exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 33 discussion

A company delivers applications over the internet. An Amazon Route 53 public hosted zone is the authoritative DNS service for the company and its internet applications, all of which are offered from the same domain name.
A network engineer is working on a new version of one of the applications. All the application's components are hosted in the AWS Cloud. The application has a three-tier design. The front end is delivered through Amazon EC2 instances that are deployed in public subnets with Elastic IP addresses assigned. The backend components are deployed in private subnets from RFC1918.
Components of the application need to be able to access other components of the application within the application's VPC by using the same host names as the host names that are used over the public internet. The network engineer also needs to accommodate future DNS changes, such as the introduction of new host names or the retirement of DNS entries.
Which combination of steps will meet these requirements? (Choose three.)

  • A. Add a geoproximity routing policy in Route 53.
  • B. Create a Route 53 private hosted zone for the same domain name Associate the application’s VPC with the new private hosted zone.
  • C. Enable DNS hostnames for the application's VPC.
  • D. Create entries in the private hosted zone for each name in the public hosted zone by using the corresponding private IP addresses.
  • E. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that runs when AWS CloudTrail logs a Route 53 API call to the public hosted zone. Create an AWS Lambda function as the target of the rule. Configure the function to use the event information to update the private hosted zone.
  • F. Add the private IP addresses in the existing Route 53 public hosted zone.
Show Suggested Answer Hide Answer
Suggested Answer: BCD 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
linuxek21
Highly Voted 1 year, 8 months ago
Selected Answer: BCD
Correct Answer: BCD B - you need a priavte hosted zone to resolve the same names to private IPs C - this one is tricky but you really need both of the DNS options enbaled in the VPC (enableDnsHostnames and enableDnsSupport) https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-hostnames "If you use custom DNS domain names defined in a private hosted zone in Amazon Route 53, or use private DNS with interface VPC endpoints (AWS PrivateLink), you must set both the enableDnsHostnames and enableDnsSupport attributes to true." D - This is correct A - wrong - no need to explain E - Nobody is asking to autmoate the process F - This will simply not work as you need records to resolve to both private nad poublic, yu must have two zones
upvoted 11 times
rhinozD
1 year, 7 months ago
What about this: "The network engineer also needs to accommodate future DNS changes, such as the introduction of new host names or the retirement of DNS entries."
upvoted 4 times
albertkr
1 year, 7 months ago
Agree. The question asks to automate the process.
upvoted 2 times
habros
1 year, 2 months ago
Accommodate != automate
upvoted 2 times
...
...
...
...
DPDK
Highly Voted 1 year, 5 months ago
Selected Answer: BCD
BC are sure. I think the tricky options are D & E. Description mentions future changes, D means change manually. E means change automatically. D mentions add private IP in private hosted zone. E mentions change private hosted zone based on change on public hosted zone. Here, how does E accommodate the value in private hosted zone? Request information of public hosted zone only has public IP, we should not use this in private hosted zone. E doesn't mentioned accommodation even it has automation. So I prefer D.
upvoted 5 times
...
Raphaello
Most Recent 8 months, 2 weeks ago
Selected Answer: BCD
DNS Split View.. BCD are the correct answers.
upvoted 1 times
...
vikasj1in
10 months, 1 week ago
Selected Answer: BCE
B. Creating a Route 53 private hosted zone for the same domain name and associating the application's VPC with the new private hosted zone allows internal DNS resolution within the VPC. C. Enabling DNS hostnames for the application's VPC is necessary for DNS resolution within the VPC. E. Creating an Amazon EventBridge rule triggered by AWS CloudTrail logs for Route 53 API calls and using an AWS Lambda function allows for automated updates to the private hosted zone when changes occur in the public hosted zone. This ensures that changes in the public DNS are reflected in the private DNS for internal resolution.
upvoted 2 times
...
Marfee400704
10 months, 1 week ago
I think that it's correct answer is BCD according to SPOTO products.
upvoted 1 times
...
marfee
10 months, 2 weeks ago
I think that it's correcty answer is B & C & E.
upvoted 1 times
...
Arad
1 year, 1 month ago
Selected Answer: BCD
just BCD make sense.
upvoted 1 times
...
Certified101
1 year, 4 months ago
Selected Answer: BCE
The network engineer also needs to accommodate future DNS changes, such as the introduction of new host names or the retirement of DNS entries. There needs to be an automated process to update new records - BCE is correct
upvoted 3 times
WMF0187
1 year, 3 months ago
While E might allow for some level of automation in updating DNS records, it's complex and involves CloudWatch Events and Lambda functions. Additionally, it doesn't address the core requirement of allowing components within the same VPC to access each other using the same hostnames.
upvoted 2 times
...
...
udo2020
1 year, 5 months ago
I think the correct answers are BCD. Regarding the discussion about E. There is no requirement to do that automatically. If this is the case (but it's not stated in the Q), then E is required for automation process.
upvoted 1 times
...
Tofu13
1 year, 5 months ago
Selected Answer: BCE
Same as Linxek21 beside E instead of D, as automation is needed. E should work: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/logging-using-cloudtrail.html#route-53-info-in-cloudtrail
upvoted 2 times
Spaurito
1 month, 2 weeks ago
This could work. Would take some testing to make sure your assigning to the Private Zone even though the event is based on the Public Zone.
upvoted 1 times
...
kalitwol
11 months ago
E will not work properly because it is copying public IP addresses from the public hosted zone and adding it to private hosted zone. Private hosted zone should use internal private IPs not public
upvoted 2 times
...
...
rhinozD
1 year, 7 months ago
B is correct C is correct D is correct E is also correct But the question has this part: "The network engineer also needs to accommodate future DNS changes, such as the introduction of new host names or the retirement of DNS entries." so I think I'll go with BCE
upvoted 4 times
kalitwol
11 months ago
E will not work properly because it is copying public IP addresses from the public hosted zone and adding it to private hosted zone. Private hosted zone should use internal private IPs not public
upvoted 2 times
...
...
that1guy
1 year, 8 months ago
Selected Answer: BDE
Not sure why others are going with option C. The question states that they are using custom dns records for external resolving and they want to use the same records for internal. > "Enable DNS hostnames for the application's VPC." This would not result in using the same records as external. > "Components of the application need to be able to access other components of the application within the application's VPC by using the same host names as the host names that are used over the public internet." Unless you are using the same hostnames of the EC2 instances for external resolving it doesn't make sense.
upvoted 1 times
rhinozD
1 year, 7 months ago
"If you use custom DNS domain names defined in a private hosted zone in Amazon Route 53, or use private DNS with interface VPC endpoints (AWS PrivateLink), you must set both the enableDnsHostnames and enableDnsSupport attributes to true." https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html
upvoted 2 times
...
WMF0187
1 year, 3 months ago
Enabling DNS hostnames for the VPC is a prerequisite for using private hosted zones in Route 53. It ensures that instances within the VPC can resolve DNS queries using Route 53.
upvoted 1 times
...
...
ohcan
1 year, 8 months ago
B, D, E
upvoted 3 times
ohcan
1 year, 8 months ago
I think C is not needed because is not asking to resolve he hosts names, but the application DNS records. Meanwhile, E is needed to automated the updates
upvoted 2 times
...
...
nsei
1 year, 8 months ago
BCE, Option E will meet the requirement for future DNS changes
upvoted 3 times
WMF0187
1 year, 3 months ago
While E approach might allow for some level of automation in updating DNS records, it's complex and involves CloudWatch Events and Lambda functions. Additionally, it doesn't address the core requirement of allowing components within the same VPC to access each other using the same hostnames.
upvoted 1 times
...
...
ITgeek
1 year, 8 months ago
Selected Answer: BCD
B C D are my correct answers
upvoted 2 times
...
helloworldabc
1 year, 9 months ago
BBBBCCCCDDDD
upvoted 2 times
...
zaazanuna
1 year, 9 months ago
B, C, D - correct. Option B is correct because it allows the application's components to access each other within the same VPC using the same hostnames as the public internet. Creating a private hosted zone for the same domain name and associating the VPC with it provides a mechanism for Route 53 to resolve the private DNS names to private IP addresses. Option C is correct because enabling DNS hostnames for the VPC allows instances in the VPC to have a DNS hostname that resolves to the private IP address of the instance. Option D is correct because it allows Route 53 to resolve the private DNS names to private IP addresses. The private hosted zone created in option B should be populated with the DNS entries that correspond to the names in the public hosted zone, using the private IP addresses of the corresponding resources.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago