ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 258 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 258
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has a transit gateway in a single AWS account. The company sends flow logs for the transit gateway to an Amazon CloudWatch Logs log group.

The company created an AWS Lambda function to analyze the logs. The Lambda function sends a notification to an Amazon Simple Notification Service (Amazon SNS) topic when a VPC generates traffic that is dropped by the transit gateway. Each notification contains the account ID. VPC ID, and total amount of dropped packets.

The company wants to subscribe a new Lambda function to the SNS topic. The new Lambda function must automatically prevent the traffic that is identified in each notification from leaving a VPC by applying a network ACL to the transit gateway attachment subnets in the VPC that generates the traffic.

Which solution will meet these requirements?

  • A. Configure the existing Lambda function to add the destination IP addresses of the dropped traffic to each SNS notification. Configure the new Lambda function to create an outbound rule by using the destination IP addresses in the network ACL.
  • B. Configure the existing Lambda function to add the source IP addresses of the dropped traffic to each SNS notification. Configure the new Lambda function to create an inbound rule by using the source IP addresses in the network ACL.
  • C. Configure the existing Lambda function to add the source IP addresses of the dropped traffic to each SNS notification. Configure the new Lambda function to create an outbound rule by using the source IP addresses in the network ACL.
  • D. Configure the existing Lambda function to add the destination IP addresses of the dropped traffic to each SNS notification. Configure the new Lambda function to create an inbound rule by using the destination IP addresses in the network ACL.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by c1193d4 at Jan. 7, 2025, 4:11 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ashk123456
2 weeks, 4 days ago
Selected Answer: C
The goal is to prevent traffic identified in SNS notifications from leaving the VPC. The correct approach is to: 1. Identify the source IP addresses of the unwanted traffic. 2. Use a network ACL (NACL) to block outbound traffic from these source IPs in the transit gateway attachment subnets.
upvoted 1 times
...
youonebe
1 month, 2 weeks ago
Selected Answer: C
Answer is C. Traffic is going out from EC2, need to identify the source and attach outbound constrain to the subnet ACL.
upvoted 1 times
...
woorkim
3 months ago
Selected Answer: A
It uses destination IP addresses, which identify where the problematic traffic is trying to go It creates outbound rules, which prevent traffic from leaving the VPC This combination will effectively block traffic to the identified problematic destinations The solution maintains proper traffic flow direction matching between the identified problems and the blocking mechanism It can be automated through Lambda based on the SNS notifications
upvoted 3 times
...
c1193d4
3 months, 1 week ago
Selected Answer: A
A: add a NACL outbound rule to stop the traffic from the VPC where it's generated - use the destination address (only IP settable for outbound rules)
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago