Exam AWS Certified Solutions Architect - Professional topic 1 question 718 discussion

yup its B https://docs.aws.amazon.com/vpc/latest/privatelink/vpce-interface.html#vpce-private-dns

It is C, Private DNS is turned on by default for endpoints created for AWS services and AWS Marketplace Partner services, so B is ruled out of the question. Source: https://docs.aws.amazon.com/vpc/latest/privatelink/vpce-interface.html

I think it's B

Ans is B https://aws.amazon.com/premiumsupport/knowledge-center/vpc-interface-configure-dns/

I will go with B. For everyone saying its C - if this was an SG issue the address would be resolved with the private IP but not accessaible. you can see proof here: https://aws.amazon.com/premiumsupport/knowledge-center/vpc-interface-configure-dns/ For the interface VPC endpoint, verify that private DNS names is turned on. If private DNS names isn't turned on, the service domain name or endpoint domain name resolves to regional public IPs. For steps to turn on private DNS names, see Modify an interface endpoint.

Option C is appropriate. Option B also correct if this point not highlighted-internal services are unable to connect to the interface endpoints.

Ans B: even though private DNS option is enabled we still need to ensure the VPC attributes are set to true. To use private DNS, you must set the following VPC attributes to true: enableDnsHostnames and enableDnsSupport. There is a possibility that DNS private option was turned off when the interface endpoint was created inside the VPC.

The service name are resolved to public IP address, so the application is using the default DNS name, not the endpoint hostname. So you need to enable private DNS option to resolve it to private address. read the Private DNS for interface endpoints in the link https://docs.aws.amazon.com/vpc/latest/privatelink/vpce-interface.html.

My answer is C. You don't need to check private DNS because it’s turned on by default while you need to configure SG. https://docs.aws.amazon.com/vpc/latest/privatelink/vpce-interface.html

private DNS option on the VPC attributes is a bit confusing. Private DNS is enabled by default on private endpoints not VPC. It appears the answer is pointing to VPC attributes DNS hostnames and DNS resolution Yes without the above enabled attributes privatelink will not work. answere is B

C - https://docs.aws.amazon.com/vpc/latest/privatelink/vpce-interface.html

Enable private DNS for the endpoint so you can make requests to the service using its default DNS hostname; If you don't enable it the default DNS Hostname resolves to Public IP of the Service. B.

C is right Configure the security group on the interface endpoint to allow connectivity to the AWS services. Interface endpoint need Security groups .. look at Gateway endpoint vs interface endpoint. Neal Davis having similar question

Security group issue is far beyond the question requirement. It is just like a firewall which can allow some traffic. The question clearly said that "the service names resolve to public IP addresses". So it is a DNS resolve related issue not ACL related issue. So option B is correct..

It's C

B for sure.https://www.examtopics.com/user/student22/

B You have enable private DNS option. Otherwise it will resolve to the public address.