Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Amazon Discussions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 107 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 107
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company is establishing connectivity between its on-premises site and an existing VPC on AWS to meet a new security requirement. According to the new requirement, all public DNS queries must use an on-premises DNS security solution. The company's security team has allowed an exception for the AWS service endpoints because the company is using VPC endpoints to access AWS services.

Which combination of steps should a network engineer take to configure the architecture to meet these requirements? (Choose three.)

  • A. Create a system rule for the domain name “.” (dot) with a target IP address of the on-premises DNS security solution.
  • B. Create a new DHCP options set that provides the IP address of the on-premises DNS security solution. Update the VPC to use this new DHCP options set.
  • C. Create an Amazon Route 53 Resolver inbound endpoint. Associate this endpoint with the VPC.
  • D. Create an Amazon Route 53 Resolver outbound endpoint. Associate this endpoint with the VPC.
  • E. Create a system rule for the domain name amazonaws.com.
  • F. Create a forwarding rule for the domain name “.” (dot) with a target IP address of the on-premises DNS security solution.
Show Suggested Answer Hide Answer
Suggested Answer: BDF 🗳️
by papercuts23 at June 10, 2023, 7:22 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Balasmaniam
Highly Voted 1 year, 2 months ago
Selected Answer: DEF
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-overview-DSN-queries-to-vpc.html#resolver-overview-forward-vpc-to-network-autodefined-rules
upvoted 7 times
...
bluz
Most Recent 6 months, 1 week ago
Selected Answer: CDF
"According to the new requirement, all public DNS queries must use an on-premises DNS security solution." - amazonaws.com is a public domain. "the company is using VPC endpoints to access AWS services." - inbound endpoint. We don't need need System Rule because "The dot rule applies to all domain names except some AWS internal domain names and record names in private hosted zones." https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-overview-DSN-queries-to-vpc.html#resolver-overview-forward-vpc-to-network-domain-name-matches
upvoted 3 times
Blitz1
1 month, 3 weeks ago
very good. From the the same article: "If you create a conditional forwarding rule for "." (dot) or "com", we recommend that you also create a system rule for amazonaws.com. (System rules cause Resolver to locally resolve DNS queries for specific domains and subdomains.) Creating this system rule improves performance, reduces the number of queries that are forwarded to your network, and reduces Resolver charges."
upvoted 1 times
...
...
Tofu13
1 year ago
Selected Answer: DEF
D -Create an outbound endpoint to be able to send queries from the VPC to the on-prem DNS solution F - Forward all (=".") queries over the outbound endpoint to the on-prem solution E - Only make an exception for AWS service endpoints.
upvoted 1 times
...
[Removed]
1 year, 1 month ago
Selected Answer: BDF
Do you think the system rule for the domain name amazonaws.com would only apply to queries for that specific domain name. It would not apply to other public DNS queries. I think BDF is correct...
upvoted 1 times
[Removed]
1 year, 1 month ago
edit DEF is correct Creating this system rule improves performance, reduces the number of queries that are forwarded to your network and is recommended when you create a conditional forwarding rule for “.” (dot) or “com” https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-overview-DSN-queries-to-vpc.html
upvoted 2 times
...
...
RVD
1 year, 2 months ago
Selected Answer: DEF
Ans: DEF
upvoted 3 times
...
papercuts23
1 year, 3 months ago
i think it is D E F
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel