AWS Certified Security – Specialty — Question 140

A Security Engineer is troubleshooting a connectivity issue between a web server that is writing log files to the logging server in another VPC. The Engineer has confirmed that a peering relationship exists between the two VPCs. VPC flow logs show that requests sent from the web server are accepted by the logging server, but the web server never receives a reply.
Which of the following actions could fix this issue?

Answer options

• A. Add an inbound rule to the security group associated with the logging server that allows requests from the web server.
• B. Add an outbound rule to the security group associated with the web server that allows requests to the logging server.
• C. Add a route to the route table associated with the subnet that hosts the logging server that targets the peering connection.
• D. Add a route to the route table associated with the subnet that hosts the web server that targets the peering connection.

Correct answer: C

Explanation

The correct answer is C because adding a route to the route table associated with the logging server's subnet ensures that replies can be sent back through the peering connection to the web server. Options A and B focus on security group rules, which do not address the routing of response traffic. Option D is irrelevant as it pertains to the web server's subnet rather than the logging server's subnet.