Amazon Exam ANS-C01 Topic 2 Question 15 Discussion

Actual exam question for Amazon's ANS-C01 exam

Question #: 15
Topic #: 2

A company has a hybrid cloud environment. The company's data center is connected to the AWS Cloud by an AWS Direct Connect connection. The AWS environment includes VPCs that are connected together in a hub-and-spoke model by a transit gateway. The AWS environment has a transit VIF with a Direct Connect gateway for on-premises connectivity.

The company has a hybrid DNS model. The company has configured Amazon Route 53 Resolver endpoints in the hub VPC to allow bidirectional DNS traffic flow. The company is running a backend application in one of the VPCs.

The company uses a message-oriented architecture and employs Amazon Simple Queue Service (Amazon SQS) to receive messages from other applications over a private network. A network engineer wants to use an interface VPC endpoint for Amazon SQS for this architecture. Client services must be able to access the endpoint service from on premises and from multiple VPCs within the company's AWS infrastructure.

Which combination of steps should the network engineer take to ensure that the client applications can resolve DNS for the interface endpoint? (Choose three.)

ACreate the interface endpoint for Amazon SQS with the option for private DNS names turned on.

BCreate the interface endpoint for Amazon SQS with the option for private DNS names turned off.

CManually create a private hosted zone for sqs.us-east-1.amazonaws.com. Add necessary records that point to the interface endpoint. Associate the private hosted zones with other VPCs.

DUse the automatically created private hosted zone for sqs.us-east-1.amazonaws.com with previously created necessary records that point to the interface endpoint. Associate the private hosted zones with other VPCs.

EAccess the SQS endpoint by using the public DNS name sqs.us-east-1 amazonaws.com in VPCs and on premises.

FAccess the SQS endpoint by using the private DNS name of the interface endpoint .sqs.us-east-1.vpce.amazonaws.com in VPCs and on premises.

Show Suggested Answer

Suggested Answer: A, D, F

by Charlene at Oct 18, 2023, 05:48 PM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Margo

2 days ago

Good point. I think the main difference is that with option D, you don't have to manually create the private hosted zone, which could be more convenient. But with option C, you have more control over the DNS setup.

upvoted 0 times

...

Lucina

3 days ago

Hmm, I'm a bit confused about the difference between options C and D. They both mention creating a private hosted zone, but C says to do it manually while D says to use the automatically created one. I wonder what the implications of each approach are.

upvoted 0 times

...

Staci

4 days ago

I agree. The options mention using private DNS names and creating a private hosted zone, so I believe we need to do that to ensure the DNS resolution works.

upvoted 0 times

...

Kristel

5 days ago

This question seems to be testing our understanding of how to configure DNS for an interface VPC endpoint. I think the key is to ensure that the client applications can resolve the DNS for the SQS endpoint, both from on-premises and from the multiple VPCs.

upvoted 0 times

...