ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 105 discussion

Exam question from Amazon's ANS-C00
Question #: 105
Topic #: 1
[All ANS-C00 Questions]

A company has recently established an AWS Direct Connect connection from its on-premises data center to AWS. A Network Engineer has blocked all traffic destined for Amazon S3 over the company's gateway to the internet from its on-premises firewall. S3 traffic should only traverse the Direct Connect connection.
Currently, no one in the on-premises data center can access Amazon S3.
Which solution will resolve this connectivity issue?

  • A. Configure a private virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop for traffic destined for Amazon S3.
  • B. Establish an S3 VPC endpoint for the company's Amazon VPC. Configure a private virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop.
  • C. Configure a public virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop for traffic destined for Amazon S3.
  • D. Configure a public virtual interface on the Direct Connect connection. Establish an AWS managed VPN over the connection. Update the on-premises routing tables to choose the VPN connection as the preferred next hop.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by LexyA at May 8, 2020, 9:06 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Averageguy
Highly Voted 3 years, 7 months ago
C https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-access-direct-connect/
upvoted 28 times
SilverT
3 years, 6 months ago
Agee, C it is.
upvoted 4 times
...
...
slackbot
Most Recent 2 years ago
Selected Answer: B
B is a supported option as well as C. there is a VPC interface endpoint for S3 which can be accessed over private VIF at the time of the writing of this question - only C was possible. not anymore.
upvoted 1 times
...
Marty2021
2 years, 10 months ago
Selected Answer: C
Answer C - As others have noted a public VIF over DX is standard pattern for this
upvoted 1 times
...
bamosk
3 years, 2 months ago
Selected Answer: C
C, AWS public services require a public VIF, vpn connection over DX is redundant
upvoted 2 times
...
JohnnyBG
3 years, 3 months ago
Selected Answer: C
Public Vif and advertise AWS BGP community, either regional or global.
upvoted 2 times
...
modatruhio
3 years, 5 months ago
"C"... here is explained the use for each type of connection https://aws.amazon.com/premiumsupport/knowledge-center/public-private-interface-dx/
upvoted 4 times
...
ChauPhan
3 years, 6 months ago
The scenario: We are having DX, but somehow it is disconnected, that's reason why clients from on-premise can't connect to S3 through DX. Our purpose is to recover the connection, so establish a VPN from customer gateway to AWS-managed VPN gateway can be an option. This solution can be a backup redundant link if the issue happens again. So I go with option D.
upvoted 1 times
ChauPhan
3 years, 5 months ago
Sorry my mistake, the purpose is to establish connection between onprimse network and S3. For S3, you need public VIF: "Private virtual interface: Access an Amazon VPC using private IP addresses. Public virtual interface: Access AWS services from your on-premises data center. Allow AWS services, or AWS customers access to your public networks over the interface instead of traversing the internet." And you can choose setup this connection by VPN or not through DX. VPN is safer way. https://d1.awsstatic.com/whitepapers/aws-amazon-vpc-connectivity-options.pdf Check the page 9 for DX + VPN Check the page 7 for DX without VPN
upvoted 1 times
...
...
PeppaPig
3 years, 6 months ago
Someone can explain why D is not correct?
upvoted 1 times
Kentik
3 years, 6 months ago
Also, you cannot access a gateway endpoint via a DX, only interface Endpoints l
upvoted 1 times
...
Stardec
3 years, 6 months ago
You can access AWS services (S3, Dynamo DB, etc.) through a public virtual interface in Direct Connect. There is no need for AWS Managed VPN in this case.
upvoted 2 times
...
...
inf
3 years, 6 months ago
Answer: C A - incorrect - should be a public VIF B - incorrect - "Endpoint connections cannot be extended out of a VPC. Resources on the other side of a VPN connection, VPC peering connection, transit gateway, AWS Direct Connect connection, or ClassicLink connection in your VPC cannot use the endpoint to communicate with resources in the endpoint service" C - correct - public VIF to access S3 resources over DX link D - incorrect - AWS managed VPN is established over the internet, not Direct Connect. https://d1.awsstatic.com/whitepapers/aws-amazon-vpc-connectivity-options.pdf
upvoted 3 times
inf
3 years, 6 months ago
Note: If it was another service, not S3 (or DynamoDB, ie gateway endpoint), B would be possible - ie VPC "interface" endpoints (e.g. Rekognition or Glue) can be accessed over DX
upvoted 2 times
...
PeppaPig
3 years, 6 months ago
You can establish a AWS VPN over DX connections, it is likely faster and more secure than VPN over public internet https://aws.amazon.com/premiumsupport/knowledge-center/create-vpn-direct-connect/
upvoted 1 times
anaslouba
3 years, 1 month ago
look that now we can access to s3 via interface endpoint from on preme..
upvoted 1 times
...
...
...
guruguru
3 years, 7 months ago
C. Can connect to S3 via public VIF. NOT B, because either source or destination ENI must be within the VPC. Cannot leverage DX and VPC as transitive routing for onprem to connect to S3 via the VPCE.
upvoted 4 times
...
LexyA
3 years, 7 months ago
D is correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago