Answer-first summary for fast verification
Answer: Update the core network policy to configure segment sharing. Share the production segment with the security segment., Update the core network policy to create a static route for the production segment. Specify 0.0.0.0/0 as the destination CIDR block. Specify the outbound inspection VPC as an attachment.
To resolve the issue where the Amazon EC2 instance in the production VPC cannot reach the internet, the company needs to ensure that internet-bound traffic from the production VPC is correctly routed through the outbound inspection VPC for inspection by the AWS Network Firewall. This involves updating the core network policy to create a static route for the production segment that specifies 0.0.0.0/0 as the destination CIDR block and the outbound inspection VPC as an attachment. This ensures all internet-bound traffic from the production VPC is routed through the outbound inspection VPC. Additionally, the company should update the core network policy to configure segment sharing between the production segment and the security segment. This allows the production segment to share its routes with the security segment, ensuring that traffic can flow between these segments as required for inspection.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company is using AWS Cloud WAN with an edge location in the us-east-1 Region, featuring a production segment and a security segment under a default core network policy. They have a production VPC for workloads and an outbound inspection VPC to inspect internet-bound traffic from the production VPC. The production VPC is attached to the production segment, and the outbound inspection VPC is attached to the security segment. An AWS Network Firewall in the outbound inspection VPC inspects internet-bound traffic. The production VPC’s route table is updated to send all internet-bound traffic to the AWS Cloud WAN core network, and the outbound inspection VPC’s route table ensures the Network Firewall inspects outgoing and incoming traffic. During testing, an EC2 instance in the production VPC cannot access the internet, but the Network Firewall rules are confirmed not to be blocking the traffic. Which two steps should be taken to resolve this issue?
A
Update the core network policy to configure segment sharing. Share the production segment with the security segment.
B
Update the core network policy to create a static route for the security segment. Specify 0.0.0.0/0 as the destination CIDR block. Specify the outbound inspection VPC as an attachment.
C
Update the core network policy to create a static route for the production segment. Specify 0.0.0.0/0 as the destination CIDR block. Specify the outbound inspection VPC as an attachment.
D
Update the core network policy to create a static route for the production segment. Specify 10.2.0.0/16 as the destination CIDR block. Specify the outbound inspection VPC as an attachment.
E
Create an attachment to attach the outbound inspection VPC to the production segment. Update the core network policy to turn on isolated attachment for the production segment.