Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 190 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 190
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company is building an API-based application on AWS and is using a microservices architecture for the design. The company is using a multi-account AWS environment that includes a separate AWS account for each microservice development team. Each team hosts its microservice in its own VPC that contains Amazon EC2 instances behind a Network Load Balancer (NLB).

A network engineer needs to use Amazon API Gateway in a shared services account to create an HTTP API to expose these microservices to external applications. The network engineer must ensure that access to the microservices can occur only over a private network. Additionally, the company must be able to control which entities from its internal network can connect to the microservices. In the future, the company will create more microservices that the company must be able to integrate with the application.

What is the MOST secure solution that meets these requirements?

  • A. Create an Application Load Balancer (ALB) in a VPC in the shared services account. Configure the integration to the API Gateway API by using a VPC link. Associate the VPC link with the ALB. Create a VPC endpoint service in each microservice account. Create an AWS PrivateLink endpoint for those services in the shared services account. Add the elastic network interface IP addresses of the VPC endpoint as targets for the target group of the ALB.
  • B. Create an Application Load Balancer (ALB) in a VPC in the shared services account. Configure the integration to the API Gateway API by using a VPC link. Associate the VPC link with the ALConnect all the VPCs to each other by using a central transit gateway. Add the IP addresses of the NLB as IP-based targets in the ALB target group.
  • C. Configure the integration to the API Gateway API by using HTTP-based integration. Connect all the VPCs to each other by using a central transit gateway. Create a separate HTTP integration to each NLB for each microservice. Add the HTTP endpoint of the NLB as the endpoint URL in the HTTP integration.
  • D. Configure the integration to the API Gateway API by using VPC link integration. Connect all the VPCs to each other by using a central transit gateway. Create a separate VPC link to each NLB for each microservice. Add the HTTP endpoint of the NLB as the endpoint URL in the VPC link integration.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by seochan at May 30, 2024, 12:58 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
luisgu
2 months, 1 week ago
Selected Answer: A
See "Private integration cross-account" on this link: https://docs.aws.amazon.com/whitepapers/latest/best-practices-api-gateway-private-apis-integration/http-api.html
upvoted 2 times
Spaurito
1 week, 5 days ago
I see your thought here but the environment already has NLB's in place for the EC2 instances.
upvoted 1 times
...
...
Ravan
2 months, 3 weeks ago
Selected Answer: A
D. Incorrect VPC link configuration: The VPC link should be associated with the ALB, not the NLB.
upvoted 1 times
...
siheom
3 months, 1 week ago
Selected Answer: D
VOTE D
upvoted 3 times
...
kupo777
3 months, 1 week ago
D is correct. A, B: HTTP API does not require ALB creation on the shared account side because the communication is to ENI. C: HTTP-based integration does not exist.
upvoted 2 times
...
Akshay0403
3 months, 3 weeks ago
Selected Answer: D
Option D is the most secure and scalable solution. It provides private network communication using VPC link integration and leverages a transit gateway for efficient VPC management. This approach ensures that traffic remains secure within the AWS network while offering the flexibility to control access and easily integrate new microservices in the future.
upvoted 3 times
...
yeahaya
5 months ago
Selected Answer: D
D. i choice
upvoted 3 times
...
yeahaya
5 months ago
D. i choice
upvoted 2 times
...
rdiaz
5 months ago
Selected Answer: B
TGW required.
upvoted 1 times
...
seochan
5 months, 2 weeks ago
Selected Answer: A
I think it’s A VPC link - ensure using private network VPC endpoint service - scalable and secure (TGW need non-overlapping CIDR, hence no scalable, and you can access control using ENI SG)
upvoted 4 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel