New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon ANS-C01 Exam - Topic 3 Question 23 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 23
Topic #: 3
[All ANS-C01 Questions]

A company's VPC has Amazon EC2 instances that are communicating with AWS services over the public internet. The company needs to change the connectivity so that the communication

does not occur over the public intemet.

The company deploys AWS PrivateLink endpoints in the VPC. After the deployment of the PrivateLink endpoints, the EC2 instances can no longer communicate at all with the required AWS

services.

Which combination of steps should a network engineer take to restore communication with the AWS services? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: B, C

To use AWS PrivateLink, you need to create interface type VPC endpoints for the services that you want to access privately from your VPC1. These endpoints appear as elastic network interfaces (ENIs) with private IPs in your subnets2. To enable DNS resolution for these endpoints, you need to set the enableDnsSupport attribute to True for your VPC, and enable DNS support for each endpoint3. You also need to ensure that the VPC endpoint policy allows communication between your VPC and the service4. You do not need to create any route table entries or Route 53 hosted zones for the endpoints, as they are not required for PrivateLink5.

AWS PrivateLink FAQs -- Amazon Web Services 2: AWS PrivateLink and service endpoint - Amazon EC2 Overview and Networking Introduction for Telecom Companies 3: VPC Endpoints: Secure and Direct Access to AWS Services 4: AWS PrivateLink and service endpoint - Amazon EC2 Overview and Networking Introduction for Telecom Companies 5: AWS Private Link vs VPC Endpoint - Stack Overflow


by Portia at Apr 10, 2024, 04:47 PM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Robt
3 months ago
Isn't it surprising how easily things can break with PrivateLink?
upvoted 0 times
...
Weldon
3 months ago
Definitely need to check the VPC endpoint policy, that's a must.
upvoted 0 times
...
Tamra
3 months ago
Wait, why would you create a public hosted zone? That doesn't make sense!
upvoted 0 times
...
Eden
4 months ago
I think C is also crucial for allowing communication.
upvoted 0 times
...
Margot
4 months ago
A and B seem like the right steps to take.
upvoted 0 times
...
Barabara
4 months ago
I don't think we need a public hosted zone, so option D seems wrong. Maybe E is the better choice for private DNS?
upvoted 0 times
...
Nancey
4 months ago
I practiced a similar question where we had to check endpoint policies, so I feel like option C might be the right choice here too.
upvoted 0 times
...
Sheldon
4 months ago
I think option B is important because DNS support is crucial for PrivateLink to work properly.
upvoted 0 times
...
Yuriko
5 months ago
I remember something about needing to adjust the route table, but I'm not sure if it's option A or something else.
upvoted 0 times
...
Lillian
5 months ago
This seems like a tricky one, but I think I've got a good strategy. I'll start by checking the VPC route table and DNS settings, as Maryrose suggested. If that doesn't work, I'll look into the PrivateLink endpoint policy to make sure it's configured properly. I'm feeling pretty confident I can figure this out.
upvoted 0 times
...
Vincent
5 months ago
I'm a bit confused on the difference between a public hosted zone and a private hosted zone in Route 53. Do I need to create both, or just one of them? I want to make sure I select the right combination of steps to fully restore the communication.
upvoted 0 times
...
Louvenia
5 months ago
This question seems straightforward, but I want to make sure I understand the key details before answering. The EC2 instances can't communicate with the AWS services after deploying the PrivateLink endpoints, so I'll need to focus on troubleshooting that connectivity issue.
upvoted 0 times
...
Maryrose
5 months ago
Okay, let's think this through step-by-step. First, I'd check the VPC route table to see if there's a route for the PrivateLink endpoints. Then I'd verify the DNS settings to make sure they're configured correctly. Finally, I'd review the PrivateLink endpoint policy to ensure it's allowing the necessary communication.
upvoted 0 times
...
Johna
5 months ago
Based on the explanation provided, I believe the statement is true. The State Repository pattern seems to be an important component of the Enterprise Service Bus pattern, as it enables the deferral of state during periods of inactivity in complex service compositions.
upvoted 0 times
...
Caren
5 months ago
Hmm, I'm a bit confused by the wording here. I'll need to re-read the question and think through the different options.
upvoted 0 times
...
Kip
5 months ago
Hmm, I'm not entirely sure about this one. I know there are some differences in governor limits between synchronous and asynchronous Apex, but I'll have to think through the specifics.
upvoted 0 times
...
Corinne
2 years ago
Candidate 3: Sounds like a plan. Let's follow these steps to restore communication with the AWS services.
upvoted 0 times
...
Cruz
2 years ago
Candidate 2: Agreed. Let's start with enabling DNS support and then check the endpoint policy before moving on to Route 53.
upvoted 0 times
...
Matthew
2 years ago
Candidate 1: I'm not sure if that's necessary. Maybe we should first ensure DNS support is enabled for the VPC and VPC endpoints.
upvoted 0 times
...
Mona
2 years ago
Candidate 3: Should we also create a Route 53 private hosted zone with custom names for each service?
upvoted 0 times
...
Alaine
2 years ago
Candidate 2: Yes, that sounds like a good idea. We also need to ensure that the VPC endpoint policy allows communication.
upvoted 0 times
...
Lauryn
2 years ago
Candidate 1: I think we should add a route in the VPC route table to the PrivateLink endpoints.
upvoted 0 times
...
Alecia
2 years ago
Yes, that's a good point. We need to make sure the policy is set correctly.
upvoted 0 times
...
Shannon
2 years ago
But shouldn't we also check if the VPC endpoint policy allows communication?
upvoted 0 times
...
Gerald
2 years ago
Agreed, we also need to ensure enableDnsSupport and enable DNS support for each VPC endpoint.
upvoted 0 times
...
Alecia
2 years ago
I think we should add a route with the PrivateLink endpoints in the VPC route table.
upvoted 0 times
...
Ethan
2 years ago
Yeah, the DNS piece is crucial here. I'm guessing the PrivateLink endpoints need to be registered in a private hosted zone so the EC2 instances can resolve the service names correctly.
upvoted 0 times
...
Penney
2 years ago
Yup, sounds good to me. Now let's just hope the rest of the exam is as straightforward as this one!
upvoted 0 times
...
Junita
2 years ago
Agreed. Okay, I think we've got a good handle on this now. Let's go with B and C as our answers.
upvoted 0 times
...
Kathrine
2 years ago
Haha, I can just imagine the network engineer trying to figure this out. 'Okay, let me try adding a route to the PrivateLink endpoints... Nope, that's not it. Wait, what about the DNS settings? Aha, that must be it!'
upvoted 0 times
...
Serina
2 years ago
Haha, yeah, that one's a real doozy. Definitely a red herring. Let's stick to the PrivateLink and VPC networking stuff.
upvoted 0 times
...
Justine
2 years ago
Yeah, that makes sense. I was also thinking about the route table, but that's probably not the main issue here. The question specifically says the communication is broken after the PrivateLink deployment, so the routing should be fine.
upvoted 0 times
Cammy
2 years ago
And we need to ensure that each VPC endpoint has DNS support enabled.
upvoted 0 times
...
Catina
2 years ago
We should check if the VPC endpoint policy allows communication.
upvoted 0 times
...
...
Helga
2 years ago
I agree, the DNS configuration is probably the key here. Let's see, I think option B and E might be the right ones. We need to make sure the DNS support is enabled for the VPC and the PrivateLink endpoints, and we might need to create a private hosted zone to resolve the service names.
upvoted 0 times
Caprice
2 years ago
Correct, setting up all these steps should restore communication with the AWS services.
upvoted 0 times
...
Georgeanna
2 years ago
Adding a route in the VPC route table to the PrivateLink endpoints should also help.
upvoted 0 times
...
Elfrieda
2 years ago
Make sure the VPC endpoint policy allows communication as well.
upvoted 0 times
...
Alex
2 years ago
That sounds right. DNS configuration is definitely key in this situation.
upvoted 0 times
...
Rodolfo
2 years ago
We also need to create a private hosted zone to resolve the service names.
upvoted 0 times
...
Leslie
2 years ago
Yes, enabling DNS support for the VPC and PrivateLink endpoints is crucial.
upvoted 0 times
...
Jannette
2 years ago
I think B and E are the right options.
upvoted 0 times
...
...
Tonja
2 years ago
Hmm, I'm guessing the issue has to do with the DNS configuration. The question mentions that the EC2 instances can't communicate with the services after the PrivateLink deployment, so we might need to look at DNS settings.
upvoted 0 times
...
Clay
2 years ago
This question seems pretty straightforward, but I'm not sure about the PrivateLink part. I think it's asking us to figure out how to enable communication between the EC2 instances and the AWS services after the PrivateLink deployment.
upvoted 0 times
...

Save Cancel