Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam ANS-C01 Topic 1 Question 31 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 31
Topic #: 1
[All ANS-C01 Questions]

A retail company is running its service on AWS. The company's architecture includes Application Load Balancers (ALBs) in public subnets. The ALB target groups are configured to send traffic to backend Amazon EC2 instances in private subnets. These backend EC2 instances can call externally hosted services over the internet by using a NAT gateway.

The company has noticed in its billing that NAT gateway usage has increased significantly. A network engineer needs to find out the source of this increased usage.

Which options can the network engineer use to investigate the traffic through the NAT gateway? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: C

The correct solution is to use an S3 interface endpoint and an on-premises DNS resolver. An S3 interface endpoint allows you to access Amazon S3 using private IP addresses within your VPC. An on-premises DNS resolver can be configured to forward the DNS queries for the S3 domain names to the S3 interface endpoint, so that the on-premises workloads can access Amazon S3 privately over the VPN connection. This solution is operationally efficient, as it does not require any additional infrastructure or changes to the existing workloads. The VPC workloads can continue to use the S3 gateway endpoint, which provides lower latency and higher throughput than the S3 interface endpoint.


by Leanna at Jul 06, 2024, 12:40 PM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Doyle
4 days ago
Haha, I'm picturing the network engineer sifting through terabytes of VPC flow logs like a forensic analyst. Options D and E with Athena could work, but they sound a bit more complicated than the CloudWatch options.
upvoted 0 times
...
Kenneth
13 days ago
I like the idea of using Traffic Mirroring in option C, but it might be overkill for this use case. Plus, it requires setting up an additional EC2 instance, which adds complexity.
upvoted 0 times
...
Makeda
15 days ago
I personally prefer option D and E. Using Athena to query and analyze the logs seems more efficient to me.
upvoted 0 times
...
Alita
16 days ago
Options A and B seem like the most straightforward way to investigate the NAT gateway usage. Enabling the logs and using CloudWatch Insights is a pretty simple solution.
upvoted 0 times
...
Svetlana
16 days ago
I agree with you, Evan. Enabling VPC flow logs and NAT gateway access logs will provide valuable insights.
upvoted 0 times
...
Evan
24 days ago
I think option A and B are the best choices to investigate the NAT gateway usage.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77