Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon ANS-C01 Exam - Topic 1 Question 51 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 51
Topic #: 1
[All ANS-C01 Questions]

A software-as-a-service (SaaS) provider hosts its solution on Amazon EC2 instances within a VPC in the AWS Cloud. All of the provider's customers also have their environments in the AWS Cloud.

A recent design meeting revealed that the customers have IP address overlap with the provider's AWS deployment. The customers have stated that they will not share their internal IP addresses and that they do not want to connect to the provider's SaaS service over the internet.

Which combination of steps is part of a solution that meets these requirements? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: A, B

NLB for creating the private link which solves the overlapping IP address issue and the SaaS service endpoint behind it. (the SaaS endpoint could be an ALB) https://aws.amazon.com/about-aws/whats-new/2021/09/application-load-balancer-aws-privatelink-static-ip-addresses-network-load-balancer/


by Junita at Jun 13, 2025, 07:25 PM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Paz
4 months ago
Wait, can they really not share their IPs? That's a bit odd.
upvoted 0 times
...
Rocco
4 months ago
A Network Load Balancer? Seems unnecessary for this case.
upvoted 0 times
...
Rebbeca
4 months ago
I think E could work too, but not sure about the complexity.
upvoted 0 times
...
Lavera
5 months ago
Peering might not be the best option with overlapping IPs.
upvoted 0 times
...
Shanice
5 months ago
Option B is definitely a solid choice for this scenario.
upvoted 0 times
...
Yolande
5 months ago
I feel like using a Network Load Balancer could be relevant, but I can't recall if it directly addresses the IP overlap problem.
upvoted 0 times
...
Jacquelyne
5 months ago
I practiced a similar question where we had to use a Transit Gateway. It seems like E might be a good choice, but I'm not completely confident.
upvoted 0 times
...
Jenifer
5 months ago
I think option B sounds familiar; configuring an endpoint service could help with the IP overlap issue.
upvoted 0 times
...
Leatha
6 months ago
I remember something about VPC peering, but I'm not sure if it's the best option here since the customers won't share their IPs.
upvoted 0 times
...
Precious
6 months ago
Tricky one! I'm a bit unsure about the best approach, but I'll carefully review the requirements and the AWS networking services to come up with a solid solution.
upvoted 0 times
...
Jin
6 months ago
Ah, this is a classic VPC connectivity problem. I bet the Network Load Balancer or Application Load Balancer options could work well here, especially if we configure them properly.
upvoted 0 times
...
Paulene
6 months ago
Okay, so we need to keep the SaaS service isolated from the internet and allow the customers to connect privately. I'm leaning towards the endpoint service approach, but I'll double-check the other options too.
upvoted 0 times
...
Gail
6 months ago
Hmm, the IP address overlap is a key challenge here. I'm thinking an AWS Transit Gateway could be a good solution to connect the VPCs without exposing the internal IPs.
upvoted 0 times
...
Jeanice
7 months ago
This looks like a tricky one. I'll need to think through the requirements carefully and consider the different AWS networking options.
upvoted 0 times
...
Georgene
9 months ago
I think we should also consider deploying an AWS Transit Gateway to connect the SaaS VPC and share it with the customers for routing.
upvoted 0 times
...
Mica
10 months ago
Ah, the joys of IP address overlap. B and E are the way to go, unless you want to end up in a tangled web of VPC peering and routing tables.
upvoted 0 times
Kattie
9 months ago
Agreed, B and E seem like the most efficient options to avoid the headache of VPC peering and routing complications.
upvoted 0 times
...
Valentine
9 months ago
E) Deploy an AWS Transit Gateway, and connect the SaaS VPC to it. Share the transit gateway with the customers. Configure routing on the transit gateway.
upvoted 0 times
...
Elli
9 months ago
B) Configure an endpoint service, and grant the customers permission to create a connection to the endpoint service.
upvoted 0 times
...
...
Julian
10 months ago
Haha, good thing the customers don't want to use the internet. Imagine trying to troubleshoot all those NAT gateways! B and E for the win!
upvoted 0 times
Alexis
9 months ago
Definitely! It's great that the customers are on board with those options. It will make the setup much smoother.
upvoted 0 times
...
Fletcher
10 months ago
Yeah, NAT gateways can be a headache. Using an endpoint service and a Transit Gateway sounds like a solid solution.
upvoted 0 times
...
...
Lilli
10 months ago
I agree with Buck. It will help in ensuring secure connectivity without sharing internal IP addresses.
upvoted 0 times
...
Alline
10 months ago
I agree, B and E are the best choices here. Keeping the traffic off the public internet and using private connections is crucial for this use case.
upvoted 0 times
...
Tamala
10 months ago
Options B and E seem like the way to go. Connecting the SaaS service to a private endpoint and using a transit gateway to link the customer VPCs is a solid approach.
upvoted 0 times
Celestine
9 months ago
Agreed. It's important to maintain security and privacy while still allowing the necessary connections between the provider and customers.
upvoted 0 times
...
Stevie
10 months ago
That sounds like a good plan. Keeping the connections private and using a transit gateway for routing is a smart move.
upvoted 0 times
...
Valentin
10 months ago
E) Deploy an AWS Transit Gateway, and connect the SaaS VPC to it. Share the transit gateway with the customers. Configure routing on the transit gateway.
upvoted 0 times
...
Roxanne
10 months ago
B) Configure an endpoint service, and grant the customers permission to create a connection to the endpoint service.
upvoted 0 times
...
...
Buck
10 months ago
I think we should deploy the SaaS service endpoint behind a Network Load Balancer.
upvoted 0 times
...

Save Cancel