Amazon ANS-C01 Exam - Topic 2 Question 15 Discussion

Actual exam question for Amazon's ANS-C01 exam

Question #: 15
Topic #: 2

A company has a hybrid cloud environment. The company's data center is connected to the AWS Cloud by an AWS Direct Connect connection. The AWS environment includes VPCs that are connected together in a hub-and-spoke model by a transit gateway. The AWS environment has a transit VIF with a Direct Connect gateway for on-premises connectivity.

The company has a hybrid DNS model. The company has configured Amazon Route 53 Resolver endpoints in the hub VPC to allow bidirectional DNS traffic flow. The company is running a backend application in one of the VPCs.

The company uses a message-oriented architecture and employs Amazon Simple Queue Service (Amazon SQS) to receive messages from other applications over a private network. A network engineer wants to use an interface VPC endpoint for Amazon SQS for this architecture. Client services must be able to access the endpoint service from on premises and from multiple VPCs within the company's AWS infrastructure.

Which combination of steps should the network engineer take to ensure that the client applications can resolve DNS for the interface endpoint? (Choose three.)

ACreate the interface endpoint for Amazon SQS with the option for private DNS names turned on.

BCreate the interface endpoint for Amazon SQS with the option for private DNS names turned off.

CManually create a private hosted zone for sqs.us-east-1.amazonaws.com. Add necessary records that point to the interface endpoint. Associate the private hosted zones with other VPCs.

DUse the automatically created private hosted zone for sqs.us-east-1.amazonaws.com with previously created necessary records that point to the interface endpoint. Associate the private hosted zones with other VPCs.

EAccess the SQS endpoint by using the public DNS name sqs.us-east-1 amazonaws.com in VPCs and on premises.

FAccess the SQS endpoint by using the private DNS name of the interface endpoint .sqs.us-east-1.vpce.amazonaws.com in VPCs and on premises.

Show Suggested Answer

Suggested Answer: A, D, F

by Charlene at Oct 18, 2023, 05:48 PM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Sharee

3 months ago

F is the best option for accessing the endpoint securely.

upvoted 0 times

...

Carmela

3 months ago

Wait, can you really use public DNS for SQS? That seems risky!

upvoted 0 times

...

Roselle

3 months ago

C sounds a bit complicated, not sure it's necessary.

upvoted 0 times

...

Nathalie

4 months ago

I think D makes more sense, though.

upvoted 0 times

...

Gracia

4 months ago

A is definitely the way to go for private DNS!

upvoted 0 times

...

Beckie

4 months ago

I’m a bit confused about the public DNS access. I thought we should avoid using public DNS for internal communication, so option E seems wrong to me.

upvoted 0 times

...

Cherry

4 months ago

I feel like we practiced a question similar to this where using the automatically created private hosted zone was the right choice. So, option D might be the way to go here.

upvoted 0 times

...

Regenia

4 months ago

I'm not entirely sure about the private hosted zone part. I think we might need to manually create one if we want to control the records, which makes option C seem plausible.

upvoted 0 times

...

Jaleesa

5 months ago

I remember we discussed the importance of enabling private DNS names for interface endpoints, so I think option A is definitely a step we should take.

upvoted 0 times

...

Dorothea

5 months ago

The question is really testing our understanding of hybrid cloud networking and DNS resolution. I'll need to carefully read through all the details and make sure I understand the full architecture before deciding on the right steps.

upvoted 0 times

...

Precious

5 months ago

Hmm, I'm not sure about turning off the private DNS names for the interface endpoint. That seems like it would prevent the clients from being able to resolve the endpoint properly. I think the right approach is to enable private DNS and manage the hosted zones.

upvoted 0 times

...

Jacqueline

5 months ago

I feel pretty confident about this one. The key is to set up the interface endpoint with private DNS names enabled, and then create/associate the necessary private hosted zones across the VPCs. That should allow the client apps to resolve the DNS properly.

upvoted 0 times

...

Lazaro

5 months ago

This question looks pretty complex, but I think I can break it down step-by-step. Let me think this through carefully.

upvoted 0 times

...

Lai

5 months ago

Okay, I'm a bit confused by all the different networking components involved here. I'll need to really focus on understanding the details of the hybrid cloud environment and how the DNS resolution is supposed to work.

upvoted 0 times

...

Solange

5 months ago

This question seems straightforward, but I want to make sure I understand the details of the vSAN cluster and the maintenance mode options before answering.

upvoted 0 times

...

Brynn

5 months ago

Hmm, I'm a bit unsure about this one. Removing all public IP addresses could be tricky, and I'll need to make sure the SREs can still access the bastion host remotely. I'll need to think through the pros and cons of each option.

upvoted 0 times

...

Glory

5 months ago

I feel pretty confident about this. The question gives us all the necessary information to calculate the maximum exclusion. Time to put my tax knowledge to the test!

upvoted 0 times

...

Bronwyn

5 months ago

This seems like a straightforward question, I'll just read through the options carefully and select the one that best fits the prompt.

upvoted 0 times

...

Margo

2 years ago

Good point. I think the main difference is that with option D, you don't have to manually create the private hosted zone, which could be more convenient. But with option C, you have more control over the DNS setup.

upvoted 0 times

...

Lucina

2 years ago

Hmm, I'm a bit confused about the difference between options C and D. They both mention creating a private hosted zone, but C says to do it manually while D says to use the automatically created one. I wonder what the implications of each approach are.

upvoted 0 times

...

Staci

2 years ago

I agree. The options mention using private DNS names and creating a private hosted zone, so I believe we need to do that to ensure the DNS resolution works.

upvoted 0 times

...

Kristel

2 years ago

This question seems to be testing our understanding of how to configure DNS for an interface VPC endpoint. I think the key is to ensure that the client applications can resolve the DNS for the SQS endpoint, both from on-premises and from the multiple VPCs.

upvoted 0 times

...