New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon ANS-C01 Exam - Topic 4 Question 44 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 44
Topic #: 4
[All ANS-C01 Questions]

A company has AWS accounts in an organization in AWS Organizations. The company has implemented Amazon VPC IP Address Manager (IPAM)in its networking AWS account. The company is using AWS Resource Access Manager (AWS RAM) to share IPAM pools with other AWS accounts. The company has created a top-level pool with a CIDR block of 10.0.0.0/8. For each AWS account, the company has created an IPAM pool within the top-level pool.

A network engineer needs to implement a solution to ensure that users in each AWS account cannot create new VPCs. The solution also must prevent users from associating a CIDR block with existing VPCs unless the CIDR block is from the IPAM pool for that account.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Sharika at Jan 12, 2025, 02:46 AM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Rosalyn
3 months ago
EventBridge sounds cool, but is it really necessary for this?
upvoted 0 times
...
Rebbecca
3 months ago
I think option A is too aggressive. Better to just restrict creation.
upvoted 0 times
...
Jettie
3 months ago
Wait, can you really delete VPCs automatically? Sounds risky.
upvoted 0 times
...
Sharika
4 months ago
I agree, SCPs are super effective for this!
upvoted 0 times
...
Luther
4 months ago
Option B is the best choice for restricting VPC creation.
upvoted 0 times
...
Sage
4 months ago
I remember discussing IPAM and its integration with AWS RAM. Option B seems like it directly addresses the requirement to prevent VPC creation, but I’m not 100% sure.
upvoted 0 times
...
Chau
4 months ago
I recall a practice question about using EventBridge for monitoring actions. Option D might be the right approach, but I'm not confident about the deletion part.
upvoted 0 times
...
Luis
4 months ago
I'm not entirely sure, but I feel like using AWS Config rules could be a way to enforce compliance. Maybe option A or C could work?
upvoted 0 times
...
Francis
5 months ago
I think option B sounds familiar. I remember studying Service Control Policies and how they can restrict actions based on conditions.
upvoted 0 times
...
Verona
5 months ago
This is a great question that really tests our understanding of AWS networking and security features. I'm feeling confident that I can work through this and select the best solution.
upvoted 0 times
...
Royal
5 months ago
I'm not sure I fully understand the difference between the AWS Config rule and the EventBridge rule options. I'll need to review the details of each to determine which one is more appropriate.
upvoted 0 times
...
Micaela
5 months ago
Option B seems like the most straightforward solution to me. Implementing an SCP to control the VPC creation and CIDR block association actions is a clean way to enforce the requirements.
upvoted 0 times
...
Lenna
5 months ago
I'm a bit confused by the details in this question. I'll need to make sure I understand the different AWS services and how they work together before I can confidently select an answer.
upvoted 0 times
...
Rolande
5 months ago
This looks like a tricky question, but I think I have a good strategy. I'll carefully read through the options and try to identify the one that best meets the stated requirements.
upvoted 0 times
...
Mammie
1 year ago
I wonder if the exam writer had to come up with a way to make 'lpv4lpamPoolld' sound like a real thing. Gotta love those AWS acronyms!
upvoted 0 times
Alva
12 months ago
B: D) Create an Amazon EventBridge rule to check for AWS CloudTrail events for the CreateVpc and AssociateVpcCidrBlock Amazon EC2 actions. Use the rule to invoke an AWS Lambda function to delete all VPCs that are not configured to allocate their CIDR block from an IPAM pool.
upvoted 0 times
...
William
12 months ago
A: B) Create a new SCP in Organizations. Add a condition that denies the CreateVpc and AssociateVpcCidrBlock Amazon EC2 actions if the lpv4lpamPoolld context key value is not the ID of an IPAM pool.
upvoted 0 times
...
...
Amber
1 year ago
Who else read this question and immediately thought, 'Oh, this is gonna be good. Time to break out the popcorn!'
upvoted 0 times
...
Dante
1 year ago
I think option D is a bit overkill. Why use an EventBridge rule and a Lambda function when an SCP can do the job just as well?
upvoted 0 times
Nidia
1 year ago
But option B with SCP seems simpler and more straightforward to implement for restricting VPC creation and CIDR block association.
upvoted 0 times
...
Lauran
1 year ago
Option D is more comprehensive and ensures real-time monitoring of VPC creation and CIDR block association.
upvoted 0 times
...
...
Marge
1 year ago
I'm not sure. Option D also seems like a viable solution to me.
upvoted 0 times
...
Ocie
1 year ago
I like how option B uses the IPAM pool ID as the condition. That's a clever way to ensure the CIDR blocks are from the right pool.
upvoted 0 times
Samira
1 year ago
User 3: Option D could also work by checking CloudTrail events, but Option B seems more straightforward.
upvoted 0 times
...
Tish
1 year ago
User 2: I agree, using the IPAM pool ID as a condition is a smart way to enforce the rules.
upvoted 0 times
...
Cortney
1 year ago
User 1: Option B seems like the best choice to restrict VPC creation and CIDR block association.
upvoted 0 times
...
...
Felice
1 year ago
B is the correct answer. Using an SCP to deny these actions is the most straightforward way to implement this solution.
upvoted 0 times
Haley
1 year ago
Definitely, implementing restrictions at the SCP level is a good security measure.
upvoted 0 times
...
Serina
1 year ago
It's important to ensure users can only use CIDR blocks from the IPAM pool.
upvoted 0 times
...
Chun
1 year ago
Agreed, using an SCP to deny those actions is the best approach.
upvoted 0 times
...
Bette
1 year ago
I think B is the correct answer.
upvoted 0 times
...
...
Frederica
1 year ago
I agree with Tayna. Option B seems to be the most efficient way to prevent users from creating new VPCs.
upvoted 0 times
...
Tayna
1 year ago
I think option B is the best solution.
upvoted 0 times
...

Save Cancel