You are troubleshooting network connectivity issues between two VMs deployed in AWS.
One VM is a FortiGate located on subnet "LAN" that is part of the VPC "Encryption". The other VM is a Windows server located on the subnet "servers" which is also in the "Encryption" VPC. You are unable to ping the Windows server from FortiGate.
What are two reasons for this? (Choose two.)
A, D are correct
The two most likely reasons why you are unable to ping the Windows server from FortiGate in this scenario are: The firewall in the Windows VM is blocking the traffic. By default, the Windows firewall might block ICMP traffic (ping). You will need to check the firewall settings on the Windows server to allow ICMP. Add an inbound allow ICMP rule in the security group attached to the Windows server. Security groups in AWS control traffic to instances, and by default, they do not allow ICMP (ping) traffic unless an explicit rule is added. You would need to add a rule to allow ICMP traffic in the security group associated with the Windows server. These two reasons are common causes for network connectivity issues between instances in AWS.
A, C by research.
Other options are less likely because: NACLs (B): The default network ACL in a default VPC typically allows all inbound and outbound traffic, so this is unlikely to be the root cause unless custom NACL rules were explicitly added to block ICMP. Default AWS Behavior (C): There is no inherent AWS-wide restriction that disallows ICMP traffic between subnets within the same VPC. Traffic is generally allowed unless explicitly blocked by security groups, NACLs, or host-level firewalls.