AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 63

An organization has ordered a new AWS Direct Connect connection. The AWS Management Console reports that the connection is available and BGP status is up. However, the networking team is not able to reach instances in the VPC using ping on the organization's private IP address.
What could cause this connectivity issue? (Choose two.)

Answer options

• A. The VGW is not advertising the correct CIDR range back on-premises.
• B. The instance security group does not allow ICMP traffic.
• C. A public virtual interface must be configured for Amazon EC2 connectivity.
• D. The on-premises router is not advertising the correct CIDR range to AWS.
• E. There is a misconfiguration of the bi-directional forwarding detection.

Correct answer: B, D

Explanation

The correct answer B indicates that if the instance's security group does not allow ICMP traffic, it would prevent ping requests from being successful. Answer D is also correct because if the on-premises router is not advertising the correct CIDR range to AWS, it could lead to routing issues, preventing connectivity. The other options do not directly relate to the immediate issue of pinging the instances.