ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 224 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 224
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A banking company has an application that must connect to specific public IP addresses from a VPC. A network engineer has configured routes in the route table that is associated with the application’s subnet to the required public IP addresses through an internet gateway.

The network engineer needs to set up email notifications that will alert the network engineer when a user adds a default route to the application subnet's route table with the internet gateway as a target.

Which solution will meet these requirements with the LEAST implementation effort?

  • A. Create an AWS Lambda function that reads the routes in the route table and sends an email notification. Configure the Lambda function to send an email notification if any route is configured with 0.0.0.0/0 or ::/0 CIDRs to the internet gateway. Configure the Lambda function to run every minute.
  • B. Create an AWS Lambda function that will be invoked by an Amazon EC2 CreateRoute API call. Configure the Lambda function to send an email notification. Configure the Lambda function to send an email notification if any route is configured with 0.0.0.0/0 or ::/0 CIDRs to the internet gateway.
  • C. Create AWS Config rules for the route table by using the internet-gateway-authorized-vpc-only managed rule. Create an Amazon EventBridge rule to match the AWS Config rule and to route to an Amazon Simple Notification Service (Amazon SNS) topic to send an email notification.
  • D. Create an AWS Config rule for the route table by using the no-unrestricted-route-to-igw managed rule. Create an Amazon EventBridge rule to match the AWS Config rule and to route to an Amazon Simple Notification Service (Amazon SNS) topic to send an email notification.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by 46f094c at Nov. 18, 2024, 3:22 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AzureDP900
3 months, 2 weeks ago
Selected Answer: D
This solution has less implementation effort because: It uses a pre-configured AWS managed rule (no-unrestricted-route-to-igw) that is specifically designed for this use case, eliminating the need to write custom code. It leverages Amazon EventBridge (formerly CloudWatch Events) and Amazon SNS, which are well-established services with minimal configuration required.
upvoted 1 times
...
AzureDP900
3 months, 4 weeks ago
Selected Answer: D
D Create an AWS Config rule for the route table by using the no-unrestricted-route-to-igw managed rule would meet these requirements with the LEAST implementation effort. This solution leverages pre-built AWS Config rules, which monitor the resource configuration and trigger an Amazon EventBridge rule when a rule violation is detected. The email notification can then be sent to the network engineer through an Amazon SNS topic.
upvoted 1 times
...
woorkim
4 months ago
Selected Answer: D
C. AWS Config rule using internet-gateway-authorized-vpc-only: This rule checks if an internet gateway is attached only to authorized VPCs. It does not specifically monitor for unrestricted routes (0.0.0.0/0 or ::/0) to the internet gateway, which is the requirement.
upvoted 1 times
...
meseerie
4 months, 4 weeks ago
Selected Answer: D
answer is cleary D https://docs.aws.amazon.com/config/latest/developerguide/no-unrestricted-route-to-igw.html ''Checks if there are public routes in the route table to an Internet gateway (IGW). The rule is NON_COMPLIANT if a route to an IGW has a destination CIDR block of '0.0.0.0/0' or '::/0' or if a destination CIDR block does not match the rule parameter.''
upvoted 3 times
...
ArunRav
5 months, 1 week ago
Selected Answer: D
A and B is out as lambda need effort. C only check if igw is attached to authorized vpc. For checking unrestricted route getting attached to igw D is the best option and needs very less operational effort as it is using aws native tool.
upvoted 2 times
...
46f094c
5 months, 1 week ago
Selected Answer: C
https://docs.aws.amazon.com/config/latest/developerguide/no-unrestricted-route-to-igw.html
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago