AWS Certified Advanced Networking – Specialty ANS-C00 – Question380

A company wants to conduct a proof of concept for an SAP HANA application with a key objective to automate the provisioning of infrastructure and the application. The company operates a hybrid cloud infrastructure with AWS Direct Connect between its data center and VPC. Security policy dictates that all traffic from AWS be routed through on-premises data center firewalls. Security policy also prohibits the use of a VPC internet gateway for internet access. The company enforces use of a forward proxy server for all outbound network traffic. All resources inside the VPC are able to reach on-premises servers.
All Amazon EC2 Linux instances require package updates over the internet. However, the updates are falling and sending errors.
What would cause these errors?

A.
Inbound security groups are configured incorrectly on the EC2 instances running in the VPC.
B. The VPC route table does not have entries for the proxy server in the data center.
C. The EC2 instances are not configured to use the proxy running in the data center for traffic on TCP port 80.
D. The data center firewall is blocking all traffic sent from the VPC CIDR range destined for 0.0.0.0/0.