue?
A
Disable source/destination checks on the EC2 instances running the proxy software.
B
Add a rule to the security group assigned to the proxy EC2 instances to allow all traffic between instances with this security group, and apply this security group to all EC2 instances in the VPC.
C
Modify the VPC's DHCP options set to direct DNS server options to the IP addresses of the proxy EC2 instances.
D
Attach an additional elastic network interface to each proxy EC2 instance, ensuring one interface routes to the private subnets and the other routes to the internet.