Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam ANS-C01 Topic 5 Question 10 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 10
Topic #: 5
[All ANS-C01 Questions]

A company has deployed Amazon EC2 instances in private subnets in a VPC. The EC2 instances must initiate any requests that leave the VPC, including requests to the company's on-premises data center over an AWS Direct Connect connection. No resources outside the VPC can be allowed to open communications directly to the EC2 instances.

The on-premises data center's customer gateway is configured with a stateful firewall device that filters for incoming and outgoing requests to and from multiple VPCs. In addition, the company wants to use a single IP match rule to allow all the communications from the EC2 instances to its data center from a single IP address.

Which solution will meet these requirements with the LEAST amount of operational overhead?

Show Suggested Answer Hide Answer
Suggested Answer: B

Creating a new Route 53 Resolver outbound endpoint in the shared services VPC would enable forwarding of DNS queries from the VPC to on-premises1.Creating forwarding rules for the on-premises hosted domains would enable specifying which domain names are forwarded to the on-premises DNS servers2.Associating the rules with the new Resolver endpoint and each application VPC would enable applying the rules to the VPCs2.This solution would not affect the default DNS resolution behavior of Route 53 Resolver for local VPC domain names and domains that are hosted in Route 53 private hosted zones3.


by Garry at Jul 07, 2023, 10:36 AM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Dahlia
7 hours ago
I'm not sure, but option D could also work. Configuring the on-premises firewall to allow connections from the NAT instance might be simpler.
upvoted 0 times
...
Mica
7 hours ago
I'm a bit wary of using a NAT instance instead of a gateway. Instances can be more prone to failure, and the maintenance overhead might be higher. Option C seems cleaner.
upvoted 0 times
...
Pamela
2 days ago
I agree with Dante. Using a NAT gateway in the VPC seems like the most efficient way to meet the requirements.
upvoted 0 times
...
Dante
4 days ago
I think option C is the best solution.
upvoted 0 times
...
Ryan
5 days ago
I'm not sure, but option D also seems like a viable solution. A NAT instance could work well too.
upvoted 0 times
...
Rolande
6 days ago
I agree with Dominga. Using a NAT gateway in a private subnet seems like the most efficient way to meet the requirements.
upvoted 0 times
...
Dominga
9 days ago
I think option C is the best solution.
upvoted 0 times
...
Jerry
10 days ago
Option C looks like the most straightforward solution. Using a private NAT gateway and configuring the on-premises firewall to allow connections from its IP address should do the trick.
upvoted 0 times
...

Save Cancel