Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 724 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 724
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company needs to architect a hybrid DNS solution. This solution will use an Amazon Route 53 private hosted zone for the domain cloud.example.com for the resources stored within VPCs.
✑ The company has the following DNS resolution requirements:
✑ On-premises systems should be able to resolve and connect to cloud.example.com.
All VPCs should be able to resolve cloud.example.com.
There is already an AWS Direct Connect connection between the on-premises corporate network and AWS Transit Gateway.
Which architecture should the company use to meet these requirements with the HIGHEST performance?

  • A. Associate the private hosted zone to all the VPCs. Create a Route 53 inbound resolver in the shared services VPC. Attach all VPCs to the transit gateway and create forwarding rules in the on-premises DNS server for cloud.example.com that point to the inbound resolver.
  • B. Associate the private hosted zone to all the VPCs. Deploy an Amazon EC2 conditional forwarder in the shared services VPC. Attach all VPCs to the transit gateway and create forwarding rules in the on-premises DNS server for cloud.example.com that point to the conditional forwarder.
  • C. Associate the private hosted zone to the shared services VPC. Create a Route 53 outbound resolver in the shared services VPC. Attach all VPCs to the transit gateway and create forwarding rules in the on-premises DNS server for cloud.example.com that point to the outbound resolver.
  • D. Associate the private hosted zone to the shared services VPC. Create a Route 53 inbound resolver in the shared services VPC. Attach the shared services VPC to the transit gateway and create forwarding rules in the on-premises DNS server for cloud.example.com that point to the inbound resolver.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Jaypdv at April 30, 2021, 12:07 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
beebatov
Highly Voted 3 years ago
A is the answer, based on https://aws.amazon.com/blogs/networking-and-content-delivery/centralized-dns-management-of-hybrid-cloud-with-amazon-route-53-and-aws-transit-gateway/ "When a Route 53 private hosted zone needs to be resolved in multiple VPCs and AWS accounts as described earlier, the most reliable pattern is to share the private hosted zone between accounts and associate it to each VPC that needs it."
upvoted 20 times
DerekKey
2 years, 11 months ago
There is only one Account. Not multiple account
upvoted 3 times
...
Amac1979
1 year, 7 months ago
A is correct. Single or Multi Account is not the point here, they have TG in place, multiple VPCs.. https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/set-up-dns-resolution-for-hybrid-networks-in-a-multi-account-aws-environment.html the architecture diagram speaks.
upvoted 2 times
...
...
Kyperos
Highly Voted 2 years, 1 month ago
"Although it is possible to use forwarding rules to resolve private hosted zones in other VPCs, we do not recommend that. The most reliable, performant and low-cost approach is to share and associate private hosted zones directly to all VPCs that need them." https://aws.amazon.com/vi/blogs/networking-and-content-delivery/centralized-dns-management-of-hybrid-cloud-with-amazon-route-53-and-aws-transit-gateway/ So answer is A!!!!
upvoted 5 times
...
CProgrammer
Most Recent 9 months, 1 week ago
The key difference lies in the centralized resolution vs. distributed resolution trade-off. Option D prioritizes performance by centralizing queries on the inbound resolver, leveraging Direct Connect and Transit Gateway. Option A, on the other hand, simplifies management but could introduce additional query hops and potential latency, especially if VPCs are geographically dispersed. Therefore, the optimal choice depends on various factors beyond just sharing the hosted zone. In this specific scenario: High performance is crucial. AWS Direct Connect connection exists. All VPCs need to resolve cloud.example.com. Option D with the Route 53 inbound resolver offers significant performance benefits over option A. However, if managing individual VPC associations is a higher priority and latency concerns are minimal, option A could be a viable alternative.
upvoted 1 times
...
[Removed]
1 year, 7 months ago
Selected Answer: A
How can the answer not be A? In D they dont associate the zone with other VPCs, they also have don;t attach the other VPCs to transit gatweay, essentially the outcome would mean that the other vpcs have no dns resolution for the private zone and also no connectivity. If you want to add other VPCs to your private hosted zone you must associate those VPCs, this would solve the issues for resolving the DNS zone, attaching all zones to the transit gateway would then allow the connectivity.
upvoted 2 times
...
SureNot
1 year, 10 months ago
Do smb know why HIGHEST performance is highlighted? I may reveal the difference between A and D
upvoted 1 times
...
orik
1 year, 10 months ago
D https://aws.amazon.com/blogs/networking-and-content-delivery/integrating-aws-transit-gateway-with-aws-privatelink-and-amazon-route-53-resolver/
upvoted 1 times
...
Blair77
1 year, 11 months ago
Selected Answer: A
AAA - Well explain here: https://aws.amazon.com/blogs/networking-and-content-delivery/centralized-dns-management-of-hybrid-cloud-with-amazon-route-53-and-aws-transit-gateway/ -"When a Route 53 private hosted zone needs to be resolved in multiple VPCs and AWS accounts as described earlier, the most reliable pattern is to share the private hosted zone between accounts and associate it to each VPC that needs it. "
upvoted 1 times
...
Malluchan
1 year, 12 months ago
Selected Answer: A
The key point is : the resources stored within VPCs, no were mentioned shared VPC
upvoted 1 times
...
asfsdfsdf
2 years, 2 months ago
I will go with D there is a blog for this - there is no need to associate the private zone with all VPCs only with the shared one. the shared one will be already associated with others. https://aws.amazon.com/blogs/networking-and-content-delivery/centralized-dns-management-of-hybrid-cloud-with-amazon-route-53-and-aws-transit-gateway/
upvoted 2 times
asfsdfsdf
2 years, 1 month ago
After reviewing it again i think A will work "Create Route 53 private hosted zones in the shared services VPC and associate them. In addition, complete the cross-account private hosted zone-VPC association of the spoke VPCs because the spoke VPCs are in different accounts. All VPC’s will need to associate their private hosted zones to all other VPC’s if required to."
upvoted 2 times
...
...
aandc
2 years, 3 months ago
D, after reading https://aws.amazon.com/blogs/networking-and-content-delivery/centralized-dns-management-of-hybrid-cloud-with-amazon-route-53-and-aws-transit-gateway/
upvoted 1 times
...
jyrajan69
2 years, 3 months ago
First criteria, On-premises systems should be able to resolve and connect to cloud.example.com which rules out outbound, must be inbound from DC. So that leaves us with A and D, both work but based on best practice, using shared VPC is more efficient, so answer must be D
upvoted 2 times
...
jj22222
2 years, 6 months ago
Selected Answer: A
A is the answer
upvoted 1 times
...
gunjan229
2 years, 6 months ago
Selected Answer: D
D - We dont need to attach all the VPCs to TGW, only the Shared VPC. Private Hosted Zones and Forwarding Rules can be in shared VPC and shared using RAM to all the VPC (doesnt need Peering or TGW between VPCs for that, so A is incorrect)
upvoted 4 times
...
Milind
2 years, 8 months ago
When a Route 53 private hosted zone needs to be resolved in multiple VPCs and AWS accounts as described earlier, the most reliable pattern is to share the private hosted zone between accounts and associate it to each VPC that needs it from-> https://aws.amazon.com/blogs/networking-and-content-delivery/centralized-dns-management-of-hybrid-cloud-with-amazon-route-53-and-aws-transit-gateway/
upvoted 1 times
...
GeniusMikeLiu
2 years, 9 months ago
A or D? I am so confused...
upvoted 2 times
...
Smartphone
2 years, 9 months ago
D is the Answer. Read the link below. Don't blindly assume anything. https://aws.amazon.com/blogs/networking-and-content-delivery/centralized-dns-management-of-hybrid-cloud-with-amazon-route-53-and-aws-transit-gateway/
upvoted 1 times
...
heyhey_00
2 years, 9 months ago
The answer to the recent dump is marked with D. Is the answer A still valid?
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel