Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam ANS-C01 Topic 5 Question 10 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 10
Topic #: 5
[All ANS-C01 Questions]

A company has deployed Amazon EC2 instances in private subnets in a VPC. The EC2 instances must initiate any requests that leave the VPC, including requests to the company's on-premises data center over an AWS Direct Connect connection. No resources outside the VPC can be allowed to open communications directly to the EC2 instances.

The on-premises data center's customer gateway is configured with a stateful firewall device that filters for incoming and outgoing requests to and from multiple VPCs. In addition, the company wants to use a single IP match rule to allow all the communications from the EC2 instances to its data center from a single IP address.

Which solution will meet these requirements with the LEAST amount of operational overhead?

Show Suggested Answer Hide Answer
Suggested Answer: B

Creating a new Route 53 Resolver outbound endpoint in the shared services VPC would enable forwarding of DNS queries from the VPC to on-premises1.Creating forwarding rules for the on-premises hosted domains would enable specifying which domain names are forwarded to the on-premises DNS servers2.Associating the rules with the new Resolver endpoint and each application VPC would enable applying the rules to the VPCs2.This solution would not affect the default DNS resolution behavior of Route 53 Resolver for local VPC domain names and domains that are hosted in Route 53 private hosted zones3.


by Garry at Jul 07, 2023, 10:36 AM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Joanne
4 days ago
As long as the NAT gateway doesn't become a bottleneck, Option C seems like the way to go. It's nice to have a single IP rule to manage on the on-premises firewall.
upvoted 0 times
...
Dahlia
10 days ago
I'm not sure, but option D could also work. Configuring the on-premises firewall to allow connections from the NAT instance might be simpler.
upvoted 0 times
...
Mica
10 days ago
I'm a bit wary of using a NAT instance instead of a gateway. Instances can be more prone to failure, and the maintenance overhead might be higher. Option C seems cleaner.
upvoted 0 times
...
Pamela
12 days ago
I agree with Dante. Using a NAT gateway in the VPC seems like the most efficient way to meet the requirements.
upvoted 0 times
...
Dante
14 days ago
I think option C is the best solution.
upvoted 0 times
...
Ryan
15 days ago
I'm not sure, but option D also seems like a viable solution. A NAT instance could work well too.
upvoted 0 times
...
Rolande
16 days ago
I agree with Dominga. Using a NAT gateway in a private subnet seems like the most efficient way to meet the requirements.
upvoted 0 times
...
Dominga
19 days ago
I think option C is the best solution.
upvoted 0 times
...
Jerry
20 days ago
Option C looks like the most straightforward solution. Using a private NAT gateway and configuring the on-premises firewall to allow connections from its IP address should do the trick.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77