You are setting up a VPN software on an EC2 Instance that will be used for VPN connections. Which of the following is an important aspect that should be set on the EC2 Instance?

Answer options:

A.Disable source destination check on the Amazon EC2 instance.
B.Enable source destination check on the Amazon EC2 instance.
C.Enable route propagation in a Virtual Private Cloud (VPC) subnet route table.
D.Enable enhanced networking mode on the Amazon EC2 instance.

Answer – A
Option B is incorrect since the source destination check on the Amazon EC2 instance should be disabled.
Option C is incorrect since this is required for Amazon provided VPN connections.
Option D is incorrect since this is not a primary requirement.
You have to Disable source destination check on the Amazon EC2 instance. An example is also given in the AWS Documentation.
To launch an EC2 VPN instance
1.Launch an Amazon Linux instance in a VPC public subnet and do the following:
a)Assign the VPN instance a static private IP address. This is not required, but it makes setting up the config files easier. In this example, use 10.0.0.5.
b)Allocate a VPC EIP and associate an EIP to your VPN instance. In this example, use EIP1 to represent the public EIP address used to connect to your VPC.2. Disable Source/Dest checking on your EC2 instance.
a)Right-click the instance and selecting Change Source/Dest. Check.
b)Click Yes, Disable.
For more an example on setting up a VPN software on an EC2 Instance, please refer to the below URL
https://aws.amazon.com/articles/connecting-cisco-asa-to-vpc-ec2-instance-ipsec/