ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 200 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 200
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company is migrating an application to the AWS Cloud. The company has successfully provisioned and tested connectivity between AWS Direct Connect and the company's on-premises data center. The application runs on Amazon EC2 instances across multiple Availability Zones. The instances are in an Auto Scaling group.

The application communicates through HTTPS to a third-party vendor's data service that is hosted at the company’s data center. The data service implements a static ACL through explicit allow listing of client IP addresses.

A network engineer must design a network solution so that the migrated application can continue to access the vendor’s data service as the application scales.

Which solution will meet these requirements with the LEAST amount of ongoing change to the vendor's allow list?

  • A. Configure a private NAT gateway in the subnets for each Availability Zone that the application runs in. Configure the application to target the NAT gateways instead of the data service directly. Update the data service's allow list to include the IP addresses of the NAT gateways.
  • B. Configure an elastic network interface in the subnets for each Availability Zone that the application runs in. Associate the elastic network interfaces with the Auto Scaling group for the application. Update the data service's allow list to include the IP addresses of the elastic network interfaces.
  • C. Configure an elastic network interface in the subnets for each Availability Zone that the application runs in. Launch an EC2 instance into each subnet. Attach the respective elastic network interfaces to the new EC2 instances. In the application subnet route tables, configure the new EC2 instances as the next destination for the data service. Update the data service’s allow list to include the IP addresses of the elastic network interfaces.
  • D. Configure an Application Load Balancer (ALB) in the subnets for each Availability Zone that the application runs in. Configure an ALB-associated target group that contains a target that uses the IP address for the data service. Configure the application to target the ALB instead of the data service directly. Update the data service's allow list to include the IP addresses of the ALBs.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Akshay0403 at July 23, 2024, 11:22 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
woorkim
23 hours, 25 minutes ago
Selected Answer: A
By using a private NAT gateway, the solution ensures that the vendor's data service always sees the same IP address, minimizing the need for ongoing updates to the allow list while allowing the application to scale.
upvoted 1 times
...
cas_tori
3 months, 2 weeks ago
Selected Answer: A
this is A
upvoted 1 times
...
[Removed]
3 months, 4 weeks ago
Selected Answer: A
NAT gateway provide static ip that can be allowed once in allow list
upvoted 2 times
...
siheom
4 months, 1 week ago
Selected Answer: A
VOTE A
upvoted 2 times
...
yama_chan
4 months, 2 weeks ago
The correct answer is D. Considering the simplicity of managing the allow list and the automation of load balancing, option D, using an Application Load Balancer (ALB), is the optimal solution. However, if managing the allow list is not an issue or if direct communication is required due to specific requirements, option B, using an Elastic Network Interface (ENI), is also a strong choice.
upvoted 1 times
jhon648274
4 months ago
Application load balancer ip is not static and it can change thus why is not an optimal solution
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago