New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon ANS-C01 Exam - Topic 1 Question 31 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 31
Topic #: 1
[All ANS-C01 Questions]

A retail company is running its service on AWS. The company's architecture includes Application Load Balancers (ALBs) in public subnets. The ALB target groups are configured to send traffic to backend Amazon EC2 instances in private subnets. These backend EC2 instances can call externally hosted services over the internet by using a NAT gateway.

The company has noticed in its billing that NAT gateway usage has increased significantly. A network engineer needs to find out the source of this increased usage.

Which options can the network engineer use to investigate the traffic through the NAT gateway? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: C

The correct solution is to use an S3 interface endpoint and an on-premises DNS resolver. An S3 interface endpoint allows you to access Amazon S3 using private IP addresses within your VPC. An on-premises DNS resolver can be configured to forward the DNS queries for the S3 domain names to the S3 interface endpoint, so that the on-premises workloads can access Amazon S3 privately over the VPN connection. This solution is operationally efficient, as it does not require any additional infrastructure or changes to the existing workloads. The VPC workloads can continue to use the S3 gateway endpoint, which provides lower latency and higher throughput than the S3 interface endpoint.


by Leanna at Jul 06, 2024, 12:40 PM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Irene
3 months ago
Enabling logs to S3 and using Athena seems like overkill for this issue.
upvoted 0 times
...
Mila
3 months ago
I agree, using CloudWatch Logs Insights is super helpful for analysis.
upvoted 0 times
...
Asha
3 months ago
Wait, can you really use Traffic Mirroring on a NAT gateway? Sounds complicated!
upvoted 0 times
...
Cordelia
4 months ago
I think NAT gateway access logs are more straightforward.
upvoted 0 times
...
Vincenza
4 months ago
Definitely VPC flow logs are a must for this!
upvoted 0 times
...
Natalie
4 months ago
I’m pretty sure NAT gateway access logs are a thing, but I can't recall if they go to CloudWatch or S3. I guess I should consider both options B and E.
upvoted 0 times
...
Novella
4 months ago
I feel like Traffic Mirroring was mentioned in one of our practice questions, but it seems a bit complex for this scenario. I’m leaning towards the flow logs instead.
upvoted 0 times
...
Chauncey
4 months ago
I think option A sounds familiar, but I also recall something about using S3 buckets with Athena for log analysis. Maybe option E is a good choice too?
upvoted 0 times
...
Elouise
5 months ago
I remember we discussed VPC flow logs in class, but I'm not sure if they can be enabled directly on the NAT gateway itself.
upvoted 0 times
...
Luis
5 months ago
Traffic mirroring could be a good way to get a more detailed view of the traffic, but it might be overkill for this particular issue. I'd probably start with the logs first and see if I can find the root cause before resorting to more advanced techniques.
upvoted 0 times
...
Gilma
5 months ago
I think the key here is to use the right tools to analyze the logs. CloudWatch Logs Insights and Athena both sound like good options, but I'm not sure which one would be more appropriate in this case.
upvoted 0 times
...
Luis
5 months ago
I'm a bit confused about the difference between VPC flow logs and NAT gateway access logs. Do I need to enable both to get a complete picture of the traffic?
upvoted 0 times
...
Shannan
5 months ago
This seems like a straightforward question. I'd start by looking at the VPC flow logs and NAT gateway access logs to see if I can identify any patterns or anomalies in the traffic.
upvoted 0 times
...
Mitsue
5 months ago
Okay, I've got this. The capability maturity model is all about assessing process maturity, so the answer has to be B - how well a process is implemented and performing at a given level.
upvoted 0 times
...
Aracelis
5 months ago
I'm unsure about the balancing allowance versus charge—it feels like we calculated this in class but I'm blanking on the details.
upvoted 0 times
...
Louisa
5 months ago
I think the answer might be false positive since that's when legitimate traffic is mistakenly identified as a threat.
upvoted 0 times
...
Milly
5 months ago
Hmm, I think the key here is to focus on the definitions of these terms and how they contribute to making a system more resilient. I'll try to break down each option and see which ones fit best.
upvoted 0 times
...
Josefa
10 months ago
I'd go with options A and B. Simple, effective, and no need to bring in Athena or set up extra infrastructure. Let's keep it clean and efficient, folks.
upvoted 0 times
Sarah
9 months ago
I think focusing on those two options will help us pinpoint the source of the increased NAT gateway usage. Let's go with A and B.
upvoted 0 times
...
Tasia
9 months ago
Definitely, keeping it simple is key. Flow logs and access logs should give us the information we need.
upvoted 0 times
...
Elza
9 months ago
I agree, options A and B seem like the best choices. No need to overcomplicate things.
upvoted 0 times
...
...
Evangelina
10 months ago
Wait, are we sure the increased NAT gateway usage isn't because someone's been mining cryptocurrency on the backend EC2 instances? Just a thought...
upvoted 0 times
...
Doyle
10 months ago
Haha, I'm picturing the network engineer sifting through terabytes of VPC flow logs like a forensic analyst. Options D and E with Athena could work, but they sound a bit more complicated than the CloudWatch options.
upvoted 0 times
Osvaldo
8 months ago
True, it might be worth the extra effort for a deeper analysis.
upvoted 0 times
...
Sharika
8 months ago
But maybe using Athena could provide more detailed insights.
upvoted 0 times
...
Florinda
8 months ago
I agree, using CloudWatch Logs for analysis seems more straightforward.
upvoted 0 times
...
Makeda
9 months ago
Yeah, analyzing VPC flow logs can be quite a task.
upvoted 0 times
...
...
Kenneth
10 months ago
I like the idea of using Traffic Mirroring in option C, but it might be overkill for this use case. Plus, it requires setting up an additional EC2 instance, which adds complexity.
upvoted 0 times
Willie
10 months ago
B: I agree. Enabling NAT gateway access logs in option B could also help in investigating the increased usage.
upvoted 0 times
...
Glory
10 months ago
A: I think option A is a good choice. Flow logs in CloudWatch can provide valuable insights.
upvoted 0 times
...
...
Makeda
10 months ago
I personally prefer option D and E. Using Athena to query and analyze the logs seems more efficient to me.
upvoted 0 times
...
Alita
11 months ago
Options A and B seem like the most straightforward way to investigate the NAT gateway usage. Enabling the logs and using CloudWatch Insights is a pretty simple solution.
upvoted 0 times
...
Svetlana
11 months ago
I agree with you, Evan. Enabling VPC flow logs and NAT gateway access logs will provide valuable insights.
upvoted 0 times
...
Evan
11 months ago
I think option A and B are the best choices to investigate the NAT gateway usage.
upvoted 0 times
...

Save Cancel