ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 352 discussion

Exam question from Amazon's ANS-C00
Question #: 352
Topic #: 1
[All ANS-C00 Questions]

A company wants to migrate its workloads to the AWS Cloud. The company has two web applications and wants to run them in separate, isolated VPCs. The company needs to use Elastic Load Balancing to distribute requests between application instances.
For security reasons, internet gateways must not be attached to the application VPCs. Inbound HTTP requests to the application must be routed through a centralized VPC, and the application VPCs must not be exposed to any other inbound traffic. The application VPCs cannot be allowed to initiate any outbound connections.
What should a network engineer do to meet these requirements?

  • A. Run the applications behind private Application Load Balancers (ALBs) in separate VPCs. Create a public Network Load Balancer (NLB) in the centralized VPC. Create target groups for the private DNS names of the ALBs. Configure host-based routing to route application traffic to the corresponding target group through the NLB.
  • B. Run the applications behind private Application Load Balancers (ALBs) in separate VPCs. Create a public Network Load Balancer (NLB) in the centralized VPC. Create target groups for the private IP addresses of the ALBs. Configure host-based routing to route application traffic to the corresponding target group through the NLB.
  • C. Run the applications behind private Network Load Balancers (NLBs) in separate VPCs. Create VPC peering connections between the application VPCs and the centralized VPC. Create a public Application Load Balancer (ALB) in the centralized VPC. Create target groups for the private DNS names of the NLBs. Configure host-based routing to route application traffic between individual applications though the ALB.
  • D. Run the applications behind private Network Load Balancers (NLBs) in separate VPCs. Configure each NLB as an AWS PrivateLink endpoint service with associated VPC endpoints in the centralized VPC. Create target groups that include the private IP addresses of each endpoint. Create a public Application Load Balancer (ALB) in the centralized VPC. Configure host-based routing to route application traffic to the corresponding target group through the ALB.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by walkwolf3 at Sept. 1, 2021, 3:09 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
walkwolf3
Highly Voted 3 years, 7 months ago
D From the question, Inbound HTTP requests to the application must be routed through a centralized VPC. It means the ELB which facing to public must be ALB, so remove A & B. The difference between C & D is C is using peered connection, which D is using PrivatLink. C. Peered connection could potentially open connection between peered VPCs D. Interface VPC endpoints (AWS PrivateLink) only allow connection which specified in the endpoint services. Technically, both options could meet requirement, but D is more strict. So my take is D.
upvoted 15 times
khchan123
3 years, 1 month ago
Agree. DDDDDDDDDDD
upvoted 2 times
...
Jazz888
3 years, 2 months ago
I agree with you. On top of that you cannot create target groups for the private DNS names of the NLBs - ALB does not support DNS names as target so I think this confirms C can not be the answer
upvoted 3 times
...
...
joanneli77
Most Recent 2 years, 5 months ago
Selected Answer: D
A is wrong because there is no connectivity to the other VPCs.
upvoted 1 times
...
SunnyAU
2 years, 10 months ago
D Use NLB endpoints for load balancing internal traffic and ALB for Internet. https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-securely-publish-internet-applications-at-scale-using-application-load-balancer-and-aws-privatelink/
upvoted 2 times
...
nklocal
2 years, 10 months ago
A is wrong as HTTP traffic better have frontend ALB. It is either C or D
upvoted 1 times
...
clooudy
2 years, 11 months ago
Selected Answer: D
Answer: D A is out since NLB can't have DNS names as targets ( need lambda service to achieve this) B is out NLB can't do host based routing to targets C is out ALB can't have DNS names as targets
upvoted 2 times
...
sapien45
3 years, 1 month ago
So ... here is a valuable response : host-based routing to route application traffic to the corresponding target group : NLB cannot do that : a and b out ALB support as target instances-ID or IP adresses, no DNS names of the NLB : C out NLB supports AWS PrivaleLink endpoint service (fixed IP adress) : D
upvoted 4 times
...
sync0
3 years, 4 months ago
Selected Answer: A
its A https://aws.amazon.com/blogs/networking-and-content-delivery/application-load-balancer-type-target-group-for-network-load-balancer/
upvoted 2 times
Jazz888
3 years, 2 months ago
How will http traffic be interpreted for NLB? Basic question and the link has nothing to do with the question. It is always gain to read though.
upvoted 2 times
...
sapien45
3 years, 1 month ago
non-sense. Here, NLB are the target of ALB, not the opposite.
upvoted 1 times
...
clooudy
3 years, 1 month ago
wrong NLBs can't have DNS names as target group, needs lambda service to do that
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago