AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 68

A network engineer deploys an application in a private subnet in a VPC that connects to many external video feed providers using RTMP over the internet. A NAT gateway has been deployed in a public subnet and is working as expected. From the Amazon EC2 instance, the application is able to connect to all feed providers except one, which hangs when connecting. Manually testing a connection from an Amazon EC2 instance in the public subnet to the problem feed indicates that the feed works as expected.
What is causing this issue?

Answer options

• A. The NAT gateway does not support fragmented packets.
• B. The internet gateway only supports an MTU of 1500 bytes.
• C. An Amazon EC2 instance expects to communicate with an MTU of 9001.
• D. The security group on the instances does not allow PMTUD.

Correct answer: D

Explanation

The correct answer is D because if the security group does not allow Path Maximum Transmission Unit Discovery (PMTUD), it can prevent the application from establishing connections properly, especially for larger packets. Option A is incorrect since NAT gateways can handle fragmented packets. Option B is irrelevant as the issue is not about the internet gateway's MTU, and option C does not directly impact the connection issue being faced.