Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon ANS-C01 Exam - Topic 3 Question 50 Discussion

A company has workloads that run in a VPC. The workloads access Amazon S3 by using an S3 gateway endpoint. The company also has on-premises workloads that need to access AmazonS3 privately over a VPN connection. The company has established the VPN connection to the VPC.Which solution will provide connectivity to Amazon S3 from the VPC workloads and the on-premises workloads in the MOST operationally efficient way?
C) Create an S3 interface endpoint. Configure an on-premises DNS resolver to resolve the S3 DNS names to the private IP addresses of the S3 interface endpoint. Use the S3 interface endpoint to access Amazon S3. Continue to use the S3 gateway endpoint for the VPC workloads to access Amazon S3.
A) Deploy a proxy fleet of Amazon EC2 instances in the VPC behind an Application Load Balancer (ALB). Configure the on-premises workloads to use the ALB as the proxy server to connect to Amazon S3. Configure the proxy fleet to use the S3 gateway endpoint to connect to Amazon S3.
B) Delete the S3 gateway endpoint. Create an S3 interface endpoint. Deploy a proxy fleet of Amazon EC2 instances in the VPC behind an Application Load Balancer (ALB). Configure the on-premises workloads to use the ALB as the proxy server to connect to Amazon S3. Configure the proxy fleet and the VPC workloads to use the S3 interface endpoint to connect to Amazon S3.
D) Set up an AWS Direct Connect connection. Create a public VIF. Configure on-premises routing to route the S3 traffic over the public VIF. Make no changes to the on-premises workloads. Continue to use the S3 gateway endpoint for the VPC workloads to access Amazon S3.

Amazon ANS-C01 Exam - Topic 3 Question 50 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 50
Topic #: 3
[All ANS-C01 Questions]

A company has workloads that run in a VPC. The workloads access Amazon S3 by using an S3 gateway endpoint. The company also has on-premises workloads that need to access Amazon

S3 privately over a VPN connection. The company has established the VPN connection to the VPC.

Which solution will provide connectivity to Amazon S3 from the VPC workloads and the on-premises workloads in the MOST operationally efficient way?

Show Suggested Answer Hide Answer
Suggested Answer: C

The correct solution is to use an S3 interface endpoint and an on-premises DNS resolver. An S3 interface endpoint allows you to access Amazon S3 using private IP addresses within your VPC. An on-premises DNS resolver can be configured to forward the DNS queries for the S3 domain names to the S3 interface endpoint, so that the on-premises workloads can access Amazon S3 privately over the VPN connection. This solution is operationally efficient, as it does not require any additional infrastructure or changes to the existing workloads. The VPC workloads can continue to use the S3 gateway endpoint, which provides lower latency and higher throughput than the S3 interface endpoint.


