New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon ANS-C01 Exam - Topic 2 Question 18 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 18
Topic #: 2
[All ANS-C01 Questions]

An organization is using a VPC endpoint for Amazon S3. When the security group rules for a set of instances were initially configured, access was restricted to allow traffic only to the IP addresses of the Amazon S3 API endpoints in the region from the published JSON file. The application was working properly, but now is logging a growing number of timeouts when connecting with Amazon S3. No internet gateway is configured for the VPC.

Which solution will fix the connectivity failures with the LEAST amount of effort?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Herminia at Dec 23, 2023, 06:58 PM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Aileen
3 months ago
Wait, why would you need an additional VPC endpoint? That seems unnecessary!
upvoted 0 times
...
Lelia
3 months ago
Option B could also work, but it sounds more complex.
upvoted 0 times
...
Brice
3 months ago
Not so sure about that, what if the prefix-list changes again?
upvoted 0 times
...
Tijuana
4 months ago
Totally agree, C makes the most sense here!
upvoted 0 times
...
Hyun
4 months ago
I think option C is the easiest fix. Just update the security group.
upvoted 0 times
...
Antonio
4 months ago
I feel like adding another VPC endpoint could help with scaling, but I'm not convinced it's the least effort solution.
upvoted 0 times
...
Stephania
4 months ago
I practiced a similar question where we had to deal with VPC endpoints, and I think creating a Lambda function sounds like overkill for this situation.
upvoted 0 times
...
Sabine
4 months ago
I’m not entirely sure, but I think updating the security group might be more straightforward than messing with routing tables.
upvoted 0 times
...
Buck
5 months ago
I remember something about prefix lists being easier to manage than individual IP addresses, so maybe option C is the way to go?
upvoted 0 times
...
Yvonne
5 months ago
Ah, I see what's going on now. The security group rules are outdated, and we need a way to keep them up-to-date automatically. Option A with the Lambda function seems like the most efficient approach.
upvoted 0 times
...
Harris
5 months ago
Okay, I think I've got it. The issue is that the security group rules are too restrictive, and we need to update the routing to use the VPC endpoint properly. Option B looks like the cleanest solution.
upvoted 0 times
...
Lilli
5 months ago
Hmm, the key here is to find the solution that requires the least amount of effort. I think option B might be the way to go, but I'll need to double-check the details.
upvoted 0 times
...
Stephen
5 months ago
This seems like a tricky one. I'm not sure if I fully understand the problem yet, but I'll try to break it down step-by-step.
upvoted 0 times
...
Lashawnda
5 months ago
This is a good one. I'm leaning towards option C, since it seems the most straightforward way to update the security group rules without having to deal with the routing or additional VPC endpoints.
upvoted 0 times
...
Sharmaine
5 months ago
Hmm, this looks like it's testing my understanding of how the Deep Security policy settings work. I'll need to carefully read through the options and think about the differences between inherited and explicitly set module states.
upvoted 0 times
...
Carmen
5 months ago
I'm a bit confused about how the gifts to the charity affect the taxable amount. I thought charitable gifts were fully deductible, so maybe that means it would be 0?
upvoted 0 times
...
Shenika
5 months ago
Hmm, I'm not sure about this one. I know Proof of Work is the most well-known, but I've heard Proof of Stake is gaining traction for sustainability. I'll have to think this through carefully.
upvoted 0 times
...
Tatum
10 months ago
I'd just tell the application to stop timing out. Problem solved! But in all seriousness, C looks like the way to go.
upvoted 0 times
Portia
8 months ago
Let's go with C then.
upvoted 0 times
...
Cecil
8 months ago
I agree, updating the application server's outbound security group seems like the simplest solution.
upvoted 0 times
...
Carol
9 months ago
I think C is the best option here.
upvoted 0 times
...
...
Billye
10 months ago
You know, this reminds me of that time I accidentally locked myself out of my own VPC. Good times. Anyway, I'm with the crowd on C - keep it simple, silly!
upvoted 0 times
Albert
9 months ago
I agree, let's go with option C.
upvoted 0 times
...
Rikki
9 months ago
Yeah, updating the outbound security group sounds like the easiest solution.
upvoted 0 times
...
Kandis
9 months ago
I think C is the way to go. Keep it simple.
upvoted 0 times
...
...
Lorita
10 months ago
I'd be careful with that Lambda function idea. Seems like adding another moving part might just complicate things further. C looks like the way to go here.
upvoted 0 times
...
Teddy
10 months ago
Hmm, I see what they're getting at. Updating the routing table might be a bit overkill. I'm leaning towards C as well, seems the most straightforward solution.
upvoted 0 times
Gennie
8 months ago
Creating a Lambda function might be too complex for this issue.
upvoted 0 times
...
Ezekiel
8 months ago
I'm not sure, but updating the security group does sound like a good idea.
upvoted 0 times
...
Helene
9 months ago
Agreed, it seems like the simplest solution.
upvoted 0 times
...
Royce
10 months ago
I think C is the best option here.
upvoted 0 times
...
...
Justine
10 months ago
I'm not sure, but creating a Lambda function to update the security group also sounds like a good solution.
upvoted 0 times
...
Rocco
10 months ago
I agree with Carri, that option seems like it would require the least amount of effort.
upvoted 0 times
...
Carri
10 months ago
I think the best solution is to update the VPC routing to direct Amazon S3 traffic to the VPC endpoint.
upvoted 0 times
...
Kimbery
11 months ago
Ah, the good old AWS VPC endpoint debacle. Classic networking challenge right here. I'm going with option C - updating the security group seems like the quickest fix to me.
upvoted 0 times
Sueann
9 months ago
Maybe, but updating the security group is the quickest solution.
upvoted 0 times
...
Brianne
9 months ago
But wouldn't creating a Lambda function be more efficient?
upvoted 0 times
...
Royce
9 months ago
I agree, updating the security group should do the trick.
upvoted 0 times
...
Loise
10 months ago
Option C sounds like the easiest fix.
upvoted 0 times
...
...
Cherrie
11 months ago
That could work too, but I think updating the application server's outbound security group might be a quicker solution.
upvoted 0 times
...
Jerilyn
11 months ago
I disagree, I believe creating a Lambda function to update the security group based on AmazonIPSpaceChanged notifications is the easiest fix.
upvoted 0 times
...
Cherrie
11 months ago
I think the best solution is to update the VPC routing to direct Amazon S3 traffic to the VPC endpoint.
upvoted 0 times
...

Save Cancel