Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 88 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 88
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has several production applications across different accounts in the AWS Cloud. The company operates from the us-east-1 Region only. Only certain partner companies can access the applications. The applications are running on Amazon EC2 instances that are in an Auto Scaling group behind an Application Load Balancer (ALB). The EC2 instances are in private subnets and allow traffic only from the ALB. The ALB is in a public subnet and allows inbound traffic only from partner network IP address ranges over port 80.

When the company adds a new partner, the company must allow the IP address range of the partner network in the security group that is associated with the ALB in each account. A network engineer must implement a solution to centrally manage the partner network IP address ranges.

Which solution will meet these requirements in the MOST operationally efficient manner?

  • A. Create an Amazon DynamoDB table to maintain all IP address ranges and security groups that need to be updated. Update the DynamoDB table with the new IP address range when the company adds a new partner. Invoke an AWS Lambda function to read new IP address ranges and security groups from the DynamoDB table to update the security groups. Deploy this solution in all accounts.
  • B. Create a new prefix list. Add all allowed IP address ranges to the prefix list. Use Amazon EventBridge (Amazon CloudWatch Events) rules to invoke an AWS Lambda function to update security groups whenever a new IP address range is added to the prefix list. Deploy this solution in all accounts.
  • C. Create a new prefix list. Add all allowed IP address ranges to the prefix list. Share the prefix list across different accounts by using AWS Resource Access Manager (AWS RAM). Update security groups to use the prefix list instead of the partner IP address range. Update the prefix list with the new IP address range when the company adds a new partner.
  • D. Create an Amazon S3 bucket to maintain all IP address ranges and security groups that need to be updated. Update the S3 bucket with the new IP address range when the company adds a new partner. Invoke an AWS Lambda function to read new IP address ranges and security groups from the S3 bucket to update the security groups. Deploy this solution in all accounts.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by tom_cat at April 26, 2023, 1:37 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
tom_cat
Highly Voted 1 year, 7 months ago
Selected Answer: C
C - prefix list.
upvoted 7 times
...
woorkim
Most Recent 4 days, 22 hours ago
c is correct. lambda has operation burdern!
upvoted 1 times
...
Raphaello
7 months, 2 weeks ago
Selected Answer: C
C is the correct answer. Customer-managed prefix list.
upvoted 1 times
...
mrt261
9 months ago
Selected Answer: C
Option C leverages AWS RAM to centrally manage the allowed IP address ranges using a prefix list. This approach eliminates the need to manually update security groups in each account when adding a new partner. By updating the prefix list, the changes are automatically propagated to all accounts sharing the prefix list, streamlining the management process. Options A, B, and D involve using AWS Lambda functions to read and update IP address ranges and security groups, which introduces additional complexity compared to leveraging AWS RAM for centralized management. Therefore, Option C is the most operationally efficient solution.
upvoted 3 times
...
vikasj1in
9 months, 1 week ago
Selected Answer: C
- Create a new prefix list and add all allowed partner network IP address ranges to this prefix list.This prefix list acts as a centralized repository for managing the allowed IP address ranges. - Use AWS Resource Access Manager (AWS RAM) to share the prefix list across different AWS accounts. - Update the security groups associated with the ALB in each account to reference the shared prefix list instead of specifying individual partner IP address ranges. - When adding a new partner, simply update the shared prefix list with the new IP address range. All associated security groups automatically reflect this change. This solution ensures central management, reduces manual updates, and enhances scalability when adding new partners, making it operationally efficient for the given requirements.
upvoted 1 times
...
Marfee400704
9 months, 1 week ago
I think that it' correct answer is C according to SPOTO products.
upvoted 1 times
...
Arad
1 year ago
Selected Answer: C
C, no brainer!
upvoted 1 times
...
tcp22
1 year, 6 months ago
C https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel