ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 79 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 79
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has a hybrid cloud environment. The company’s data center is connected to the AWS Cloud by an AWS Direct Connect connection. The AWS environment includes VPCs that are connected together in a hub-and-spoke model by a transit gateway. The AWS environment has a transit VIF with a Direct Connect gateway for on-premises connectivity.

The company has a hybrid DNS model. The company has configured Amazon Route 53 Resolver endpoints in the hub VPC to allow bidirectional DNS traffic flow. The company is running a backend application in one of the VPCs.

The company uses a message-oriented architecture and employs Amazon Simple Queue Service (Amazon SQS) to receive messages from other applications over a private network. A network engineer wants to use an interface VPC endpoint for Amazon SQS for this architecture. Client services must be able to access the endpoint service from on premises and from multiple VPCs within the company's AWS infrastructure.

Which combination of steps should the network engineer take to ensure that the client applications can resolve DNS for the interface endpoint? (Choose three.)

  • A. Create the interface endpoint for Amazon SQS with the option for private DNS names turned on.
  • B. Create the interface endpoint for Amazon SQS with the option for private DNS names turned off.
  • C. Manually create a private hosted zone for sqs.us-east-1.amazonaws.com. Add necessary records that point to the interface endpoint. Associate the private hosted zones with other VPCs.
  • D. Use the automatically created private hosted zone for sqs.us-east-1.amazonaws.com with previously created necessary records that point to the interface endpoint. Associate the private hosted zones with other VPCs.
  • E. Access the SQS endpoint by using the public DNS name sqs.us-east-1 amazonaws.com in VPCs and on premises.
  • F. Access the SQS endpoint by using the private DNS name of the interface endpoint .sqs.us-east-1.vpce.amazonaws.com in VPCs and on premises.
Show Suggested Answer Hide Answer
Suggested Answer: BCF 🗳️
by ITgeek at April 24, 2023, 8:07 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Fati_2022
Highly Voted 1 year, 10 months ago
Selected Answer: BCF
Its internal and the access should be private ,which makes F correct
upvoted 18 times
6e5b127
9 months, 1 week ago
BCE public DNS name will be resolve to interface endpoint private IP finally Also, options B and F are indeed in conflict: If we turn off private DNS names (option B), the interface endpoint won't have a private DNS name to use, making option F impossible.
upvoted 1 times
jhon648274
8 months, 1 week ago
B turns off private dns meaning that the automatic private hosted zone that resolves the public name to the private ip won’t be created.
upvoted 1 times
...
...
trap
1 year, 10 months ago
That's correct aws.amazon.com/blogs/networking-and-content-delivery/centralize-access-using-vpc-interface-endpoints/
upvoted 2 times
[Removed]
1 year, 8 months ago
It should be BCE according to the article. Because we create the private hosted zone in "C" and the required Records wich point to the interface dns name, we then can resolve the interface endpoint via the public endpoint url.
upvoted 5 times
...
...
...
study_aws1
Highly Voted 1 year, 11 months ago
To access interface endpoints through other VPCs, we need to - 1. Disable private DNS for VPC endpoints 2. Create PHZ e.g. sqs.us-east-1.amazonaws.com 3. Create Alias record pointing to VPC endpoint DNS 4. Associate PHZ with all the spoke VPCs Hence, answer is B), C) & E)
upvoted 14 times
MarcosSantos
1 year, 3 months ago
Hello, does the letter E speak about public DNS? But in this case wouldn't it be correct to use private DNS? So the letter F instead of E?
upvoted 1 times
...
...
AWSLoverLoverLoverLoverLover
Most Recent 2 weeks ago
Selected Answer: BCF
B, C & F Public DNS Name (sqs.us-east-1.amazonaws.com) This is the standard public AWS SQS endpoint. It routes traffic over the public internet. It can be accessed from anywhere, including VPCs and on-premises networks, but requires internet access or AWS PrivateLink. Private DNS Name (.sqs.us-east-1.vpce.amazonaws.com) This is the private endpoint for SQS, which is available when you create an AWS PrivateLink interface endpoint for SQS. It allows access to SQS entirely within the AWS network (without going over the public internet). Only accessible from within the VPC or from on-premises via a VPN or Direct Connect to AWS.
upvoted 1 times
...
Hubabi
1 month, 3 weeks ago
Selected Answer: BCE
