exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 11 discussion

A company is using custom DNS servers that run BIND for name resolution in its VPCs. The VPCs are deployed across multiple AWS accounts that are part of the same organization in AWS Organizations. All the VPCs are connected to a transit gateway. The BIND servers are running in a central VPC and are configured to forward all queries for an on-premises DNS domain to DNS servers that are hosted in an on-premises data center. To ensure that all the VPCs use the custom DNS servers, a network engineer has configured a VPC DHCP options set in all the VPCs that specifies the custom DNS servers to be used as domain name servers.
Multiple development teams in the company want to use Amazon Elastic File System (Amazon EFS). A development team has created a new EFS file system but cannot mount the file system to one of its Amazon EC2 instances. The network engineer discovers that the EC2 instance cannot resolve the IP address for the EFS mount point fs-33444567d.efs.us-east-1.amazonaws.com. The network engineer needs to implement a solution so that development teams throughout the organization can mount EFS file systems.
Which combination of steps will meet these requirements? (Choose two.)

  • A. Configure the BIND DNS servers in the central VPC to forward queries for efs.us-east-1.amazonaws.com to the Amazon provided DNS server (169.254.169.253).
  • B. Create an Amazon Route 53 Resolver outbound endpoint in the central VPC. Update all the VPC DHCP options sets to use AmazonProvidedDNS for name resolution.
  • C. Create an Amazon Route 53 Resolver inbound endpoint in the central VPUpdate all the VPC DHCP options sets to use the Route 53 Resolver inbound endpoint in the central VPC for name resolution.
  • D. Create an Amazon Route 53 Resolver rule to forward queries for the on-premises domain to the on-premises DNS servers. Share the rule with the organization by using AWS Resource Access Manager (AWS RAM). Associate the rule with all the VPCs.
  • E. Create an Amazon Route 53 private hosted zone for the efs.us-east-1.amazonaws.com domain. Associate the private hosted zone with the VPC where the EC2 instance is deployed. Create an A record for fs-33444567d.efs.us-east-1.amazonaws.com in the private hosted zone. Configure the A record to return the mount target of the EFS mount point.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
study_aws1
Highly Voted 1 year, 8 months ago
Please refer the below extract taken from the link - https://aws.amazon.com/blogs/security/simplify-dns-management-in-a-multiaccount-environment-with-route-53-resolver/ "You can mount an Amazon EFS file system on an Amazon EC2 instance using DNS names. The file system DNS name automatically resolves to the mount target’s IP address in the Availability Zone of the connecting Amazon EC2 instance. To be able to do that, the VPC must use the default DNS provided by Amazon to resolve EFS DNS names. If you plan to use EFS in your environment, I recommend that you resolve EFS DNS names locally and avoid sending these queries to central DNS because clients in that case would not receive answers optimized for their availability zone, which might result in higher operation latencies and less durability." So, option B) answers EFS resolution from VPC. Combination of Option B) and D) explains resolution from on-prem
upvoted 14 times
...
Untamables
Highly Voted 1 year, 8 months ago
Selected Answer: BD
I vote B and D. What the company want to to is as following. https://docs.aws.amazon.com/whitepapers/latest/hybrid-cloud-dns-options-for-vpc/route-53-resolver-endpoints-and-forwarding-rules.html The combination of A and E also seems to work. But the maintenance overhead for the custom DNS server remains. That is not a good practice.
upvoted 12 times
...
Raphaello
Most Recent 8 months, 2 weeks ago
Selected Answer: BD
BD are the correct answer. Need to switch to "AWSProvidedDNS" in DHCP Options sets to enable resolving EFS endpoint URLs. In addition, a DNS outbound endpoint is required in the central VPC to allow forwarding queries to on-prem DNS as required, which needs to create forwarding rules and share them among AWS Org member accounts.
upvoted 2 times
...
Marfee400704
10 months, 1 week ago
I think that it's correct answer is BD according to SPOTO products.
upvoted 1 times
...
nuzz
12 months ago
Combo options is what makes it difficult to understand these type of questions - an option should support another option if you need to select two. then by the process of elimination of what two options can be combined - A D. B is wrong it says update DHCP option set, you cannot update DHCP option set - you would need to delete and recreate it.
upvoted 1 times
...
drake2020
12 months ago
all i can say is BC is wrong because you cannot update DHCP Option set once created..
upvoted 3 times
Nel07
1 month, 1 week ago
The question say update the VPC DHCP Option set and not update DHCP Option set. So the VPC can update his DHCP Option set to use the default one with AmazonProvidedDNS. B D
upvoted 1 times
...
ca82cda
12 months ago
yes you can i just saw that options on the console
upvoted 2 times
...
...
task_7
1 year ago
Selected Answer: BC
A & E-- wrong D -AWS Resource Access Manager (AWS RAM). This is also not required. While creating rule we can just select all the required VPC to share the rule. Left with B& C • B. Create an Amazon Route 53 Resolver outbound endpoint in the central VPC. Update all the VPC DHCP options sets to use AmazonProvidedDNS for name resolution. • C. Create an Amazon Route 53 Resolver inbound endpoint in the central VPUpdate all the VPC DHCP options sets to use the Route 53 Resolver inbound endpoint in the central VPC for name resolution.
upvoted 1 times
...
MarcosSantos
1 year, 1 month ago
Hello everyone, given all the discussion and alternatives, the only options are the letters A and D. Incorrect B and C, we were unable to update the DHCp Option Set, only create a new one. Letter E, it is not possible to create a hosted zone with amazonaws.com, it is restricted. So, leaving only the other options, my particular answer was D and E.
upvoted 2 times
...
MEDES
1 year, 2 months ago
I vote B and D. What the company want to to is as following. https://docs.aws.amazon.com/whitepapers/latest/hybrid-cloud-dns-options-for-vpc/route-53-resolver-endpoints-and-forwarding-rules.html The combination of A and E also seems to work. But the maintenance overhead for the custom DNS server remains. That is not a good practice.
upvoted 1 times
...
Tofu13
1 year, 3 months ago
Selected Answer: BD
Not easy to understand question. Question is: The network engineer needs to implement a solution so that development teams throughout the organization can mount EFS file systems. U neither need a Resolver outbound (B) nor inbound (C) endpoint to achieve this. But the second part of (B) "Update all the VPC DHCP options sets to use AmazonProvidedDNS for name resolution." makes it easy to resolve the IP address and therefore mount the EFS file systems. By sharing the rule in AWS RAM (D) u apply the changes to the whole organisation. The Resolver outbound endpoint is used to forward all queries for an on-premises DNS domain to DNS servers that are hosted in an on-premises data center, which, while stated as part of the current solution, is not part of the question, making it a bit confusing. Further, it is true that u cannot modify VPC DHCP options sets (see link), but i think "update" can rather be seen as a language issue then a reason to mark the answer as false. https://docs.aws.amazon.com/directoryservice/latest/admin-guide/dhcp_options_set.html
upvoted 1 times
Tofu13
1 year, 3 months ago
then -> than
upvoted 1 times
...
...
Jo1992
1 year, 4 months ago
Also, to whomever said option E is not a valid options because you cannot create amazonaws.com private domain, I just tested and was able to create EFS.us-east-1.amazonaws.com private hosted zone with no issue.
upvoted 2 times
dvaidya
1 year, 3 months ago
you can create but it wont work
upvoted 1 times
...
...
Jo1992
1 year, 4 months ago
To anyone who answered B or C, can you please explain why? You cannot update DHCP option set, just create a new option set. I think the answer is A and E. A on it's own should be sufficient so I'm not 100% sure if that's the correct answer.
upvoted 2 times
...
[Removed]
1 year, 5 months ago
Selected Answer: BE
Options B and E are the best combinations according to AWS's best practices for this scenario. A is not scalable because it requires manual configuration of the BIND DNS servers in the central VPC to forward queries for efs.us-east-1.amazonaws.com to the Amazon-provided DNS server (169.254.169.253) Option D also requires manual configuration https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html
upvoted 1 times
[Removed]
1 year, 5 months ago
Option A addressed the "multiple development teams" problem. thinking A & B might be correct given the sticky scenario. This a tough question.
upvoted 1 times
...
...
bjlovr
1 year, 6 months ago
but but but, you can not *update" a DHCP option set, you have to recreate and reattach. So B...hmmmm
upvoted 5 times
...
emmanuelodenyire
1 year, 7 months ago
Selected Answer: AE
A and E are the two answer options that will meet the requirements. A - Configure the BIND DNS servers in the central VPC to forward queries for efs.us-east-1.amazonaws.com to the Amazon provided DNS server (169.254.169.253). This option will allow the custom DNS servers to resolve the IP address for the EFS mount point. E - Create an Amazon Route 53 private hosted zone for the efs.us-east-1.amazonaws.com domain. Associate the private hosted zone with the VPC where the EC2 instance is deployed. Create an A record for fs-33444567d.efs.us-east-1.amazonaws.com in the private hosted zone. Configure the A record to return the mount target of the EFS mount point. This option will allow the EC2 instance to resolve the hostname for the EFS mount point using Amazon Route 53
upvoted 2 times
...
Kristin01
1 year, 7 months ago
why we need D?
upvoted 1 times
...
ITgeek
1 year, 7 months ago
Selected Answer: BD
see: https://www.youtube.com/watch?v=_35C0RvGqeg&list=PLUah_ACfaQzX_nrPc1uylGDiWxPaZY8tI
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago