ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 255 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 255
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company hosts application servers on premises and on Amazon EC2 instances in a VPC. The application servers access data that is hosted in an Amazon S3 bucket through the public internet. The EC2 instances in the VPC use an AWS Site-to-Site VPN for connectivity with the on-premises application servers.

New company regulations state that all traffic between the application servers and the S3 bucket must remain private and must not use public IP addresses.

Which solution will meet these requirements MOST cost-effectively?

  • A. Configure an S3 gateway endpoint Modify the route table with the appropriate route for the endpoint. Access the S3 bucket through the gateway endpoint from the EC2 instances.
  • B. Configure an S3 interface endpoint. Update the on-premises servers and EC2 instances to use the interface endpoint DNS name to access the S3 bucket.
  • C. Configure an S3 interface endpoint. Update the on-premises servers to use the interface endpoint DNS name to access the S3 bucket. Configure an S3 gateway endpoint. Modify the route table so that the EC2 instances use the gateway endpoint.
  • D. Configure an S3 gateway endpoint. Modify the route table with the appropriate route for the endpoint. Use an S3 bucket policy to restrict access to the gateway endpoint. Configure a proxy server fleet behind a Network Load Balancer in the VPC so that the on-premises servers can access the S3 bucket.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by nico73 at Jan. 7, 2025, 11:41 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TechAwesome
1 month ago
Selected Answer: B
Both B and C make sense. Depends how do you understand "must not use public IP addresses". Even with Gateway endpoint, you are still accessing S3's public IP address..The question is not clear.
upvoted 1 times
...
jfedotov
3 months ago
Selected Answer: C
C is correct S3 Interface Endpoint with the option "Enable private DNS only for inbound endpoint" S3 Gateway for EC2
upvoted 1 times
...
jfedotov
3 months ago
Selected Answer: B
B is correct "A company hosts application servers on-premises and on Amazon EC2 instances" Both onprem and ec2 send traffic to S3, so it should be S3 Interface.
upvoted 1 times
...
woorkim
3 months, 1 week ago
Selected Answer: C
most cost-effective solution because: Gateway endpoints are free and perfect for EC2 instances in the VPC Interface endpoints, while having a cost, are necessary for on-premises servers Each type of server uses the most appropriate endpoint type No unnecessary components like proxy fleets or load balancers
upvoted 2 times
...
meseerie
3 months, 2 weeks ago
Selected Answer: B
B. traffic is sourced from On-Prem to S3 in private. So Interface endpoint is needed.
upvoted 2 times
...
c1193d4
3 months, 2 weeks ago
Selected Answer: C
C: see this architecture in https://aws.amazon.com/blogs/architecture/choosing-your-vpc-endpoint-strategy-for-amazon-s3/
upvoted 1 times
...
nico73
3 months, 2 weeks ago
Selected Answer: C
because gateway endpoints are not accessible from sources outside the VPC
upvoted 3 times
jfedotov
3 months ago
B is correct, no need to create routes for the interface
upvoted 1 times
...
jfedotov
3 months ago
C is correct, mislook the answer, the route is needed for gateway.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago