Amazon ANS-C01 Exam - Topic 1 Question 5 Discussion

Actual exam question for Amazon's ANS-C01 exam

Question #: 5
Topic #: 1

A company plans to deploy a two-tier web application to a new VPC in a single AWS Region. The company has configured the VPC with an internet gateway and four subnets. Two of the subnets are public and have default routes that point to the internet gateway. Two of the subnets are private and share a route table that does not have a default route.

The application will run on a set of Amazon EC2 instances that will be deployed behind an external Application Load Balancer. The EC2 instances must not be directly accessible from the internet. The application will use an Amazon S3 bucket in the same Region to store dat

a. The application will invoke S3 GET API operations and S3 PUT API operations from the EC2 instances. A network engineer must design a VPC architecture that minimizes data transfer cost.

Which solution will meet these requirements?

ADeploy the EC2 instances in the public subnets. Create an S3 interface endpoint in the VPC. Modify the application configuration to use the S3 endpoint-specific DNS hostname.

BDeploy the EC2 instances in the private subnets. Create a NAT gateway in the VPC. Create default routes in the private subnets to the NAT gateway. Connect to Amazon S3 by using the NAT gateway.

CDeploy the EC2 instances in the private subnets. Create an S3 gateway endpoint in the VPSpecify die route table of the private subnets during endpoint creation to create routes to Amazon S3.

DDeploy the EC2 instances in the private subnets. Create an S3 interface endpoint in the VPC. Modify the application configuration to use the S3 endpoint-specific DNS hostname.

Show Suggested Answer

Suggested Answer: C

Option C is the optimal solution as it involves deploying the EC2 instances in the private subnets, which provides additional security benefits. Additionally, creating an S3 gateway endpoint in the VPC will enable the EC2 instances to communicate with Amazon S3 directly, without incurring data transfer costs. This is because the S3 gateway endpoint uses Amazon's private network to transfer data between the VPC and S3, which is not charged for data transfer. Furthermore, specifying the route table of the private subnets during endpoint creation will create routes to Amazon S3, which is required for the EC2 instances to communicate with S3.

by Casie at Mar 22, 2023, 07:01 AM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Elfrieda

4 months ago

Definitely going with C, it keeps things secure and efficient.

upvoted 0 times

...

Lanie

4 months ago

Public subnets for EC2? That sounds risky!

upvoted 0 times

...

Cyril

4 months ago

Wait, can you really use an S3 gateway endpoint in a private subnet?

upvoted 0 times

...

Mable

4 months ago

I disagree, I think B is more straightforward.

upvoted 0 times

...

Victor

4 months ago

Option C is the best choice for minimizing costs.

upvoted 0 times

...

Marya

5 months ago

I'm a bit confused about the differences between the S3 gateway and interface endpoints. I think the gateway endpoint is the one that would work for the private subnets, but I need to double-check that.

upvoted 0 times

...

Lashaunda

5 months ago

I practiced a similar question where we had to decide between using a NAT gateway and an S3 endpoint. I feel like using an S3 interface endpoint might not be necessary here since we have a gateway option.

upvoted 0 times

...

Phung

5 months ago

I think option C sounds familiar because it mentions creating an S3 gateway endpoint, which might be the right choice since it allows direct access to S3 without going through the internet.

upvoted 0 times

...

Jennifer

5 months ago

I remember that deploying EC2 instances in private subnets is a common practice to enhance security, but I'm not sure if using a NAT gateway is the best option for minimizing costs.

upvoted 0 times

...

Gertude

5 months ago

I feel like option A is not right since it puts the EC2 instances in public subnets, which contradicts the requirement of them not being directly accessible from the internet.

upvoted 0 times

...

Louann

5 months ago

I practiced a similar question where we had to decide between using NAT or endpoints for S3 access, but I can't recall the exact details about the differences in costs.

upvoted 0 times

...

Wendell

5 months ago

I think option C sounds familiar because it mentions creating an S3 gateway endpoint, which should help with minimizing data transfer costs.

upvoted 0 times

...

Felicidad

5 months ago

I remember that deploying EC2 instances in private subnets is generally a good practice for security, but I'm not sure if using a NAT gateway is the most cost-effective option.

upvoted 0 times

...

Gail

5 months ago

Okay, let's see. The first requirement is for a dedicated mailbox and email sending/receiving through the enterprise's own server. That sounds like a mail server to me.

upvoted 0 times

...

Dorothy

5 months ago

Hmm, I'm not too familiar with MaxCompute, so I'll need to think this through carefully. Let me read the options again and see which ones seem most accurate.

upvoted 0 times

...

Alberta

5 months ago

Okay, from what I remember, the upgrade just replaces the managed package metadata, so the data and extensions should be safe. I'll make sure to review the release notes to confirm, but I think B and C are the correct answers.

upvoted 0 times

...