A company is using a shared services VPC with two domain controllers. The domain controll…

Question

A company is using a shared services VPC with two domain controllers. The domain controllers are deployed in the company's private subnets. The company is deploying a new application into a new VPC in the account. The application will be deployed onto an Amazon EC2 for Windows Server instance in the new VPC. The instance must join the existing Windows domain that is supported by the domain controllers in the shared services VPC. A transit gateway is attached to both the shared services VPC and the new VPC. The company has updated the route tables for the transit gateway, the shared services VPC, and the new VPC. The security groups for the domain controllers and the instance are updated and allow traffic only on the ports that are necessary for domain operations. The instance is unable to join the domain that is hosted on the domain controllers. Which combination of actions will help identify the cause of this issue with the LEAST operational overhead? (Choose two.)

Accepted Answer

Correct answer: A, C. A. Use AWS Network Manager to perform a route analysis for the transit gateway network. Specify the existing EC2 instance as the source. Specify the first domain controller as the destination. Repeat the route analysis for the second domain controller. — C. Review the VPC flow logs on the shared services VPC and the new VPC. — Choosing A and C allows for effective troubleshooting with minimal complexity. A helps analyze the routing paths directly related to the domain controllers, while C provides insight into the traffic flow for both VPCs. Options B and D add more operational overhead without providing as much useful information, and E is unlikely to be the cause of the issue since route propagation typically wouldn't prevent domain joining.

AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 151

Answer options

Correct answer: A, C

Explanation