by Nobuko at Apr 30, 2025, 02:07 PM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Garry
5 months ago
C keeps it simple while still addressing both workloads.
upvoted 0 times
...
Marguerita
6 months ago
Surprised that A is even an option, seems overly complicated!
upvoted 0 times
...
Louisa
6 months ago
Option C seems like the best choice for efficiency.
upvoted 0 times
...
Lorrie
6 months ago
B would require too many changes, not ideal.
upvoted 0 times
...
Shawnta
6 months ago
I disagree, I think D is more straightforward.
upvoted 0 times
...
Craig
6 months ago
I’m leaning towards option D since it mentions Direct Connect, which seems like a solid solution for on-premises access, but I’m not entirely sure about the public VIF part.
upvoted 0 times
...
Ronnie
7 months ago
I practiced a similar question where we had to decide between gateway and interface endpoints. I feel like option A might be overcomplicating things with the proxy fleet.
upvoted 0 times
...
Kenny
7 months ago
I think option C sounds familiar because it mentions using a DNS resolver, but I’m a bit confused about how that would work with the gateway endpoint for VPC workloads.
upvoted 0 times
...
Dustin
7 months ago
I remember studying about VPC endpoints and how they can help with private connectivity to S3, but I'm not sure if the interface endpoint is the best choice here.
upvoted 0 times
...
Emiko
7 months ago
I'm leaning towards Option C. Using the S3 interface endpoint for the on-premises workloads and keeping the S3 gateway endpoint for the VPC workloads seems like a good balance.
upvoted 0 times
...
Carry
7 months ago
Option B seems promising, but I'm not sure if deleting the existing S3 gateway endpoint is the best approach. I'll need to weigh the pros and cons of each option.
upvoted 0 times
...
Mira
8 months ago
Okay, I think I've got a strategy here. The key is to find the most operationally efficient solution that provides connectivity for both the VPC and on-premises workloads.
upvoted 0 times
...
Tora
8 months ago
Hmm, I'm a bit confused by the different endpoint types and how they interact with the on-premises workloads. I'll need to review the details more closely.
upvoted 0 times
...
Pura
8 months ago
This looks like a tricky question. I'll need to carefully consider the different options and their implications.
upvoted 0 times
...
Lucia
12 months ago
I think option C could be a good alternative, using the S3 interface endpoint.
upvoted 0 times
...
Alfreda
12 months ago
Ah, the age-old debate of gateway vs. interface endpoints. Option B is like trying to fix a leaky faucet with duct tape. Option C is the plumber's solution - clean and effective.
upvoted 0 times
Helaine
11 months ago
Definitely, using the S3 interface endpoint with on-premises DNS resolver is the way to go.
upvoted 0 times
...
Marsha
11 months ago
I agree, Option C with the S3 interface endpoint seems like the best approach.
upvoted 0 times
...
Miriam
12 months ago
Option B seems like a temporary fix, not a long-term solution.
upvoted 0 times
...
...
Glory
1 year ago
Proxy servers? Load balancers? What is this, the 90s? Option C is the way to go, my dudes. Keep it simple, keep it secure.
upvoted 0 times
...
Florencia
1 year ago
Wait, we're using AWS Direct Connect now? That's a bit overkill, don't you think? I'd go with option C - the S3 interface endpoint setup seems like the most efficient solution.
upvoted 0 times
Elena
11 months ago
Yeah, the S3 interface endpoint setup in option C sounds like the best choice for efficiency.
upvoted 0 times
...
Isreal
11 months ago
I agree, setting up AWS Direct Connect seems like too much for this scenario.
upvoted 0 times
...
...
Janessa
1 year ago
Ah, the classic proxy server approach. Option A could work, but I feel like the overhead of the proxy fleet might be overkill here. Option C is more streamlined in my opinion.
upvoted 0 times
Lemuel
11 months ago
Let's go with Option C then, it seems like the best choice for our setup.
upvoted 0 times
...
Kati
12 months ago
Option C does seem like a cleaner approach to handle the connectivity.
upvoted 0 times
...
Suzi
12 months ago
Yeah, I think Option C is a simpler and more efficient solution.
upvoted 0 times
...
Dong
1 year ago
I agree, Option A seems like it might be a bit too much to manage.
upvoted 0 times
...
...
Danilo
1 year ago
I like the simplicity of option C. Using the S3 interface endpoint for on-premises and the existing S3 gateway for the VPC workloads is a clean and straightforward approach.
upvoted 0 times
Alita
12 months ago
Definitely, using the S3 interface endpoint for on-premises and the S3 gateway for VPC workloads is a smart solution.
upvoted 0 times
...
Arminda
12 months ago
I agree, it keeps things simple and efficient.
upvoted 0 times
...
Hillary
1 year ago
Option C seems like the best choice for this scenario.
upvoted 0 times
...
...
Santos
1 year ago
But option A uses the S3 gateway endpoint, which is already in place.
upvoted 0 times
...
Luisa
1 year ago
I disagree, I believe option B is more efficient.
upvoted 0 times
...
Jarvis
1 year ago
The proxy fleet solution in option B seems like the most operationally efficient way to handle both the VPC and on-premises workloads. The S3 interface endpoint allows for better control and security.
upvoted 0 times
Stephane
12 months ago
User 2
upvoted 0 times
...
Renato
1 year ago
User 1
upvoted 0 times
...
...
Santos
1 year ago
I think option A is the best solution.
upvoted 0 times
...

Save Cancel