Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon ANS-C01 Exam - Topic 3 Question 48 Discussion

A banking company has an application that must connect to specific public IP addresses from a VPC. A network engineer has configured routes in the route table that is associated with the application's subnet to the required public IP addresses through an internet gateway.The network engineer needs to set up email notifications that will alert the network engineer when a user adds a default route to the application subnet's route table with the internet gateway as a target.Which solution will meet these requirements with the LEAST implementation effort?
C) Create AWS Config rules for the route table by using the internet-gateway-authorized-vpc-only managed rule. Create an Amazon EventBridge rule to match the AWS Config rule and to route to an Amazon Simple Notification Service (Amazon SNS) topic to send an email notification.
A) Create an AWS Lambda function that reads the routes in the route table and sends an email notification. Configure the Lambda function to send an email notification if any route is configured with 0.0.0.0/0 or ::/0 CIDRs to the internet gateway. Configure the Lambda function to run every minute.
B) Create an AWS Lambda function that will be invoked by an Amazon EC2 CreateRoute API call. Configure the Lambda function to send an email notification. Configure the Lambda function to send an email notification if any route is configured with 0.0.0.0/0 or ::/0 CIDRs to the internet gateway.
D) Create an AWS Config rule for the route table by using the no-unrestricted-route-to-igw managed rule. Create an Amazon EventBridge rule to match the AWS Config rule and to route to an Amazon Simple Notification Service (Amazon SNS) topic to send an email notification.

Amazon ANS-C01 Exam - Topic 3 Question 48 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 48
Topic #: 3
[All ANS-C01 Questions]

A banking company has an application that must connect to specific public IP addresses from a VPC. A network engineer has configured routes in the route table that is associated with the application's subnet to the required public IP addresses through an internet gateway.

The network engineer needs to set up email notifications that will alert the network engineer when a user adds a default route to the application subnet's route table with the internet gateway as a target.

Which solution will meet these requirements with the LEAST implementation effort?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Viki at Mar 22, 2025, 11:12 AM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Johnson
5 months ago
I’m surprised they didn’t mention using CloudTrail for this.
upvoted 0 times
...
Tora
5 months ago
A Lambda function running every minute? Sounds like overkill!
upvoted 0 times
...
Lang
5 months ago
I think D is better because it specifically targets unrestricted routes.
upvoted 0 times
...
Dusti
5 months ago
I recall that using Lambda functions can be more complex, so I might lean towards the Config rules for simplicity, but I need to double-check the requirements.
upvoted 0 times
...
Providencia
5 months ago
I feel like option D could work too, but I’m a bit confused about the difference between the two Config rules mentioned in C and D.
upvoted 0 times
...
Yoko
6 months ago
Option C seems like the most efficient way to monitor changes.
upvoted 0 times
...
Youlanda
6 months ago
I think option C sounds familiar because it mentions using EventBridge and SNS, which we practiced in class. But I’m not sure if it’s the least effort.
upvoted 0 times
...
Leanna
6 months ago
I remember studying AWS Config rules, but I'm not entirely sure which managed rule would be the best fit for this scenario.
upvoted 0 times
...
Vonda
6 months ago
I disagree, B is simpler and directly tied to route changes.
upvoted 0 times
...
Lauran
6 months ago
Option D seems similar to option C, but it uses a different managed rule. I'll need to understand the differences between the "internet-gateway-authorized-vpc-only" and "no-unrestricted-route-to-igw" rules to decide which one is more appropriate for this scenario.
upvoted 0 times
...
Renato
7 months ago
Option C looks interesting as it uses AWS Config rules and EventBridge to monitor the route table, but I'm not sure if that would require more setup effort than the Lambda function in option A. I'll need to weigh the pros and cons of each approach.
upvoted 0 times
...
Luther
7 months ago
I'm a bit confused about the differences between options A and B. Both involve creating a Lambda function, but option B is triggered by the EC2 CreateRoute API call. I'll need to research the differences between these two approaches to determine the best solution.
upvoted 0 times
...
Gene
7 months ago
This seems like a straightforward question. I think option A is the best solution as it involves the least implementation effort by creating a Lambda function to monitor the route table and send email notifications.
upvoted 0 times
...
Dwight
7 months ago
Option A seems a bit overkill, as it requires setting up a Lambda function to continuously monitor the route table. The managed AWS Config rules in options C and D seem like a more efficient way to handle this requirement.
upvoted 0 times
...
Loreta
7 months ago
I'm leaning towards option B, as it allows us to directly intercept the CreateRoute API call and send the notification. That way, we can catch the issue as soon as it happens, rather than relying on a periodic check.
upvoted 0 times
...
Tracie
8 months ago
Option C looks promising, as it uses the managed AWS Config rule and EventBridge to handle the monitoring and notification requirements. That seems like a more out-of-the-box solution compared to building a custom Lambda function.
upvoted 0 times
...
Britt
8 months ago
I'm a bit confused by the different options. Do we need to create a custom Lambda function or can we use the managed AWS Config rules? I'm not sure which approach would require the least implementation effort.
upvoted 0 times
...
Josphine
8 months ago
This seems like a straightforward question. I think option D is the best solution as it directly addresses the requirement to monitor for default routes to the internet gateway and send email notifications.
upvoted 0 times
...
Genevive
1 year ago
That's a good point, Boris. Option C might provide more control and flexibility in the long run.
upvoted 0 times
...
Boris
1 year ago
I'm not sure, I think option C could also work well by using AWS Config rules and Amazon EventBridge to send email notifications.
upvoted 0 times
...
Blair
1 year ago
My money's on D. Gotta keep those default routes in check, you know?
upvoted 0 times
Hannah
1 year ago
Definitely, D will help ensure any unauthorized default routes are quickly identified and addressed.
upvoted 0 times
...
Ilda
1 year ago
I agree, setting up AWS Config rules and EventBridge for notifications is a solid choice.
upvoted 0 times
...
Wilda
1 year ago
Yeah, D seems like the most efficient solution for this scenario.
upvoted 0 times
...
Gail
1 year ago
I think D is the best option too. It's important to monitor those default routes.
upvoted 0 times
...
...
Arlean
1 year ago
Hmm, I'm torn between B and D. Maybe I'll just flip a coin. Or maybe I'll get the janitor to decide - he seems to have a knack for this kind of thing.
upvoted 0 times
...
Casie
1 year ago
I'm going to have to go with D on this one. The no-unrestricted-route-to-igw rule sounds like exactly what we need, and the EventBridge integration is just icing on the cake.
upvoted 0 times
...
Karina
1 year ago
I agree with Genevive. Option A seems like the most straightforward solution with the least implementation effort.
upvoted 0 times
...
Victor
1 year ago
C and D both look good, but I like the idea of using a managed rule in C. Less work for us, and it's probably more reliable than rolling our own.
upvoted 0 times
...
Winifred
1 year ago
Option B seems like the way to go. Tying the email notification directly to the API call is the most efficient approach. Who wants to wait a whole minute for that notification?
upvoted 0 times
Ashlyn
1 year ago
User 3: Option B it is then, direct tie to the API call for instant notification.
upvoted 0 times
...
Dean
1 year ago
User 2: Yeah, waiting a whole minute for the notification is too long.
upvoted 0 times
...
Dante
1 year ago
User 1: I agree, option B is definitely the most efficient.
upvoted 0 times
...
...
Genevive
1 year ago
I think option A is the best choice because it uses a Lambda function to send email notifications for any default route added to the route table.
upvoted 0 times
...

Save Cancel