ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 174 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 174
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company is planning to migrate an internal application to the AWS Cloud. The application will run on Amazon EC2 instances in one VPC. Users will access the application from the company's on-premises data center through AWS VPN or AWS Direct Connect. Users will use private domain names for the application endpoint from a domain name that is reserved explicitly for use in the AWS Cloud.

Each EC2 instance must have automatic failover to another EC2 instance in the same AWS account and the same VPC. A network engineer must design a DNS solution that will not expose the application to the internet.

Which solution will meet these requirements?

  • A. Assign public IP addresses to the EC2 instances. Create an Amazon Route 53 private hosted zone for the AWS reserved domain name. Associate the private hosted zone with the VPC. Create a Route 53 Resolver outbound endpoint. Configure conditional forwarding in the on-premises DNS resolvers to forward all DNS queries for the AWS domain to the outbound endpoint IP address for Route 53 Resolver. In the private hosted zone, configure primary and failover records that point to the public IP addresses of the EC2 instances. Create an Amazon CloudWatch metric and alarm to monitor the application's health. Set up a health check on the alarm for the primary application endpoint.
  • B. Place the EC2 instances in private subnets. Create an Amazon Route 53 public hosted zone for the AWS reserved domain name. Associate the public hosted zone with the VPC. Create a Route 53 Resolver inbound endpoint. Configure conditional forwarding in the on-premises DNS resolvers to forward all DNS queries for the AWS domain to the inbound endpoint IP address for Route 53 Resolver. In the public hosted zone, configure primary and failover records that point to the IP addresses of the EC2 instances. Create an Amazon CloudWatch metric and alarm to monitor the application's health. Set up a health check on the alarm for the primary application endpoint.
  • C. Place the EC2 instances in private subnets. Create an Amazon Route 53 private hosted zone for the AWS reserved domain name. Associate the private hosted zone with the VPCreate a Route 53 Resolver inbound endpoint. Configure conditional forwarding in the on-premises DNS resolvers to forward all DNS queries for the AWS domain to the inbound endpoint IP address for Route 53 Resolver. In the private hosted zone, configure primary and failover records that point to the IP addresses of the EC2 instances. Create an Amazon CloudWatch metric and alarm to monitor the application's health. Set up a health check on the alarm for the primary application endpoint.
  • D. Place the EC2 instances in private subnets. Create an Amazon Route 53 private hosted zone for the AWS reserved domain name. Associate the private hosted zone with the VPC. Create a Route 53 Resolver inbound endpoint. Configure conditional forwarding in the on-premises DNS resolvers to forward all DNS queries for the AWS domain to the inbound endpoint IP address for Route 53 Resolver. In the private hosted zone, configure primary and failover records that point to the IP addresses of the EC2 instances. Set up Route 53 health checks on the private IP addresses of the EC2 instances.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by backspace0900 at March 20, 2024, 1:12 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
backspace0900
Highly Voted 1 year ago
C Route53 healthchecker need publicIP
upvoted 10 times
psou7
1 year ago
Agree. C
upvoted 1 times
...
...
Spaurito
Most Recent 5 months ago
C - as per documentation - To set up Route 53 health checks on the private IP addresses of EC2 instances, you need to assign a public IP address to the EC2 instance as Route 53 health checkers can only access resources with publicly routable IP addresses; then, configure the health check in Route 53 to point to that public IP, allowing you to monitor the health of your private resource within the VPC; you can use a private hosted zone to associate the health check with your internal domain names This would expose to the internet. Monitoring the applications endpoint is the next solution.
upvoted 1 times
...
khaanikahttak
8 months, 1 week ago
D is correct answer. Coz route53 health check is design for end points fail over. route 53 redirect traffic to the healthy end point in case one is failed.
upvoted 1 times
...
cerifyme85
11 months, 2 weeks ago
Selected Answer: C
Can only be done using cloudwatch for private IPS https://aws.amazon.com/blogs/networking-and-content-delivery/performing-route-53-health-checks-on-private-resources-in-a-vpc-with-aws-lambda-and-amazon-cloudwatch/ R53 cannot monitor pHz https://repost.aws/questions/QUVcLK5gUqSxKGondJkrzw0Q/private-zone-route53-health-checks#:~:text=If%20you%20mean,private%20hosted%20zone
upvoted 3 times
...
KobDragoon
1 year ago
Selected Answer: D
I vote for D instead of C, because Route53 health checks are necessary for the implementation of Route53 failover records. R53 health checks can be done directly to the instances or to the cloudwatch alarms, but why use cloudwatch alarm configuration when you can go the more direct route and there is no requirement to get any metrics from the EC2s from cloudwatch.
upvoted 1 times
JoellaLi
1 year ago
but Route53 healthchecker need publicIP
upvoted 1 times
AzureDP900
3 months, 1 week ago
D is right Route 53 health checks do not necessarily require a public IP address. According to Amazon Web Services (AWS), you can configure Route 53 health checks to use private IP addresses, such as those assigned to an Elastic IP or a NAT gateway. This allows you to monitor the availability of your application without exposing it to the internet.
upvoted 1 times
...
...
...
backspace0900
1 year ago
Selected Answer: C
supplement the vote
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago