AWS Certified Advanced Networking - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Appliance mode is not enabled on the transit gateway attachment to the shared services VPC.

The issue described involves inter-VPC traffic dropping between different Availability Zones, with the cause not being security groups, stateful device configurations, or network ACLs. The key to solving this problem lies in understanding the role of the transit gateway and its configuration, specifically the 'Appliance Mode'. Appliance Mode is a feature of AWS Transit Gateway that, when enabled on a VPC attachment, ensures that traffic between Availability Zones within the same VPC is routed through the same stateful appliance for inspection. This is crucial for maintaining stateful inspection across Availability Zones. If Appliance Mode is not enabled on the transit gateway attachment to the shared services VPC, traffic between Availability Zones may not be routed through the stateful appliances correctly, leading to dropped traffic. Therefore, the correct answer is that Appliance Mode is not enabled on the transit gateway attachment to the shared services VPC.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Appliance mode is not enabled on the transit gateway attachment to the shared services VPC.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company has stateful security appliances deployed across multiple Availability Zones within a centralized shared services VPC. The AWS environment includes a transit gateway connected to both application VPCs and the shared services VPC. Workloads in the application VPCs are deployed in private subnets spanning multiple Availability Zones, and all east-west (VPC-to-VPC) traffic is inspected by the stateful appliances in the shared services VPC. Users report dropped inter-VPC traffic between workloads in different Availability Zones, confirmed by ICMP pings. The network engineer has eliminated security groups, stateful device configurations, and network ACLs as potential causes. What is the reason for the dropped traffic?

Exam-Like

The stateful appliances and the transit gateway attachments are deployed in a separate subnet in the shared services VPC.

0.0%

Appliance mode is not enabled on the transit gateway attachment to the shared services VPC.

100.0%

The stateful appliances and the transit gateway attachments are deployed in the same subnet in the shared services VPC.

Appliance mode is not enabled on the transit gateway attachment to the application VPCs.