New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon ANS-C01 Exam - Topic 4 Question 29 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 29
Topic #: 4
[All ANS-C01 Questions]

A network engineer is designing the architecture for a healthcare company's workload that is moving to the AWS Cloud. All data to and from the on-premises environment must be encrypted in transit. All traffic also must be inspected in the cloud before the traffic is allowed to leave the cloud and travel to the on-premises environment or to the internet.

The company will expose components of the workload to the internet so that patients can reserve appointments. The architecture must secure these components and protect them against DDoS attacks. The architecture also must provide protection against financial liability for services that scale out during a DDoS event.

Which combination of steps should the network engineer take to meet all these requirements for the workload? (Choose three.)

Show Suggested Answer Hide Answer
Suggested Answer: C

The correct solution is to use an S3 interface endpoint and an on-premises DNS resolver. An S3 interface endpoint allows you to access Amazon S3 using private IP addresses within your VPC. An on-premises DNS resolver can be configured to forward the DNS queries for the S3 domain names to the S3 interface endpoint, so that the on-premises workloads can access Amazon S3 privately over the VPN connection. This solution is operationally efficient, as it does not require any additional infrastructure or changes to the existing workloads. The VPC workloads can continue to use the S3 gateway endpoint, which provides lower latency and higher throughput than the S3 interface endpoint.


by Donte at Jun 22, 2024, 03:54 PM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Antione
3 months ago
Not sure if Direct Connect is really necessary here...
upvoted 0 times
...
Kattie
3 months ago
Agree with F, AWS Shield Advanced is a must for DDoS protection!
upvoted 0 times
...
Svetlana
3 months ago
Isn't Traffic Mirroring a bit overkill for this?
upvoted 0 times
...
Josefa
4 months ago
I think using Gateway Load Balancers is a smart move.
upvoted 0 times
...
France
4 months ago
Definitely need AWS WAF for security!
upvoted 0 times
...
Rosamond
4 months ago
I definitely recall that using Gateway Load Balancers for inline traffic inspection is a solid approach, especially for ensuring security before traffic leaves the cloud.
upvoted 0 times
...
Daniela
4 months ago
I feel like Traffic Mirroring might not be the best choice here since it doesn't directly address the DDoS protection requirement.
upvoted 0 times
...
Nidia
4 months ago
I'm not entirely sure, but I think AWS WAF is crucial for protecting against DDoS attacks. We practiced a similar question about securing web applications.
upvoted 0 times
...
Brinda
5 months ago
I remember we discussed the importance of encrypting data in transit, so I think using AWS Direct Connect with MACsec support could be a good option.
upvoted 0 times
...
Veronika
5 months ago
I'm feeling pretty confident about this one. The key is to use the right AWS services for each requirement - encryption with Direct Connect, DDoS protection with Shield Advanced, and traffic inspection with Gateway Load Balancers. I'll double-check my work, but I think I've got a solid approach.
upvoted 0 times
...
Ahmad
5 months ago
Okay, I think I've got a plan. I'll use AWS WAF to protect the internet-facing components, AWS Shield Advanced to guard against DDoS, and Gateway Load Balancers to insert the necessary traffic inspection. That should cover all the bases.
upvoted 0 times
...
Sheron
5 months ago
Hmm, this is a tricky one. I'm a bit confused about the traffic inspection requirement and how to best implement that. I'll need to research the different options like Traffic Mirroring and Gateway Load Balancers.
upvoted 0 times
...
Rozella
5 months ago
This looks like a complex question that requires a good understanding of AWS security services. I'll need to carefully review the requirements and think through the best combination of steps to meet them.
upvoted 0 times
...
Vincenza
5 months ago
This question has a lot of moving parts, but I think I can piece it together. I'll start by setting up the encryption and traffic inspection, then add the DDoS protection on top of that. Gotta make sure I don't miss any of the requirements.
upvoted 0 times
...
Svetlana
5 months ago
This looks like a straightforward question about securing a CI/CD cluster on Compute Engine. I think the key is to use a dedicated identity account and leverage IAM policies to restrict access and credential management.
upvoted 0 times
...
Sommer
5 months ago
Revoking the former employee's biometrics seems like the most effective way to prevent unauthorized access. That's my pick.
upvoted 0 times
...
Alex
5 months ago
Hmm, I'm a bit unsure about this one. I need to think through the different options and how they relate to API security.
upvoted 0 times
...
Gearldine
5 months ago
Wait, I'm a bit confused. Is the issue with the Cisco XCP services or the Jabber client? I need to make sure I understand the problem before I jump to a solution.
upvoted 0 times
...
Jean
9 months ago
I was thinking of using AWS Lambda to block malicious IPs, but that's not the best option here. B, E, and F are the way to go.
upvoted 0 times
Lashawnda
8 months ago
Configuring AWS Shield Advanced on all public assets will definitely help protect against DDoS attacks.
upvoted 0 times
...
Elvis
8 months ago
Setting up Gateway Load Balancers to insert third-party firewalls is a smart move for inline traffic inspection.
upvoted 0 times
...
Lashonda
8 months ago
I agree, using AWS WAF on all network components is crucial for security.
upvoted 0 times
...
...
Fatima
10 months ago
Haha, I'm pretty sure the IT guy who came up with this question has a twisted sense of humor. But B, E, and F are the correct answers for sure.
upvoted 0 times
Johna
8 months ago
The network engineer needs to make sure all public assets are protected against DDoS attacks.
upvoted 0 times
...
Leontine
9 months ago
It's important to have AWS WAF, Gateway Load Balancers, and AWS Shield Advanced in place for security.
upvoted 0 times
...
Marnie
9 months ago
I agree, B, E, and F are definitely the way to go for this architecture.
upvoted 0 times
...
...
Colette
10 months ago
I'm not sure about using Traffic Mirroring, that seems like overkill for this scenario. B, E, and F are the way to go in my opinion.
upvoted 0 times
Pa
9 months ago
AWS WAF, Gateway Load Balancers, and AWS Shield Advanced are the best options to secure the workload and protect against DDoS attacks.
upvoted 0 times
...
Dulce
9 months ago
Setting up AWS WAF, using Gateway Load Balancers, and configuring AWS Shield Advanced will provide the necessary security measures.
upvoted 0 times
...
Myra
10 months ago
I agree, Traffic Mirroring does seem like overkill. B, E, and F should cover all the requirements.
upvoted 0 times
...
...
Maile
10 months ago
Hmm, this question is tricky. I think the combination of B, E, and F would be the best solution to meet all the requirements.
upvoted 0 times
Lauran
9 months ago
Combining B, E, and F seems like a solid plan to meet the requirements for the workload.
upvoted 0 times
...
Wilda
9 months ago
Configuring AWS Shield Advanced on all public assets will definitely help protect against DDoS attacks.
upvoted 0 times
...
Skye
9 months ago
Inserting third-party firewalls for inline traffic inspection with Gateway Load Balancers is a smart move.
upvoted 0 times
...
Ngoc
10 months ago
I agree, using AWS WAF on all network components is crucial for security.
upvoted 0 times
...
...
Evangelina
11 months ago
In addition to those steps, we should use Gateway Load Balancers to insert third-party firewalls for inline traffic inspection.
upvoted 0 times
...
Buddy
11 months ago
I agree with Jaclyn. We should also configure AWS Shield Advanced on all public assets for additional protection.
upvoted 0 times
...
Jaclyn
11 months ago
I think we should definitely use AWS WAF on all network components to protect against DDoS attacks.
upvoted 0 times
...

Save Cancel