Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 79 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 79
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has a hybrid cloud environment. The company’s data center is connected to the AWS Cloud by an AWS Direct Connect connection. The AWS environment includes VPCs that are connected together in a hub-and-spoke model by a transit gateway. The AWS environment has a transit VIF with a Direct Connect gateway for on-premises connectivity.

The company has a hybrid DNS model. The company has configured Amazon Route 53 Resolver endpoints in the hub VPC to allow bidirectional DNS traffic flow. The company is running a backend application in one of the VPCs.

The company uses a message-oriented architecture and employs Amazon Simple Queue Service (Amazon SQS) to receive messages from other applications over a private network. A network engineer wants to use an interface VPC endpoint for Amazon SQS for this architecture. Client services must be able to access the endpoint service from on premises and from multiple VPCs within the company's AWS infrastructure.

Which combination of steps should the network engineer take to ensure that the client applications can resolve DNS for the interface endpoint? (Choose three.)

  • A. Create the interface endpoint for Amazon SQS with the option for private DNS names turned on.
  • B. Create the interface endpoint for Amazon SQS with the option for private DNS names turned off.
  • C. Manually create a private hosted zone for sqs.us-east-1.amazonaws.com. Add necessary records that point to the interface endpoint. Associate the private hosted zones with other VPCs.
  • D. Use the automatically created private hosted zone for sqs.us-east-1.amazonaws.com with previously created necessary records that point to the interface endpoint. Associate the private hosted zones with other VPCs.
  • E. Access the SQS endpoint by using the public DNS name sqs.us-east-1 amazonaws.com in VPCs and on premises.
  • F. Access the SQS endpoint by using the private DNS name of the interface endpoint .sqs.us-east-1.vpce.amazonaws.com in VPCs and on premises.
Show Suggested Answer Hide Answer
Suggested Answer: BCE 🗳️
by ITgeek at April 24, 2023, 8:07 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Fati_2022
Highly Voted 1 year, 5 months ago
Selected Answer: BCF
Its internal and the access should be private ,which makes F correct
upvoted 17 times
6e5b127
3 months, 4 weeks ago
BCE public DNS name will be resolve to interface endpoint private IP finally Also, options B and F are indeed in conflict: If we turn off private DNS names (option B), the interface endpoint won't have a private DNS name to use, making option F impossible.
upvoted 1 times
jhon648274
2 months, 4 weeks ago
B turns off private dns meaning that the automatic private hosted zone that resolves the public name to the private ip won’t be created.
upvoted 1 times
...
...
trap
1 year, 4 months ago
That's correct aws.amazon.com/blogs/networking-and-content-delivery/centralize-access-using-vpc-interface-endpoints/
upvoted 2 times
[Removed]
1 year, 3 months ago
It should be BCE according to the article. Because we create the private hosted zone in "C" and the required Records wich point to the interface dns name, we then can resolve the interface endpoint via the public endpoint url.
upvoted 4 times
...
...
...
study_aws1
Highly Voted 1 year, 6 months ago
To access interface endpoints through other VPCs, we need to - 1. Disable private DNS for VPC endpoints 2. Create PHZ e.g. sqs.us-east-1.amazonaws.com 3. Create Alias record pointing to VPC endpoint DNS 4. Associate PHZ with all the spoke VPCs Hence, answer is B), C) & E)
upvoted 14 times
MarcosSantos
10 months, 2 weeks ago
Hello, does the letter E speak about public DNS? But in this case wouldn't it be correct to use private DNS? So the letter F instead of E?
upvoted 1 times
...
...
woorkim
Most Recent 3 days, 15 hours ago
B,C,E!
upvoted 1 times
...
qomtodie
2 months, 1 week ago
Selected Answer: BCE
We created the PRIVATE hosted zone.
upvoted 1 times
qomtodie
2 months, 1 week ago
Sorry, I chose wrong. BCF is right.
upvoted 1 times
...
...
qomtodie
2 months, 2 weeks ago
BCF It's so obvious. Why you choose E?
upvoted 1 times
...
Raphaello
7 months ago
