AWS Certified Advanced Networking - Specialty
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
A company has a shared services VPC containing two domain controllers in private subnets. A new application is being deployed in a separate VPC on an Amazon EC2 Windows Server instance, which needs to join the existing Windows domain hosted by the domain controllers. Both VPCs are connected via a transit gateway, and route tables for the transit gateway, shared services VPC, and new VPC have been updated. Security groups for the domain controllers and instance are configured to allow only necessary domain operation ports. Despite these configurations, the instance cannot join the domain.
Which two actions should be taken to identify the root cause of this issue with minimal operational overhead? (Choose two.)
A
Use AWS Network Manager to perform a route analysis for the transit gateway network. Specify the existing EC2 instance as the source. Specify the first domain controller as the destination. Repeat the route analysis for the second domain controller.
B
Use port mirroring with the existing EC2 instance as the source and another EC2 instance as the target to obtain packet captures of the connection attempts.
C
Review the VPC flow logs on the shared services VPC and the new VPC.
D
Issue a ping command from one of the domain controllers to the existing EC2 instance.
E
Ensure that route propagation is turned off on the shared services VPC.