AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 92

A company has an AWS Site-to-Site VPN connection between its office and its VPC. Users report occasional failure of the connection to the application that is hosted inside the VPC. A network engineer discovers in the customer gateway logs that the Internet Key Exchange (IKE) session ends when the connection to the application fails.

What should the network engineer do to bring up the IKE session if the IKE session goes down?

Answer options

• A. Set the dead peer detection (DPD) timeout action to Clear. Initiate traffic from the VPC to on premises.
• B. Set the dead peer detection (DPD) timeout action to Restart. Initiate traffic from on premises to the VPC.
• C. Set the dead peer detection (DPD) timeout action to None. Initiate traffic from the VPC to on premises.
• D. Set the dead peer detection (DPD) timeout action to Cancel. Initiate traffic from on premises to the VPC.

Correct answer: B

Explanation

Setting the dead peer detection (DPD) timeout action to Restart allows the VPN connection to attempt to re-establish the IKE session automatically after it has gone down. Initiating traffic from on premises to the VPC ensures that the connection is actively used, prompting the DPD mechanism to check the status of the peer. The other options either do not restart the session or initiate traffic in a way that does not effectively bring up the IKE session.