Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 71 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 71
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company is using Amazon Route 53 Resolver DNS Firewall in a VPC to block all domains except domains that are on an approved list. The company is concerned that if DNS Firewall is unresponsive, resources in the VPC might be affected if the network cannot resolve any DNS queries. To maintain application service level agreements, the company needs DNS queries to continue to resolve even if Route 53 Resolver does not receive a response from DNS Firewall.
Which change should a network engineer implement to meet these requirements?

  • A. Update the DNS Firewall VPC configuration to disable fail open for the VPC.
  • B. Update the DNS Firewall VPC configuration to enable fail open for the VPC.
  • C. Create a new DHCP options set with parameter dns_firewall_fail_open=false. Associate the new DHCP options set with the VPC.
  • D. Create a new DHCP options set with parameter dns_firewall_fail_open=true. Associate the new DHCP options set with the VPC.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by zaazanuna at March 19, 2023, 5:35 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
gpt_test
Highly Voted 1 year, 7 months ago
Selected Answer: B
Explanation: Enabling the "fail open" feature in the Route 53 Resolver DNS Firewall VPC configuration ensures that if DNS Firewall becomes unresponsive, DNS queries will still be resolved. This helps maintain application service level agreements by allowing resources in the VPC to continue operating even if Route 53 Resolver does not receive a response from DNS Firewall.
upvoted 5 times
...
woorkim
Most Recent 1 week, 4 days ago
B is correct! Fail-close vs Fail-Open (DNS Firewall Configuration): • Fail-close: Resolver blocks query if no response from DNS Firewall (security over availability) • Fail-open: Resolver allows query if no response from DNS firewall (availability over security)
upvoted 1 times
...
Raphaello
7 months ago
Selected Answer: B
B is the correct answer. The definition of fail open, fellow engineers!
upvoted 1 times
...
PhilMultiCloud
1 year, 2 months ago
Selected Answer: B
To meet the requirement of maintaining DNS query resolution even if Route 53 Resolver DNS Firewall is unresponsive, the network engineer should implement option B: B. Update the DNS Firewall VPC configuration to enable fail open for the VPC. When you enable "fail open" mode for a VPC's DNS Firewall configuration, it means that if the DNS Firewall service becomes unresponsive or unavailable, the DNS queries will be allowed to pass through without being blocked. This ensures that the application's service level agreements are maintained even if the DNS Firewall service experiences issues. By enabling fail open, you ensure that DNS queries can still be resolved even if DNS Firewall is not functioning correctly. This can prevent disruption to your applications and services due to DNS resolution failures.
upvoted 2 times
...
evargasbrz
1 year, 2 months ago
Selected Answer: B
B is correct.
upvoted 1 times
...
JoseCC
1 year, 2 months ago
B) https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-vpc-configuration.html
upvoted 3 times
...
ITgeek
1 year, 7 months ago
Selected Answer: B
B, as in BUENO Good luck everyone! Has anyone made it this far taken the test with these questions??
upvoted 3 times
...
awsguru1998
1 year, 7 months ago
B is correct D is wrong as enabling fail open for the VPC would mean that DNS queries would bypass DNS Firewall and proceed to the default DNS resolver. This might be a security risk as it would allow unapproved domains to be resolved, potentially exposing the company's resources to security threats.
upvoted 1 times
...
study_aws1
1 year, 7 months ago
B - coorect
upvoted 2 times
...
helloworldabc
1 year, 7 months ago
BBBBBBBBBBB
upvoted 1 times
...
zaazanuna
1 year, 7 months ago
B - correct.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel