exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 52 discussion

A network engineer needs to standardize a company's approach to centralizing and managing interface VPC endpoints for private communication with AWS services. The company uses AWS Transit Gateway for inter-VPC connectivity between AWS accounts through a hub-and-spoke model. The company's network services team must manage all Amazon Route 53 zones and interface endpoints within a shared services AWS account. The company wants to use this centralized model to provide AWS resources with access to AWS Key Management Service (AWS KMS) without sending traffic over the public internet.
What should the network engineer do to meet these requirements?

  • A. In the shared services account, create an interface endpoint for AWS KMS. Modify the interface endpoint by disabling the private DNS name. Create a private hosted zone in the shared services account with an alias record that points to the interface endpoint. Associate the private hosted zone with the spoke VPCs in each AWS account.
  • B. In the shared services account, create an interface endpoint for AWS KMS. Modify the interface endpoint by disabling the private DNS name. Create a private hosted zone in each spoke AWS account with an alias record that points to the interface endpoint. Associate each private hosted zone with the shared services AWS account.
  • C. In each spoke AWS account, create an interface endpoint for AWS KMS. Modify each interface endpoint by disabling the private DNS name. Create a private hosted zone in each spoke AWS account with an alias record that points to each interface endpoint. Associate each private hosted zone with the shared services AWS account.
  • D. In each spoke AWS account, create an interface endpoint for AWS KMS. Modify each interface endpoint by disabling the private DNS name. Create a private hosted zone in the shared services account with an alias record that points to each interface endpoint. Associate the private hosted zone with the spoke VPCs in each AWS account.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
zaazanuna
Highly Voted 1 year, 9 months ago
A - correct. Option A is the correct answer because it creates a private hosted zone in the shared services account with an alias record that points to the interface endpoint, and associates the private hosted zone with the spoke VPCs in each AWS account. Disabling the private DNS name of the interface endpoint ensures that DNS resolution of the endpoint is restricted to the Amazon Route 53 private hosted zone. This option creates a centralized model for managing interface endpoints and Route 53 zones in a shared services AWS account, which simplifies administration and reduces complexity.
upvoted 14 times
...
AzureDP900
Most Recent 1 week, 2 days ago
Selected Answer: A
Option A creates a private hosted zone in the shared services account with an alias record that points to the interface endpoint. This allows DNS resolution of the endpoint to be restricted to the Amazon Route 53 private hosted zone. By disabling the private DNS name of the interface endpoint, DNS resolution is further restricted to only the private hosted zone, which prevents traffic from leaking out onto the public internet. Associating the private hosted zone with the spoke VPCs in each AWS account ensures that all network traffic destined for the interface endpoint is routed through the shared services account. This centralized model simplifies administration and reduces complexity by allowing a single point of management for all interface endpoints and Route 53 zones in the shared services account.
upvoted 1 times
...
woorkim
2 months, 2 weeks ago
A is answer!!!
upvoted 1 times
...
Raphaello
9 months, 1 week ago
Selected Answer: A
A is the correct answer. Instead of using the service-created private hosted zone that is associated with the endpoint creation, we you need to manually create it to have the flexibility of sharing it with other VPC's. That is done by disabling private dns name for the endpoint.
upvoted 2 times
...
marfee
11 months, 1 week ago
I think that it's correcty answer is A.
upvoted 2 times
...
Arad
1 year, 2 months ago
Selected Answer: A
A is the right answer.
upvoted 1 times
...
rhinozD
1 year, 8 months ago
Selected Answer: A
Yeah, A - no doubt.
upvoted 3 times
...
silviahdz
1 year, 8 months ago
Selected Answer: A
+ A is correct.
upvoted 2 times
...
ITgeek
1 year, 9 months ago
Selected Answer: A
A is correct because it centralizes in the shared service and VPC
upvoted 3 times
...
study_aws1
1 year, 9 months ago
A - correct
upvoted 4 times
...
helloworldabc
1 year, 9 months ago
AAAAAAAAAAAA
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago