ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 15 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 15
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company is using multiple AWS accounts. The DNS records are stored in a private hosted zone for Amazon Route 53 in Account A. The company’s applications and databases are running in Account B.
A solutions architect will deploy a two-tier application in a new VPC. To simplify the configuration, the db.example.com CNAME record set for the Amazon RDS endpoint was created in a private hosted zone for Amazon Route 53.
During deployment, the application failed to start. Troubleshooting revealed that db.example.com is not resolvable on the Amazon EC2 instance. The solutions architect confirmed that the record set was created correctly in Route 53.
Which combination of steps should the solutions architect take to resolve this issue? (Choose two.)

  • A. Deploy the database on a separate EC2 instance in the new VPC. Create a record set for the instance’s private IP in the private hosted zone.
  • B. Use SSH to connect to the application tier EC2 instance. Add an RDS endpoint IP address to the /etc/resolv.conf file.
  • C. Create an authorization to associate the private hosted zone in Account A with the new VPC in Account B.
  • D. Create a private hosted zone for the example com domain in Account B. Configure Route 53 replication between AWS accounts.
  • E. Associate a new VPC in Account B with a hosted zone in Account A. Delete the association authorization in Account A.
Show Suggested Answer Hide Answer
Suggested Answer: CE 🗳️
by robertohyena at Dec. 11, 2022, 2:12 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
masetromain
Highly Voted 2 years, 2 months ago
Selected Answer: CE
C and E are correct. C. Create an authorization to associate the private hosted zone in Account A with the new VPC in Account B. This step is necessary because the VPC in Account B needs to be associated with the private hosted zone in Account A to be able to resolve the DNS records. E. Associate a new VPC in Account B with a hosted zone in Account A. Delete the association authorization in Account A. This step is necessary because the association authorization needs to be removed in Account A after the association is done in Account B.
upvoted 33 times
...
kiran15789
Highly Voted 2 years ago
Selected Answer: CE
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zone-private-associate-vpcs-different-accounts.html
upvoted 10 times
...
TariqKipkemei
Most Recent 4 months, 3 weeks ago
Selected Answer: CE
Associate the new VPC in Account B with the hosted zone in Account A, delete the association authorization in Account A. Then create an authorization to associate the private hosted zone in Account A with the new VPC in Account B.
upvoted 1 times
...
masetromain
6 months, 1 week ago
Selected Answer: CE
With comments and links the answer is C and E. (Ty robertohyène and JosuéXu) C = 6. Run the following command to create the association between Account A's private hosted zone and Account B's VPC. Use the hosted zone's ID from step 3. B account. E = 7. It is recommended to remove the association permission after the association is created. This will prevent you from recreating the same association later. https://aws.amazon.com/premiumsupport/knowledge-center/route53-private-hosted-zone/
upvoted 4 times
masetromain
2 years, 3 months ago
https://www.examtopics.com/discussions/amazon/view/36113-exam-aws-certified-solutions-architect-professional-topic-1/
upvoted 1 times
...
...
CloudFloater
6 months, 1 week ago
Selected Answer: CE
C and E. In order to resolve the issue, the solutions architect should create an authorization to associate the private hosted zone in Account A with the new VPC in Account B (Option C). This will allow the new VPC in Account B to access the DNS records stored in the private hosted zone in Account A. In addition, the solutions architect should associate the new VPC in Account B with the hosted zone in Account A (Option E) and delete the association authorization in Account A. This will ensure that the new VPC in Account B is properly configured to use the private hosted zone in Account A and resolve the db.example.com CNAME record set correctly.
upvoted 5 times
...
whenthan
6 months, 1 week ago
Selected Answer: CE
https://repost.aws/knowledge-center/route53-private-hosted-zone Create an authorization to associate the private hosted zone and as a best practice , it is recommended to delete the association authorization in account A-This step prevents you from recreating the same association later. To delete the authorization, reconnect to the EC2 instance in Account A
upvoted 2 times
...
liuliangzhou
6 months, 2 weeks ago
Selected Answer: CE
A account's DNS Zone authorization is associated with B's VPC, and after B's VPC is associated with A's Priviate Zone, A's authorization permission is deleted for security reasons.
upvoted 1 times
...
amministrazione
7 months ago
C. Create an authorization to associate the private hosted zone in Account A with the new VPC in Account B. E. Associate a new VPC in Account B with a hosted zone in Account A. Delete the association authorization in Account A.
upvoted 1 times
...
7f6aef3
11 months, 3 weeks ago
Selected Answer: CE
https://repost.aws/knowledge-center/route53-private-hosted-zone
upvoted 1 times
...
8608f25
1 year, 1 month ago
Selected Answer: CE
Correct answers
upvoted 1 times
8608f25
6 months, 1 week ago
Explanation: * Option C is correct because, in a multi-account AWS setup, to use a Route 53 private hosted zone from one account (Account A) in another account’s VPC (Account B), you first need to create an authorization. This authorization is necessary for allowing the private hosted zone in one account to be associated with a VPC in another account. This step enables the resolution of DNS records stored in the private hosted zone across accounts. * Option E is correct as it follows up on the authorization created in Option C. Once the authorization is in place, you can then associate the new VPC in Account B with the private hosted zone in Account A. This association is what actually allows the EC2 instances within the VPC in Account B to resolve DNS queries using the private hosted zone in Account A, ensuring that db.example.com can be resolved as intended.
upvoted 4 times
8608f25
1 year, 1 month ago
Why the others are incorrect: * Option A is not a direct solution to the problem of DNS resolution across AWS accounts. Deploying the database on an EC2 instance does not address the issue of DNS resolution for the RDS endpoint across accounts. * Option B is not a scalable or AWS-recommended solution. Manually adding RDS endpoint IP addresses to the /etc/resolv.conf file on an EC2 instance is not practical for environments that require automation and could lead to issues if the RDS endpoint changes. * Option D involves creating a separate private hosted zone in Account B and configuring Route 53 replication between AWS accounts. This option is unnecessary and more complex than required. The direct association of VPCs across accounts to a single hosted zone is a simpler and more effective solution. Therefore, Options C and E are the steps that directly address the issue with the least complexity and enable the intended DNS resolution across AWS accounts.
upvoted 3 times
...
...
...
atirado
1 year, 3 months ago
Selected Answer: CE
Option A - This option does not work - It does not provide for solving address name resolution in the new VPC Option B - This option works but it breaks the company’s architecture where all DNS names are stored in the private zone in Account A Option C - This option contributes to the solution. Option D - Breaks the company’s architecture Option E - This option contributes to the solution
upvoted 1 times
...
severlight
1 year, 4 months ago
Selected Answer: CE
obvious
upvoted 1 times
...
SfQ
1 year, 5 months ago
Selected Answer: CE
C and E are correct. B is not a best solution. It's a manual setup and it may lose the configuration if we are using ASG and launching new instance.
upvoted 1 times
...
Chainshark
1 year, 5 months ago
Why is B marked as correct?
upvoted 2 times
SfQ
1 year, 5 months ago
B is not a best solution. It's a manual setup and it may lose the configuration if we are using ASG and launching new instance.
upvoted 2 times
...
...
NikkyDicky
1 year, 9 months ago
Selected Answer: CE
it's CE
upvoted 1 times
...
Jonalb
1 year, 9 months ago
Selected Answer: CE
ccccccccccccceeeeeeeeeeeeee
upvoted 1 times
...
SkyZeroZx
1 year, 9 months ago
Selected Answer: CE
C & E as Issue is associated with authorization
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago