Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam ANS-C01 Topic 3 Question 23 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 23
Topic #: 3
[All ANS-C01 Questions]

A company's VPC has Amazon EC2 instances that are communicating with AWS services over the public internet. The company needs to change the connectivity so that the communication

does not occur over the public intemet.

The company deploys AWS PrivateLink endpoints in the VPC. After the deployment of the PrivateLink endpoints, the EC2 instances can no longer communicate at all with the required AWS

services.

Which combination of steps should a network engineer take to restore communication with the AWS services? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: B, C

To use AWS PrivateLink, you need to create interface type VPC endpoints for the services that you want to access privately from your VPC1. These endpoints appear as elastic network interfaces (ENIs) with private IPs in your subnets2. To enable DNS resolution for these endpoints, you need to set the enableDnsSupport attribute to True for your VPC, and enable DNS support for each endpoint3. You also need to ensure that the VPC endpoint policy allows communication between your VPC and the service4. You do not need to create any route table entries or Route 53 hosted zones for the endpoints, as they are not required for PrivateLink5.

AWS PrivateLink FAQs -- Amazon Web Services 2: AWS PrivateLink and service endpoint - Amazon EC2 Overview and Networking Introduction for Telecom Companies 3: VPC Endpoints: Secure and Direct Access to AWS Services 4: AWS PrivateLink and service endpoint - Amazon EC2 Overview and Networking Introduction for Telecom Companies 5: AWS Private Link vs VPC Endpoint - Stack Overflow


by Portia at Apr 10, 2024, 04:47 PM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Corinne
10 months ago
Candidate 3: Sounds like a plan. Let's follow these steps to restore communication with the AWS services.
upvoted 0 times
...
Cruz
10 months ago
Candidate 2: Agreed. Let's start with enabling DNS support and then check the endpoint policy before moving on to Route 53.
upvoted 0 times
...
Matthew
10 months ago
Candidate 1: I'm not sure if that's necessary. Maybe we should first ensure DNS support is enabled for the VPC and VPC endpoints.
upvoted 0 times
...
Mona
10 months ago
Candidate 3: Should we also create a Route 53 private hosted zone with custom names for each service?
upvoted 0 times
...
Alaine
10 months ago
Candidate 2: Yes, that sounds like a good idea. We also need to ensure that the VPC endpoint policy allows communication.
upvoted 0 times
...
Lauryn
10 months ago
Candidate 1: I think we should add a route in the VPC route table to the PrivateLink endpoints.
upvoted 0 times
...
Alecia
10 months ago
Yes, that's a good point. We need to make sure the policy is set correctly.
upvoted 0 times
...
Shannon
11 months ago
But shouldn't we also check if the VPC endpoint policy allows communication?
upvoted 0 times
...
Gerald
12 months ago
Agreed, we also need to ensure enableDnsSupport and enable DNS support for each VPC endpoint.
upvoted 0 times
...
Alecia
12 months ago
I think we should add a route with the PrivateLink endpoints in the VPC route table.
upvoted 0 times
...
Ethan
1 years ago
Yeah, the DNS piece is crucial here. I'm guessing the PrivateLink endpoints need to be registered in a private hosted zone so the EC2 instances can resolve the service names correctly.
upvoted 0 times
...
Penney
1 years ago
Yup, sounds good to me. Now let's just hope the rest of the exam is as straightforward as this one!
upvoted 0 times
...
Junita
1 years ago
Agreed. Okay, I think we've got a good handle on this now. Let's go with B and C as our answers.
upvoted 0 times
...
Kathrine
1 years ago
Haha, I can just imagine the network engineer trying to figure this out. 'Okay, let me try adding a route to the PrivateLink endpoints... Nope, that's not it. Wait, what about the DNS settings? Aha, that must be it!'
upvoted 0 times
...
Serina
1 years ago
Haha, yeah, that one's a real doozy. Definitely a red herring. Let's stick to the PrivateLink and VPC networking stuff.
upvoted 0 times
...
Justine
1 years ago
Yeah, that makes sense. I was also thinking about the route table, but that's probably not the main issue here. The question specifically says the communication is broken after the PrivateLink deployment, so the routing should be fine.
upvoted 0 times
Cammy
11 months ago
And we need to ensure that each VPC endpoint has DNS support enabled.
upvoted 0 times
...
Catina
11 months ago
We should check if the VPC endpoint policy allows communication.
upvoted 0 times
...
...
Helga
1 years ago
I agree, the DNS configuration is probably the key here. Let's see, I think option B and E might be the right ones. We need to make sure the DNS support is enabled for the VPC and the PrivateLink endpoints, and we might need to create a private hosted zone to resolve the service names.
upvoted 0 times
Caprice
12 months ago
Correct, setting up all these steps should restore communication with the AWS services.
upvoted 0 times
...
Georgeanna
12 months ago
Adding a route in the VPC route table to the PrivateLink endpoints should also help.
upvoted 0 times
...
Elfrieda
12 months ago
Make sure the VPC endpoint policy allows communication as well.
upvoted 0 times
...
Alex
1 years ago
That sounds right. DNS configuration is definitely key in this situation.
upvoted 0 times
...
Rodolfo
1 years ago
We also need to create a private hosted zone to resolve the service names.
upvoted 0 times
...
Leslie
1 years ago
Yes, enabling DNS support for the VPC and PrivateLink endpoints is crucial.
upvoted 0 times
...
Jannette
1 years ago
I think B and E are the right options.
upvoted 0 times
...
...
Tonja
1 years ago
Hmm, I'm guessing the issue has to do with the DNS configuration. The question mentions that the EC2 instances can't communicate with the services after the PrivateLink deployment, so we might need to look at DNS settings.
upvoted 0 times
...
Clay
1 years ago
This question seems pretty straightforward, but I'm not sure about the PrivateLink part. I think it's asking us to figure out how to enable communication between the EC2 instances and the AWS services after the PrivateLink deployment.
upvoted 0 times
...

Save Cancel