New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon ANS-C01 Exam - Topic 4 Question 57 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 57
Topic #: 4
[All ANS-C01 Questions]

A company is planning to migrate an internal application to the AWS Cloud. The application will run on Amazon EC2 instances in one VPC. Users will access the application from the

company's on-premises data center through AWS VPN or AWS Direct Connect. Users will use private domain names for the application endpoint from a domain name that is reserved

explicitly for use in the AWS Cloud.

Each EC2 instance must have automatic failover to another EC2 instance in the same AWS account and the same VPC. A network engineer must design a DNS solution that will not expose

the application to the internet.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: C

The correct solution is to use a Route 53 private hosted zone and a Route 53 Resolver inbound endpoint. A private hosted zone allows you to use private domain names for your internal AWS resources without exposing them to the internet. A Route 53 Resolver inbound endpoint enables DNS queries from your on-premises network to be forwarded to your VPC. By configuring conditional forwarding on your on-premises DNS resolvers, you can ensure that only the queries for the AWS reserved domain name are sent to the inbound endpoint. In the private hosted zone, you can create primary and failover records that point to the IP addresses of the EC2 instances. These records will automatically switch to the failover instance if the primary instance becomes unhealthy. You can use CloudWatch metrics and alarms to monitor the application's health and trigger the health check for the primary endpoint.

The other options are not correct because they either expose the application to the internet or use a public hosted zone, which is not suitable for internal applications. Option A assigns public IP addresses to the EC2 instances, which makes them accessible from the internet. Option B uses a public hosted zone, which requires the EC2 instances to have public IP addresses or elastic IP addresses. Option D does not set up a health check on the alarm for the primary endpoint, which is required for the failover mechanism to work.


by Melinda at Oct 27, 2025, 03:44 AM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Leonora
9 days ago
D is also good, but I prefer C for the health checks.
upvoted 0 times
...
Lavelle
14 days ago
I agree, C keeps it secure and within the VPC.
upvoted 0 times
...
Amos
19 days ago
I think option C is the best. Private hosted zone is key.
upvoted 0 times
...
Harrison
24 days ago
Not sure about B, public hosted zones seem risky for this setup.
upvoted 0 times
...
Sommer
30 days ago
Totally agree with C, it keeps everything secure and internal.
upvoted 0 times
...
Lai
1 month ago
Wait, why would we use public IPs in A? That doesn't make sense!
upvoted 0 times
...
Mollie
1 month ago
I think D is better since it uses health checks on private IPs.
upvoted 0 times
...
Blair
2 months ago
Gotta love these AWS certification exams - they really make you think!
upvoted 0 times
...
An
2 months ago
I like how option D uses Route 53 health checks on the private IP addresses. That's a nice touch.
upvoted 0 times
...
Keshia
2 months ago
Option C seems like the most straightforward solution to me.
upvoted 0 times
...
Juliana
2 months ago
I think we practiced a similar question where we had to set up health checks for EC2 instances. It seems like option D might be the right choice since it mentions health checks on private IPs.
upvoted 0 times
...
Cristy
2 months ago
I'm a bit unsure about the difference between inbound and outbound endpoints for Route 53 Resolver. Which one should we use here?
upvoted 0 times
...
Carli
2 months ago
Option C seems solid with private subnets and Route 53 private hosted zone.
upvoted 0 times
...
Kiley
3 months ago
This looks like a tricky one. I'll have to think it through carefully.
upvoted 0 times
...
Nicolette
3 months ago
Haha, I bet the person who wrote this question is a real stickler for details!
upvoted 0 times
...
Dalene
3 months ago
I feel like option C is close, but I can't recall if we need to use inbound or outbound endpoints for the DNS forwarding. It’s confusing!
upvoted 0 times
...
Irma
3 months ago
I remember we discussed the importance of keeping EC2 instances in private subnets to avoid exposing them to the internet.
upvoted 0 times
...
Fausto
4 months ago
This looks like a good opportunity to demonstrate my understanding of AWS networking and DNS concepts. I'll make sure to explain my reasoning for the chosen solution.
upvoted 0 times
...
Nicolette
4 months ago
I'm not sure about the difference between using public IP addresses versus private IP addresses for the EC2 instances. I'll need to think that through carefully.
upvoted 0 times
...
Antonette
4 months ago
Okay, the key here is to design a solution that doesn't expose the application to the internet. I think options C and D are the way to go, using a private hosted zone and Route 53 Resolver.
upvoted 0 times
...
Peggy
4 months ago
Hmm, I'm a bit confused about the DNS solution requirements. I'll need to carefully read through the options to make sure I understand the differences.
upvoted 0 times
...
Willard
4 months ago
This looks like a pretty straightforward AWS architecture design question. I think I can handle this one.
upvoted 0 times
Rebbecca
3 months ago
I agree, it seems clear-cut.
upvoted 0 times
...
...

Save Cancel