AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
A company has introduced a new security policy that mandates scanning all traffic from AWS instances within its VPC for security policy violations, enabling the blocking of access to and from specific IP addresses. To comply, the company has set up Amazon EC2 instances in private subnets as transparent proxies, installed approved proxy software on these instances, and configured route tables to route traffic through these proxies. Additionally, security groups adhering to the security policies have been assigned to these EC2 instances. Despite these measures, internet traffic from the EC2 instances in the private subnets is not being correctly routed. What action should a solutions architect take to rectify this issue?
A
Disable source/destination checks on the EC2 instances running the proxy software.
B
Add a rule to the security group assigned to the proxy EC2 instances to allow all traffic between instances with this security group, and apply this security group to all EC2 instances in the VPC.
C
Modify the VPC's DHCP options set to direct DNS server options to the IP addresses of the proxy EC2 instances.
D
Attach an additional elastic network interface to each proxy EC2 instance, ensuring one interface routes to the private subnets and the other routes to the internet.