Selected Answer: BCF
BCF are the correct answers. If you chose B & C, you cannot select E as the 3rd option. They do not work along. It's a private access, and therefore use the private DNS name of the interface endpoint.
upvoted 3 times
...
kyuhuck
8 months ago
Selected Answer: ACF
A.->This allows the interface endpoint to use the Amazon SQS private DNS name within the VPCs. It automatically creates a private hosted zone and necessary DNS records that resolve the Amazon SQS service endpoint to the interface endpoint's IP addresses c -->This step is necessary if you need to extend the DNS resolution to VPCs that do not have the interface endpoint created directly,f->This ensures that all traffic to Amazon SQS from client applications, both in AWS VPCs and on-premises, is routed through the interface endpoint using its private DNS name, ensuring private connectivity and not traversing the public internet.
upvoted 1 times
...
yaaraaab1233
8 months, 1 week ago
public endpoint url
upvoted 1 times
...
kaush4u
9 months ago
Option E : This is very tricky you need an inbound endoint setup to resolve sqs.us-east-1 amazonaws.com in from on premises .From VPC sqs.us-east-1 amazonaws.com will resolve to Interface Endpoint
upvoted 2 times
...
Suresh108
10 months ago
BCEEEEEE (why it cant have F) https://medium.com/@satyajit.samantaray/centralize-access-using-vpc-interface-endpoints-to-access-aws-services-across-multiple-vpcs-using-a586c846b48 E. Access the SQS endpoint by using the public DNS name sqs.us-east-1 amazonaws.com in VPCs and on premises. correct, this is how other VPCs can resolve the endpoint F. Access the SQS endpoint by using the private DNS name of the interface endpoint .sqs.us-east-1.vpce.amazonaws.com in VPCs and on premises. it can't be resolved outside the hub vpc, hosted zone is not having vpce.amazonaws.com it has sqs.us-east-1 .amazonaws.com
upvoted 1 times
...
Vogd
10 months ago
Selected Answer: ACF
A. In order to get dns name resolvable by other VPC resolver's you need to have DNS names turned on C. There is no private zone created in the account once you create endpoint. Go and check it out. When you create interface endpoint you need to create private hosted zone manually and you would need to set up separate ALIAS record per separate AZ. F. If you want to access applications over private network as stated in the task-need to use private hosted zone.
upvoted 1 times
...
Arad
1 year ago
Selected Answer: BCE
I think BCE is correct.
upvoted 2 times
...
FayeG
1 year ago
Selected Answer: ACF
As stated in https://aws.amazon.com/blogs/networking-and-content-delivery/centralize-access-using-vpc-interface-endpoints/ To quote: snip--- We can enable the Private DNS for an interface endpoint and with that we can resolve the AWS service endpoint DNS from within the same VPC (for example, sqs.us-east-1.amazonaws.com) [This is A]. However, the AWS service endpoint does not resolve from the peered VPCs. For this, we can create a Private Hosted Zone (for example, sqs.us-east-1.amazonaws.com) [this is C] and associate it with the peered VPCs [this is F]. snip--- Hence ACF is the correct answer.
upvoted 3 times
...
siiiww
1 year, 1 month ago
Selected Answer: ACF
go with ACF
upvoted 1 times
...
evargasbrz
1 year, 2 months ago
Selected Answer: BCE
1. Disable private DNS for VPC endpoints 2. Create PHZ e.g. sqs.us-east-1.amazonaws.com 3. Create Alias record pointing to VPC endpoint DNS 4. Associate PHZ with all the spoke VPCs
upvoted 2 times
...
MohamedSherif1
1 year, 2 months ago
Selected Answer: BCF
Create private hosted zones. If you want to access the interface endpoint sqs.us-east-1.amazonaws.com in the shared services VPC from spoke VPCs and on-premises servers
upvoted 3 times
...
johnconnor
1 year, 3 months ago
guys, it is BCF "How do we resolve the DNS for AWS service endpoint from the spoke VPCs? We can enable the Private DNS for an interface endpoint and with that we can resolve the AWS service endpoint DNS from within the same VPC (for example, sqs.us-east-1.amazonaws.com). However, the AWS service endpoint does not resolve from the peered VPCs. For this, we can create a Private Hosted Zone (for example, sqs.us-east-1.amazonaws.com) and associate it with the peered VPCs."
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel