Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam ANS-C01 Topic 1 Question 25 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 25
Topic #: 1
[All ANS-C01 Questions]

A company is deploying a new stateless web application on AWS. The web application will run on Amazon EC2 instances in private subnets behind an Application Load Balancer. The EC2 instances are in an Auto Scaling group. The web application has a stateful management application for administration that will run on EC2 instances that are in a separate Auto Scaling group.

The company wants to access the management application by using the same URL as the web application, with a path prefix of /management. The protocol, hostname, and port number must be the same for the web application and the management application. Access to the management application must be restricted to the company's on-premises IP address space. An SSL/TLS certificate from AWS Certificate Manager (ACM) will protect the web application.

Which combination of steps should a network engineer take to meet these requirements? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: B

Creating a new Route 53 Resolver outbound endpoint in the shared services VPC would enable forwarding of DNS queries from the VPC to on-premises1.Creating forwarding rules for the on-premises hosted domains would enable specifying which domain names are forwarded to the on-premises DNS servers2.Associating the rules with the new Resolver endpoint and each application VPC would enable applying the rules to the VPCs2.This solution would not affect the default DNS resolution behavior of Route 53 Resolver for local VPC domain names and domains that are hosted in Route 53 private hosted zones3.


by Rosina at May 02, 2024, 12:59 AM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Gayla
30 days ago
I can't believe they're even considering these options. It's like they're trying to make a secure system by throwing darts at a wall of AWS features.
upvoted 0 times
Jeffrey
2 days ago
Yeah, Option A definitely stands out as the most logical choice. It's important to have a clear plan when setting up a system like this.
upvoted 0 times
...
Lon
10 days ago
I agree, Option A is the way to go. It's important to have the right configuration for security.
upvoted 0 times
...
Novella
19 days ago
Option A seems like the best choice to me. It covers all the requirements and seems the most secure.
upvoted 0 times
...
...
Kattie
1 months ago
E? Really? Disabling stickiness for the web app? That's just asking for trouble. Not a chance.
upvoted 0 times
Kristofer
8 days ago
C) Insert a rule for the load balancer HTTPS listener. Configure the rule to check the path-pattern condition type for the /management prefix and to check the X-Forwarded-For HTTP header for the on-premises IP address space. Forward requests to the management application target group if there is a match. Enable group-level stickiness in the rule attributes.
upvoted 0 times
...
Lyda
9 days ago
B) Modify the default rule for the load balancer HTTPS listener. Configure the rule to check the path-pattern condition type for the /management prefix and to check the source-Ip condition type for the on-premises IP address space. Forward requests to the management application target group if there is not a match. Enable group-level stickiness in the rule attributes.
upvoted 0 times
...
Tien
10 days ago
A) Insert a rule for the load balancer HTTPS listener. Configure the rule to check the path-pattern condition type for the /management prefix and to check the source-ip condition type for the on-premises IP address space. Forward requests to the management application target group if there is a match. Edit the management application target group and enable stickiness.
upvoted 0 times
...
...
Jaime
1 months ago
D is an interesting idea, but forwarding the management app to the web app target group doesn't seem quite right. We want to keep them separate.
upvoted 0 times
...
Eun
2 months ago
I'm not sure, but I think option B could also be a valid choice.
upvoted 0 times
...
Alba
2 months ago
C looks interesting, but I'm not a fan of relying on the X-Forwarded-For header for IP verification. That could be easily spoofed.
upvoted 0 times
Elin
30 days ago
User 2: Definitely, we need a more secure way to restrict access to the management application.
upvoted 0 times
...
Deandrea
1 months ago
User 1: I agree, relying on the X-Forwarded-For header for IP verification is risky.
upvoted 0 times
...
...
Lashandra
2 months ago
I agree with Alishia. Those steps seem to meet all the requirements.
upvoted 0 times
...
Glennis
2 months ago
I'm not sure about B. Modifying the default rule to handle the management app doesn't seem as clean as having a dedicated rule for it.
upvoted 0 times
...
Alishia
2 months ago
I think the correct steps are A and C.
upvoted 0 times
...
Johnna
2 months ago
Hmm, I think option A is the way to go. Separating the management application into its own target group and using path-based routing to restrict access to the on-premises IP space seems like a solid approach.
upvoted 0 times
...

Save Cancel