BCE With C) you create the private hosted zone for sqs.us-east-1.amazonaws.com that is basically the PUBLIC DNS name of SQS service, and associate the VPCs with this private zone. Then, you MUST use that public name, because that's the one that you have created in your private zone! You didn't create a zone for sqs.us-east-1.vpce.amazonaws.com! Thus it's E and not F.
upvoted 1 times
...
dspd
2 months ago
Selected Answer: BCF
E: Using the public DNS name would not leverage the private interface endpoint and could potentially route traffic over the public internet, which is not desired in this private network setup.
upvoted 1 times
...
rodrigoMD
2 months, 2 weeks ago
Selected Answer: BCE
BCE https://aws.amazon.com/blogs/networking-and-content-delivery/centralize-access-using-vpc-interface-endpoints/ If you want to resolve the AWS service endpoint natively from within spoke VPCs, then you must perform these additional steps: Disable the Private DNS for an interface VPC endpoint in the hub VPC (if it’s enabled). Create a Private Hosted Zone with same name as AWS service endpoint (for example, sqs.us-east-1.amazonaws.com) and create an A record (alias) to point to an interface VPC endpoint DNS.
upvoted 1 times
...
secdaddy
2 months, 3 weeks ago
Selected Answer: ADF
There's direct connect so no need for public DNS. There are resolver endpoints for onprem bidir DNS. D associates the auto created zone with the other vpcs. F is thus possible.
upvoted 1 times
...
AzureDP900
3 months, 2 weeks ago
Selected Answer: BCF
These options complement each other and provide a complete solution for resolving DNS for the interface endpoint: Option B disables private DNS names, which would prevent client applications from accessing the SQS endpoint. This option is not recommended. Option C manually creates a private hosted zone and associates it with other VPCs or uses the automatically created one provided by Amazon SQS. This ensures that client applications can resolve DNS for the interface endpoint. Option F provides the correct format for using the private DNS name of the interface endpoint (in this case, .sqs.us-east-1.vpce.amazonaws.com).
upvoted 1 times
...
woorkim
5 months, 2 weeks ago
B,C,E!
upvoted 1 times
...
qomtodie
7 months, 2 weeks ago
Selected Answer: BCE
We created the PRIVATE hosted zone.
upvoted 1 times
qomtodie
7 months, 2 weeks ago
Sorry, I chose wrong. BCF is right.
upvoted 1 times
...
...
qomtodie
8 months ago
BCF It's so obvious. Why you choose E?
upvoted 1 times
...
Raphaello
1 year ago
Selected Answer: BCF
BCF are the correct answers. If you chose B & C, you cannot select E as the 3rd option. They do not work along. It's a private access, and therefore use the private DNS name of the interface endpoint.
upvoted 4 times
...
kyuhuck
1 year, 1 month ago
Selected Answer: ACF
A.->This allows the interface endpoint to use the Amazon SQS private DNS name within the VPCs. It automatically creates a private hosted zone and necessary DNS records that resolve the Amazon SQS service endpoint to the interface endpoint's IP addresses c -->This step is necessary if you need to extend the DNS resolution to VPCs that do not have the interface endpoint created directly,f->This ensures that all traffic to Amazon SQS from client applications, both in AWS VPCs and on-premises, is routed through the interface endpoint using its private DNS name, ensuring private connectivity and not traversing the public internet.
upvoted 1 times
...
yaaraaab1233
1 year, 1 month ago
public endpoint url
upvoted 1 times
...
kaush4u
1 year, 2 months ago
Option E : This is very tricky you need an inbound endoint setup to resolve sqs.us-east-1 amazonaws.com in from on premises .From VPC sqs.us-east-1 amazonaws.com will resolve to Interface Endpoint
upvoted 2 times
...
Suresh108
1 year, 3 months ago
BCEEEEEE (why it cant have F) https://medium.com/@satyajit.samantaray/centralize-access-using-vpc-interface-endpoints-to-access-aws-services-across-multiple-vpcs-using-a586c846b48 E. Access the SQS endpoint by using the public DNS name sqs.us-east-1 amazonaws.com in VPCs and on premises. correct, this is how other VPCs can resolve the endpoint F. Access the SQS endpoint by using the private DNS name of the interface endpoint .sqs.us-east-1.vpce.amazonaws.com in VPCs and on premises. it can't be resolved outside the hub vpc, hosted zone is not having vpce.amazonaws.com it has sqs.us-east-1 .amazonaws.com
upvoted 1 times
...
Vogd
1 year, 3 months ago
Selected Answer: ACF
A. In order to get dns name resolvable by other VPC resolver's you need to have DNS names turned on C. There is no private zone created in the account once you create endpoint. Go and check it out. When you create interface endpoint you need to create private hosted zone manually and you would need to set up separate ALIAS record per separate AZ. F. If you want to access applications over private network as stated in the task-need to use private hosted zone.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago