New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon ANS-C01 Exam - Topic 3 Question 48 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 48
Topic #: 3
[All ANS-C01 Questions]

A banking company has an application that must connect to specific public IP addresses from a VPC. A network engineer has configured routes in the route table that is associated with the application's subnet to the required public IP addresses through an internet gateway.

The network engineer needs to set up email notifications that will alert the network engineer when a user adds a default route to the application subnet's route table with the internet gateway as a target.

Which solution will meet these requirements with the LEAST implementation effort?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Viki at Mar 22, 2025, 11:12 AM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Johnson
2 months ago
I’m surprised they didn’t mention using CloudTrail for this.
upvoted 0 times
...
Tora
2 months ago
A Lambda function running every minute? Sounds like overkill!
upvoted 0 times
...
Lang
2 months ago
I think D is better because it specifically targets unrestricted routes.
upvoted 0 times
...
Dusti
2 months ago
I recall that using Lambda functions can be more complex, so I might lean towards the Config rules for simplicity, but I need to double-check the requirements.
upvoted 0 times
...
Providencia
2 months ago
I feel like option D could work too, but I’m a bit confused about the difference between the two Config rules mentioned in C and D.
upvoted 0 times
...
Yoko
3 months ago
Option C seems like the most efficient way to monitor changes.
upvoted 0 times
...
Youlanda
3 months ago
I think option C sounds familiar because it mentions using EventBridge and SNS, which we practiced in class. But I’m not sure if it’s the least effort.
upvoted 0 times
...
Leanna
3 months ago
I remember studying AWS Config rules, but I'm not entirely sure which managed rule would be the best fit for this scenario.
upvoted 0 times
...
Vonda
3 months ago
I disagree, B is simpler and directly tied to route changes.
upvoted 0 times
...
Lauran
3 months ago
Option D seems similar to option C, but it uses a different managed rule. I'll need to understand the differences between the "internet-gateway-authorized-vpc-only" and "no-unrestricted-route-to-igw" rules to decide which one is more appropriate for this scenario.
upvoted 0 times
...
Renato
4 months ago
Option C looks interesting as it uses AWS Config rules and EventBridge to monitor the route table, but I'm not sure if that would require more setup effort than the Lambda function in option A. I'll need to weigh the pros and cons of each approach.
upvoted 0 times
...
Luther
4 months ago
I'm a bit confused about the differences between options A and B. Both involve creating a Lambda function, but option B is triggered by the EC2 CreateRoute API call. I'll need to research the differences between these two approaches to determine the best solution.
upvoted 0 times
...
Gene
4 months ago
This seems like a straightforward question. I think option A is the best solution as it involves the least implementation effort by creating a Lambda function to monitor the route table and send email notifications.
upvoted 0 times
...
Dwight
4 months ago
Option A seems a bit overkill, as it requires setting up a Lambda function to continuously monitor the route table. The managed AWS Config rules in options C and D seem like a more efficient way to handle this requirement.
upvoted 0 times
...
Loreta
4 months ago
I'm leaning towards option B, as it allows us to directly intercept the CreateRoute API call and send the notification. That way, we can catch the issue as soon as it happens, rather than relying on a periodic check.
upvoted 0 times
...
Tracie
5 months ago
Option C looks promising, as it uses the managed AWS Config rule and EventBridge to handle the monitoring and notification requirements. That seems like a more out-of-the-box solution compared to building a custom Lambda function.
upvoted 0 times
...
Britt
5 months ago
I'm a bit confused by the different options. Do we need to create a custom Lambda function or can we use the managed AWS Config rules? I'm not sure which approach would require the least implementation effort.
upvoted 0 times
...
Josphine
5 months ago
This seems like a straightforward question. I think option D is the best solution as it directly addresses the requirement to monitor for default routes to the internet gateway and send email notifications.
upvoted 0 times
...
Genevive
11 months ago
That's a good point, Boris. Option C might provide more control and flexibility in the long run.
upvoted 0 times
...
Boris
11 months ago
I'm not sure, I think option C could also work well by using AWS Config rules and Amazon EventBridge to send email notifications.
upvoted 0 times
...
Blair
11 months ago
My money's on D. Gotta keep those default routes in check, you know?
upvoted 0 times
Hannah
9 months ago
Definitely, D will help ensure any unauthorized default routes are quickly identified and addressed.
upvoted 0 times
...
Ilda
10 months ago
I agree, setting up AWS Config rules and EventBridge for notifications is a solid choice.
upvoted 0 times
...
Wilda
10 months ago
Yeah, D seems like the most efficient solution for this scenario.
upvoted 0 times
...
Gail
10 months ago
I think D is the best option too. It's important to monitor those default routes.
upvoted 0 times
...
...
Arlean
11 months ago
Hmm, I'm torn between B and D. Maybe I'll just flip a coin. Or maybe I'll get the janitor to decide - he seems to have a knack for this kind of thing.
upvoted 0 times
...
Casie
11 months ago
I'm going to have to go with D on this one. The no-unrestricted-route-to-igw rule sounds like exactly what we need, and the EventBridge integration is just icing on the cake.
upvoted 0 times
...
Karina
11 months ago
I agree with Genevive. Option A seems like the most straightforward solution with the least implementation effort.
upvoted 0 times
...
Victor
11 months ago
C and D both look good, but I like the idea of using a managed rule in C. Less work for us, and it's probably more reliable than rolling our own.
upvoted 0 times
...
Winifred
11 months ago
Option B seems like the way to go. Tying the email notification directly to the API call is the most efficient approach. Who wants to wait a whole minute for that notification?
upvoted 0 times
Ashlyn
10 months ago
User 3: Option B it is then, direct tie to the API call for instant notification.
upvoted 0 times
...
Dean
11 months ago
User 2: Yeah, waiting a whole minute for the notification is too long.
upvoted 0 times
...
Dante
11 months ago
User 1: I agree, option B is definitely the most efficient.
upvoted 0 times
...
...
Genevive
11 months ago
I think option A is the best choice because it uses a Lambda function to send email notifications for any default route added to the route table.
upvoted 0 times
...

Save Cancel