AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 345

A company wants to use thin clients running virtual desktops to replace 500 desktop computers used by its call center employees. The company is evaluating
Amazon WorkSpaces as a solution.
A network engineer who is testing with a thin client is unable to connect to Amazon WorkSpaces. After entering credentials, the network engineer receives the following error:
`An error occurred while launching your WorkSpace. Please try again.`
What should the network engineer do to resolve this issue?

Answer options

• A. Update the inbound rules on the network ACL on the subnets used for Amazon WorkSpaces to allow UDP on port 4172 and TCP on port 4172.
• B. Update the company's corporate firewall to allow outbound access to UDP on port 4172 and TCP on port 4172. Open inbound ephemeral ports explicitly to allow return communication.
• C. Update the inbound rules on the security group assigned to Amazon WorkSpaces to allow UDP on port 4172 and TCP on port 4172.
• D. Update the company's corporate firewall to allow inbound access to UDP on port 4172 and TCP on port 4172. Open outbound ephemeral ports explicitly to allow return communication.

Correct answer: C

Explanation

The error message shown indicates that authentication was successful (which uses TCP port 443), but the WorkSpaces client failed to establish the streaming connection. To fix this, the security group associated with the Amazon WorkSpaces must be configured to allow inbound TCP and UDP traffic on port 4172. Modifying network ACLs or the corporate firewall in the manners described in the other options will not resolve this specific security group restriction on the AWS side.