Answer-first summary for fast verification
Answer: Use AWS Network Manager to perform a route analysis for the transit gateway network. Specify the existing EC2 instance as the source. Specify the first domain controller as the destination. Repeat the route analysis for the second domain controller., Review the VPC flow logs on the shared services VPC and the new VPC.
To identify the cause of the issue with the least operational overhead, the best approach is to first ensure that the network routes are correctly configured and that there is connectivity between the new EC2 instance and the domain controllers. Option A suggests using AWS Network Manager to perform a route analysis, which is a straightforward way to verify that the routes are correctly set up for the transit gateway, shared services VPC, and new VPC. This can help identify any misconfigurations in the routing that might be preventing the EC2 instance from joining the domain. Option C suggests reviewing the VPC flow logs, which can provide detailed information about the traffic between the EC2 instance and the domain controllers, including any dropped packets or denied connections. This can help identify if there are any security group or network ACL issues that are blocking the necessary traffic. Both options A and C are non-intrusive and provide valuable insights into the network configuration and traffic flow without requiring significant changes or additional resources.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company has a shared services VPC containing two domain controllers in private subnets. A new application is being deployed in a separate VPC on an Amazon EC2 Windows Server instance, which needs to join the existing Windows domain hosted by the domain controllers. Both VPCs are connected via a transit gateway, and route tables for the transit gateway, shared services VPC, and new VPC have been updated. Security groups for the domain controllers and instance are configured to allow only necessary domain operation ports. Despite these configurations, the instance cannot join the domain.
Which two actions should be taken to identify the root cause of this issue with minimal operational overhead? (Choose two.)
A
Use AWS Network Manager to perform a route analysis for the transit gateway network. Specify the existing EC2 instance as the source. Specify the first domain controller as the destination. Repeat the route analysis for the second domain controller.
B
Use port mirroring with the existing EC2 instance as the source and another EC2 instance as the target to obtain packet captures of the connection attempts.
C
Review the VPC flow logs on the shared services VPC and the new VPC.
D
Issue a ping command from one of the domain controllers to the existing EC2 instance.
E
Ensure that route propagation is turned off on the shared services VPC.