Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 88 discussion

A company has several production applications across different accounts in the AWS Cloud. The company operates from the us-east-1 Region only. Only certain partner companies can access the applications. The applications are running on Amazon EC2 instances that are in an Auto Scaling group behind an Application Load Balancer (ALB). The EC2 instances are in private subnets and allow traffic only from the ALB. The ALB is in a public subnet and allows inbound traffic only from partner network IP address ranges over port 80.

When the company adds a new partner, the company must allow the IP address range of the partner network in the security group that is associated with the ALB in each account. A network engineer must implement a solution to centrally manage the partner network IP address ranges.

Which solution will meet these requirements in the MOST operationally efficient manner?

  • A. Create an Amazon DynamoDB table to maintain all IP address ranges and security groups that need to be updated. Update the DynamoDB table with the new IP address range when the company adds a new partner. Invoke an AWS Lambda function to read new IP address ranges and security groups from the DynamoDB table to update the security groups. Deploy this solution in all accounts.
  • B. Create a new prefix list. Add all allowed IP address ranges to the prefix list. Use Amazon EventBridge (Amazon CloudWatch Events) rules to invoke an AWS Lambda function to update security groups whenever a new IP address range is added to the prefix list. Deploy this solution in all accounts.
  • C. Create a new prefix list. Add all allowed IP address ranges to the prefix list. Share the prefix list across different accounts by using AWS Resource Access Manager (AWS RAM). Update security groups to use the prefix list instead of the partner IP address range. Update the prefix list with the new IP address range when the company adds a new partner.
  • D. Create an Amazon S3 bucket to maintain all IP address ranges and security groups that need to be updated. Update the S3 bucket with the new IP address range when the company adds a new partner. Invoke an AWS Lambda function to read new IP address ranges and security groups from the S3 bucket to update the security groups. Deploy this solution in all accounts.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
tom_cat
Highly Voted 1 year, 7 months ago
Selected Answer: C
C - prefix list.
upvoted 7 times
...
woorkim
Most Recent 4 days, 22 hours ago
c is correct. lambda has operation burdern!
upvoted 1 times
...
Raphaello
7 months, 2 weeks ago
Selected Answer: C
C is the correct answer. Customer-managed prefix list.
upvoted 1 times
...
mrt261
9 months ago
Selected Answer: C
Option C leverages AWS RAM to centrally manage the allowed IP address ranges using a prefix list. This approach eliminates the need to manually update security groups in each account when adding a new partner. By updating the prefix list, the changes are automatically propagated to all accounts sharing the prefix list, streamlining the management process. Options A, B, and D involve using AWS Lambda functions to read and update IP address ranges and security groups, which introduces additional complexity compared to leveraging AWS RAM for centralized management. Therefore, Option C is the most operationally efficient solution.
upvoted 3 times
...
vikasj1in
9 months, 1 week ago
Selected Answer: C
- Create a new prefix list and add all allowed partner network IP address ranges to this prefix list.This prefix list acts as a centralized repository for managing the allowed IP address ranges. - Use AWS Resource Access Manager (AWS RAM) to share the prefix list across different AWS accounts. - Update the security groups associated with the ALB in each account to reference the shared prefix list instead of specifying individual partner IP address ranges. - When adding a new partner, simply update the shared prefix list with the new IP address range. All associated security groups automatically reflect this change. This solution ensures central management, reduces manual updates, and enhances scalability when adding new partners, making it operationally efficient for the given requirements.
upvoted 1 times
...
Marfee400704
9 months, 1 week ago
I think that it' correct answer is C according to SPOTO products.
upvoted 1 times
...
Arad
1 year ago
Selected Answer: C
C, no brainer!
upvoted 1 times
...
tcp22
1 year, 6 months ago
C https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...