Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 11 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 11
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company is using custom DNS servers that run BIND for name resolution in its VPCs. The VPCs are deployed across multiple AWS accounts that are part of the same organization in AWS Organizations. All the VPCs are connected to a transit gateway. The BIND servers are running in a central VPC and are configured to forward all queries for an on-premises DNS domain to DNS servers that are hosted in an on-premises data center. To ensure that all the VPCs use the custom DNS servers, a network engineer has configured a VPC DHCP options set in all the VPCs that specifies the custom DNS servers to be used as domain name servers.
Multiple development teams in the company want to use Amazon Elastic File System (Amazon EFS). A development team has created a new EFS file system but cannot mount the file system to one of its Amazon EC2 instances. The network engineer discovers that the EC2 instance cannot resolve the IP address for the EFS mount point fs-33444567d.efs.us-east-1.amazonaws.com. The network engineer needs to implement a solution so that development teams throughout the organization can mount EFS file systems.
Which combination of steps will meet these requirements? (Choose two.)

  • A. Configure the BIND DNS servers in the central VPC to forward queries for efs.us-east-1.amazonaws.com to the Amazon provided DNS server (169.254.169.253).
  • B. Create an Amazon Route 53 Resolver outbound endpoint in the central VPC. Update all the VPC DHCP options sets to use AmazonProvidedDNS for name resolution.
  • C. Create an Amazon Route 53 Resolver inbound endpoint in the central VPUpdate all the VPC DHCP options sets to use the Route 53 Resolver inbound endpoint in the central VPC for name resolution.
  • D. Create an Amazon Route 53 Resolver rule to forward queries for the on-premises domain to the on-premises DNS servers. Share the rule with the organization by using AWS Resource Access Manager (AWS RAM). Associate the rule with all the VPCs.
  • E. Create an Amazon Route 53 private hosted zone for the efs.us-east-1.amazonaws.com domain. Associate the private hosted zone with the VPC where the EC2 instance is deployed. Create an A record for fs-33444567d.efs.us-east-1.amazonaws.com in the private hosted zone. Configure the A record to return the mount target of the EFS mount point.
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by zaazanuna at March 18, 2023, 6:17 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
study_aws1
Highly Voted 1 year, 5 months ago
Please refer the below extract taken from the link - https://aws.amazon.com/blogs/security/simplify-dns-management-in-a-multiaccount-environment-with-route-53-resolver/ "You can mount an Amazon EFS file system on an Amazon EC2 instance using DNS names. The file system DNS name automatically resolves to the mount target’s IP address in the Availability Zone of the connecting Amazon EC2 instance. To be able to do that, the VPC must use the default DNS provided by Amazon to resolve EFS DNS names. If you plan to use EFS in your environment, I recommend that you resolve EFS DNS names locally and avoid sending these queries to central DNS because clients in that case would not receive answers optimized for their availability zone, which might result in higher operation latencies and less durability." So, option B) answers EFS resolution from VPC. Combination of Option B) and D) explains resolution from on-prem
upvoted 14 times
...
Untamables
Highly Voted 1 year, 5 months ago
Selected Answer: BD
I vote B and D. What the company want to to is as following. https://docs.aws.amazon.com/whitepapers/latest/hybrid-cloud-dns-options-for-vpc/route-53-resolver-endpoints-and-forwarding-rules.html The combination of A and E also seems to work. But the maintenance overhead for the custom DNS server remains. That is not a good practice.
upvoted 12 times
...
Raphaello
Most Recent 5 months, 2 weeks ago
Selected Answer: BD
BD are the correct answer. Need to switch to "AWSProvidedDNS" in DHCP Options sets to enable resolving EFS endpoint URLs. In addition, a DNS outbound endpoint is required in the central VPC to allow forwarding queries to on-prem DNS as required, which needs to create forwarding rules and share them among AWS Org member accounts.
upvoted 2 times
...
Marfee400704
7 months, 1 week ago
I think that it's correct answer is BD according to SPOTO products.
upvoted 1 times
...
nuzz
9 months ago
Combo options is what makes it difficult to understand these type of questions - an option should support another option if you need to select two. then by the process of elimination of what two options can be combined - A D. B is wrong it says update DHCP option set, you cannot update DHCP option set - you would need to delete and recreate it.
upvoted 1 times
...
drake2020
9 months ago
all i can say is BC is wrong because you cannot update DHCP Option set once created..
upvoted 3 times
ca82cda
9 months ago
yes you can i just saw that options on the console
upvoted 2 times
...
...
task_7
9 months, 1 week ago
Selected Answer: BC
A & E-- wrong D -AWS Resource Access Manager (AWS RAM). This is also not required. While creating rule we can just select all the required VPC to share the rule. Left with B& C • B. Create an Amazon Route 53 Resolver outbound endpoint in the central VPC. Update all the VPC DHCP options sets to use AmazonProvidedDNS for name resolution. • C. Create an Amazon Route 53 Resolver inbound endpoint in the central VPUpdate all the VPC DHCP options sets to use the Route 53 Resolver inbound endpoint in the central VPC for name resolution.
upvoted 1 times
...
MarcosSantos
10 months, 2 weeks ago
Hello everyone, given all the discussion and alternatives, the only options are the letters A and D. Incorrect B and C, we were unable to update the DHCp Option Set, only create a new one. Letter E, it is not possible to create a hosted zone with amazonaws.com, it is restricted. So, leaving only the other options, my particular answer was D and E.
upvoted 2 times
...
MEDES
12 months ago
I vote B and D. What the company want to to is as following. https://docs.aws.amazon.com/whitepapers/latest/hybrid-cloud-dns-options-for-vpc/route-53-resolver-endpoints-and-forwarding-rules.html The combination of A and E also seems to work. But the maintenance overhead for the custom DNS server remains. That is not a good practice.
upvoted 1 times
...
Tofu13
1 year ago
Selected Answer: BD
Not easy to understand question. Question is: The network engineer needs to implement a solution so that development teams throughout the organization can mount EFS file systems. U neither need a Resolver outbound (B) nor inbound (C) endpoint to achieve this. But the second part of (B) "Update all the VPC DHCP options sets to use AmazonProvidedDNS for name resolution." makes it easy to resolve the IP address and therefore mount the EFS file systems. By sharing the rule in AWS RAM (D) u apply the changes to the whole organisation. The Resolver outbound endpoint is used to forward all queries for an on-premises DNS domain to DNS servers that are hosted in an on-premises data center, which, while stated as part of the current solution, is not part of the question, making it a bit confusing. Further, it is true that u cannot modify VPC DHCP options sets (see link), but i think "update" can rather be seen as a language issue then a reason to mark the answer as false. https://docs.aws.amazon.com/directoryservice/latest/admin-guide/dhcp_options_set.html
upvoted 1 times
Tofu13
1 year ago
then -> than
upvoted 1 times
...
...
Jo1992
1 year, 1 month ago
Also, to whomever said option E is not a valid options because you cannot create amazonaws.com private domain, I just tested and was able to create EFS.us-east-1.amazonaws.com private hosted zone with no issue.
upvoted 2 times
dvaidya
1 year ago
you can create but it wont work
upvoted 1 times
...
...
Jo1992
1 year, 1 month ago
To anyone who answered B or C, can you please explain why? You cannot update DHCP option set, just create a new option set. I think the answer is A and E. A on it's own should be sufficient so I'm not 100% sure if that's the correct answer.
upvoted 2 times
...
[Removed]
1 year, 2 months ago
Selected Answer: BE
Options B and E are the best combinations according to AWS's best practices for this scenario. A is not scalable because it requires manual configuration of the BIND DNS servers in the central VPC to forward queries for efs.us-east-1.amazonaws.com to the Amazon-provided DNS server (169.254.169.253) Option D also requires manual configuration https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html
upvoted 1 times
[Removed]
1 year, 2 months ago
Option A addressed the "multiple development teams" problem. thinking A & B might be correct given the sticky scenario. This a tough question.
upvoted 1 times
...
...
bjlovr
1 year, 3 months ago
but but but, you can not *update" a DHCP option set, you have to recreate and reattach. So B...hmmmm
upvoted 5 times
...
emmanuelodenyire
1 year, 4 months ago
Selected Answer: AE
A and E are the two answer options that will meet the requirements. A - Configure the BIND DNS servers in the central VPC to forward queries for efs.us-east-1.amazonaws.com to the Amazon provided DNS server (169.254.169.253). This option will allow the custom DNS servers to resolve the IP address for the EFS mount point. E - Create an Amazon Route 53 private hosted zone for the efs.us-east-1.amazonaws.com domain. Associate the private hosted zone with the VPC where the EC2 instance is deployed. Create an A record for fs-33444567d.efs.us-east-1.amazonaws.com in the private hosted zone. Configure the A record to return the mount target of the EFS mount point. This option will allow the EC2 instance to resolve the hostname for the EFS mount point using Amazon Route 53
upvoted 2 times
...
Kristin01
1 year, 4 months ago
why we need D?
upvoted 1 times
...
ITgeek
1 year, 4 months ago
Selected Answer: BD
see: https://www.youtube.com/watch?v=_35C0RvGqeg&list=PLUah_ACfaQzX_nrPc1uylGDiWxPaZY8tI
upvoted 4 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel