AWS Certified Advanced Networking – Specialty ANS-C00 – Question407

A company is deploying a network security product that is based on virtual appliances that run on Amazon EC2 instances. The appliances are stateful and inspect request traffic and return traffic. The appliances require visibility to a network flow's bidirectional transaction.
The central appliance VPC is connected to a transit gateway.
A network administrator notices that connections to the appliances are dropped when the traffic crosses Availability Zones. The appliances run behind a Gateway Load Balancer. The appliances are deployed across multiple Availability zones in a central VPC.
What is MOST likely causing the connections to drop?

A.
The transit gateway VPC attachment of the central appliance VPC is configured only for a subnet in a single Availability Zone
B. The transit gateway VPC attachment of the appliance is not configured for appliance mode
C. The route table that is attached to the subnet in one of the Availability Zones is missing a return route to the originating VPC
D. The security group that is attached to one of the appliance instances is blocking traffic to port 6081