A company is deploying a computationally intensive data processing application on AWS with highly sensitive data. The VPC is configured without direct internet access, and strict network security controls are in place. Data scientists need to transfer data from the on-premises data center (using the network range 172.31.0.0/20) to the application VPC (using the network range 172.31.16.0/20) via an AWS Site-to-Site VPN connection. However, they can launch application instances but cannot transfer data. A network engineer enabled VPC flow logs and tested reachability by pinging an instance, observing the flow logs.

What solution should the network engineer recommend to enable data transfer from the on-premises data center while meeting the requirements?

Exam-Like

Modify the security group for the application. Add an inbound rule to allow traffic from the on-premises data center network range to the application.

22.2%

Modify the network ACLs for the VPC subnet. Add an inbound rule to allow traffic from the on-premises data center network range to the VPC subnet range.

33.3%

Modify the network ACLs for the VPC subnet. Add an outbound rule to allow traffic from the VPC subnet range to the on-premises data center network range.

22.2%

Modify the security group for the application. Add an outbound rule to allow traffic from the application to the on-premises data center network range.

22.2%

AWS Certified Advanced Networking - Specialty

Comments

Get started today