ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 14 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 14
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has expanded its network to the AWS Cloud by using a hybrid architecture with multiple AWS accounts. The company has set up a shared AWS account for the connection to its on-premises data centers and the company offices. The workloads consist of private web-based services for internal use. These services run in different AWS accounts. Office-based employees consume these services by using a DNS name in an on-premises DNS zone that is named example.internal.
The process to register a new service that runs on AWS requires a manual and complicated change request to the internal DNS. The process involves many teams.
The company wants to update the DNS registration process by giving the service creators access that will allow them to register their DNS records. A network engineer must design a solution that will achieve this goal. The solution must maximize cost-effectiveness and must require the least possible number of configuration changes.
Which combination of steps should the network engineer take to meet these requirements? (Choose three.)

  • A. Create a record for each service in its local private hosted zone (serviceA.account1.aws.example.internal). Provide this DNS record to the employees who need access.
  • B. Create an Amazon Route 53 Resolver inbound endpoint in the shared account VPC. Create a conditional forwarder for a domain named aws.example.internal on the on-premises DNS servers. Set the forwarding IP addresses to the inbound endpoint's IP addresses that were created.
  • C. Create an Amazon Route 53 Resolver rule to forward any queries made to onprem.example.internal to the on-premises DNS servers.
  • D. Create an Amazon Route 53 private hosted zone named aws.example.internal in the shared AWS account to resolve queries for this domain.
  • E. Launch two Amazon EC2 instances in the shared AWS account. Install BIND on each instance. Create a DNS conditional forwarder on each BIND server to forward queries for each subdomain under aws.example.internal to the appropriate private hosted zone in each AWS account. Create a conditional forwarder for a domain named aws.example.internal on the on-premises DNS servers. Set the forwarding IP addresses to the IP addresses of the BIND servers.
  • F. Create a private hosted zone in the shared AWS account for each account that runs the service. Configure the private hosted zone to contain aws.example.internal in the domain (account1.aws.example.internal). Associate the private hosted zone with the VPC that runs the service and the shared account VPC.
Show Suggested Answer Hide Answer
Suggested Answer: BDF 🗳️
by zaazanuna at March 18, 2023, 9:20 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AdamWest
Highly Voted 1 year, 4 months ago
Selected Answer: BDF
B. Create an Amazon Route 53 Resolver inbound endpoint in the shared account VPC. Create a conditional forwarder for a domain named aws.example.internal on the on-premises DNS servers. Set the forwarding IP addresses to the inbound endpoint's IP addresses that were created. This will enable DNS resolution between on-premises networks and AWS. D. Create an Amazon Route 53 private hosted zone named aws.example.internal in the shared AWS account to resolve queries for this domain. This allows you to simplify DNS management for your AWS services and resources within your shared account. F. Create a private hosted zone in the shared AWS account for each account that runs the service. Configure the private hosted zone to contain aws.example.internal in the domain (account1.aws.example.internal). Associate the private hosted zone with the VPC that runs the service and the shared account VPC. This allows individual AWS accounts to maintain their DNS entries.
upvoted 11 times
...
devopsbro
Highly Voted 1 year, 6 months ago
BDF - Inbound resolver endpoint and forwarder rule in on-premises DNS Servers, Private Hosted Zones for aws.example.internal and sub domain delegation to respective services (service<x>.aws.example.internal), and association the sub domain private hosted zones with respective VPCs in other accounts.
upvoted 8 times
...
Raphaello
Most Recent 6 months, 2 weeks ago
Selected Answer: BDF
BDF are the correct answers. In order.. D. create a private hosted zone for aws-hosted domain. F. create sub-domains in each of the associated accounts. B. create resolver inbound endpoint in the shared account, and forwarding rules.
upvoted 3 times
...
michele_scar
7 months, 3 weeks ago
Selected Answer: BDF
B and D are correct for sure. The question is between A and F. Initial I was gone with A but the last phrase of D that specify the "VPC Association" let me change the answer to F. The A is more smart but it's missing the VPC Association that without that you can't make the inbound resolver resolve the traffic.
upvoted 2 times
michele_scar
7 months, 3 weeks ago
the last phrase of F **
upvoted 1 times
...
...
Marfee400704
8 months ago
I think that it's correct answer is ABD according to SPOTO products.
upvoted 1 times
...
marfee
8 months, 1 week ago
I think that it's correcty answer is B & D & F.
upvoted 1 times
...
Snape
9 months ago
Selected Answer: ABF
https://docs.aws.amazon.com/whitepapers/latest/hybrid-cloud-dns-options-for-vpc/scaling-dns-management-across-multiple-accounts-and-vpcs.html
upvoted 1 times
...
Anbukumar1984
10 months, 2 weeks ago
BCD is the correct answer
upvoted 2 times
...
cumzle_com
10 months, 3 weeks ago
ABD: Explanation To meet the requirements of updating the DNS registration process while maximizing costeffectiveness and minimizing configuration changes, the network engineer should take the following steps: Create an Amazon Route 53 Resolver inbound endpoint in the shared account VPC. Create a conditional forwarder for a domain named aws.example.internal on the on-premises DNS servers. Set the forwarding IP addresses to the inbound endpoint’s IP addresses that were created (Option B). Create an Amazon Route 53 private hosted zone named aws.example.internal in the shared AWS account to resolve queries for this domain (Option D). Create a record for each service in its local private hosted zone (serviceA.account1.aws.example.internal). Provide this DNS record to the employees who need access (Option A). These steps will allow service creators to register their DNS records while keeping costs low and minimizing configuration changes.
upvoted 1 times
...
Vinsmoke
1 year, 1 month ago
Selected Answer: BDF
Following architecture verifies: https://aws.amazon.com/blogs/architecture/using-route-53-private-hosted-zones-for-cross-account-multi-region-architectures/
upvoted 5 times
...
prajkash
1 year, 3 months ago
Selected Answer BCF
upvoted 2 times
...
alextl
1 year, 4 months ago
Selected Answer: ABC
A for giving the service creators access that will allow them to register their DNS records. B for Office-based employees consume these services. C for The company has set up a shared AWS account for the connection to its on-premises data centers and the company offices.
upvoted 2 times
...
trap
1 year, 5 months ago
b,d,f is the correct D: You create aws.example.internal private dns zone in the shared account. The goal is to move the dns record management to the service creators in the aws F: You create a separate aws.example.internal sub domain zone for each aws account. e.g account1.aws.example.internal, account2.aws.example.internal e.t.c. You can give separate permissions for each zone so the service creators can manage their own service dns records. B:You create a route 53 inbound resolver in the shared account and you create conditional forwarding rules for the aws.example.internal domain (it includes its subdomains) to the route 53 in the on premise dns servers so the office users will be able to resolve internally all the shared account's route 53 private zone's dns entries
upvoted 6 times
trap
1 year, 5 months ago
Not A: service creators must be able to register their own dns records, Not C: AWS services don't need to resolve the example.internal domain from the onprem DNS Not E:Amazon ec2 instances cost more and require more configuration changes The link below gives all the needed info: https://docs.aws.amazon.com/whitepapers/latest/hybrid-cloud-dns-options-for-vpc/scaling-dns-management-across-multiple-accounts-and-vpcs.html
upvoted 3 times
...
...
devopsbro
1 year, 5 months ago
BDF - This is the use case for inbound resolver endpoint and sub domain delegations. Inbound resolver can be used to forward the requests from on-premise to AWS and aws.example.internal hosted zone can delegate the requests to various sub domains (AccountX.aws.example.internal) by having respective entries.
upvoted 3 times
...
Chinmoy
1 year, 5 months ago
Selected Answer: ABF
B and E can’t be combine, onprem forwarder can’t send same query to bind server up as well as inbound. C and d is not required for the solution to work
upvoted 4 times
...
emmanuelodenyire
1 year, 5 months ago
Selected Answer: BCE
Option E is correct as it involves launching two Amazon EC2 instances in the shared AWS account, installing BIND on each instance, and creating a DNS conditional forwarder on each BIND server to forward queries for each subdomain under aws.example.internal to the appropriate private hosted zone in each AWS account. This ensures that the service creators have access to register their DNS records while minimizing the number of configuration changes required.
upvoted 1 times
...
emmanuelodenyire
1 year, 5 months ago
Selected Answer: BCE
Option B is correct as it involves creating an Amazon Route 53 Resolver inbound endpoint in the shared account VPC, which allows the on-premises DNS servers to forward DNS queries to the inbound endpoint's IP addresses. It also creates a conditional forwarder for the domain named aws.example.internal on the on-premises DNS servers, which allows the employees who need access to use the DNS names provided by the service creators. Option C is correct as it involves creating an Amazon Route 53 Resolver rule to forward any queries made to onprem.example.internal to the on-premises DNS servers. This ensures that any queries made to the on-premises DNS servers are properly resolved.
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago