exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 184 discussion

An education agency is preparing for its annual competition between schools. In the competition, students at schools from around the country solve math problems, complete puzzles, and write essays.

The IP addressing plan of all the schools is well-known and is administered centrally. The competition is hosted in the AWS Cloud and is not publicly available. All competition traffic must be encrypted in transit. Only authorized endpoints can access the competition. All the schools have firewall policies that block ICMP traffic.

A network engineer builds a solution in which all the schools access the competition through AWS Site-to-Site VPN connections. The network engineer uses BGP as the routing protocol. The network engineer must implement a solution that notifies schools when they lose connectivity and need to take action on their premises to address the issue.

Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)

  • A. Monitor the state of the VPN tunnels by using Amazon CloudWatch. Create a CloudWatch alarm that uses Amazon Simple Notification Service (Amazon SNS) to notify people at the affected school if the tunnels are down.
  • B. Create a scheduled AWS Lambda function that pings each school's on-premises customer gateway device. Configure the Lambda function to send an Amazon Simple Notification Service (Amazon SNS) notification to people at the affected school if the ping fails.
  • C. Create a scheduled AWS Lambda function that uses the VPC Reachability Analyzer API to verify the connectivity. Configure the Lambda function to send an Amazon Simple Notification Service (Amazon SNS) notification to people at the affected school if failure occurs.
  • D. Create an Amazon CloudWatch dashboard for each school to show all CloudWatch metrics for each school's Site-to-Site VPN connection. Share each dashboard with the appropriate school.
  • E. Create a scheduled AWS Lambda function to monitor the existence of each school's routes in the VPC route table where VPN routes are propagated. Configure the Lambda function to send an Amazon Simple Notification Service (Amazon SNS) notification to people at the affected school if failure occurs.
Show Suggested Answer Hide Answer
Suggested Answer: AE 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
[Removed]
Highly Voted 8 months, 1 week ago
I would go for AE. The reachability analyzer (option C) cannot look beyond AWS/VPC. So if there is an issue with the school itself (their CGW for instance) it cannot detect this. But to my understanding if the VPN of a specific school goes down the propagated route would vanish and so option E looks feasible (not near real time of course).
upvoted 5 times
...
woorkim
Most Recent 2 weeks ago
Selected Answer: AE
B: Pinging customer gateway devices is not viable since the schools block ICMP traffic. This option would fail due to the schools' firewall policies. C: While VPC Reachability Analyzer is a powerful tool, using it for frequent connectivity checks is more complex and potentially costlier than leveraging existing metrics and route table monitoring. D: CloudWatch dashboards are useful for monitoring but do not provide proactive notifications. They require someone to manually review the data, which does not align with the requirement for automated notifications.
upvoted 1 times
...
Spaurito
1 month, 2 weeks ago
AE - This seems to be the best answer. You could use option C but the cost would add up. Monitoring the Route Table and having a CloudWatch monitor makes the most sense.
upvoted 1 times
...
cas_tori
3 months, 3 weeks ago
Selected Answer: AE
this is AE
upvoted 1 times
...
seochan
7 months ago
Selected Answer: AE
I think it's AE. Option B is not possible because the clients are blocking ICMP protocol. Option C is not cost-effective option because the VPC reachability analyzer has per-invoke cost. Option D is not a requirement in this scenario.
upvoted 4 times
...
973b658
8 months, 2 weeks ago
Selected Answer: AC
A&C is OK.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago