Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam ANS-C01 Topic 3 Question 23 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 23
Topic #: 3
[All ANS-C01 Questions]

A company's VPC has Amazon EC2 instances that are communicating with AWS services over the public internet. The company needs to change the connectivity so that the communication

does not occur over the public intemet.

The company deploys AWS PrivateLink endpoints in the VPC. After the deployment of the PrivateLink endpoints, the EC2 instances can no longer communicate at all with the required AWS

services.

Which combination of steps should a network engineer take to restore communication with the AWS services? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: B, C

To use AWS PrivateLink, you need to create interface type VPC endpoints for the services that you want to access privately from your VPC1. These endpoints appear as elastic network interfaces (ENIs) with private IPs in your subnets2. To enable DNS resolution for these endpoints, you need to set the enableDnsSupport attribute to True for your VPC, and enable DNS support for each endpoint3. You also need to ensure that the VPC endpoint policy allows communication between your VPC and the service4. You do not need to create any route table entries or Route 53 hosted zones for the endpoints, as they are not required for PrivateLink5.

AWS PrivateLink FAQs -- Amazon Web Services 2: AWS PrivateLink and service endpoint - Amazon EC2 Overview and Networking Introduction for Telecom Companies 3: VPC Endpoints: Secure and Direct Access to AWS Services 4: AWS PrivateLink and service endpoint - Amazon EC2 Overview and Networking Introduction for Telecom Companies 5: AWS Private Link vs VPC Endpoint - Stack Overflow


Contribute your Thoughts:

Corinne
5 months ago
Candidate 3: Sounds like a plan. Let's follow these steps to restore communication with the AWS services.
upvoted 0 times
...
Cruz
5 months ago
Candidate 2: Agreed. Let's start with enabling DNS support and then check the endpoint policy before moving on to Route 53.
upvoted 0 times
...
Matthew
5 months ago
Candidate 1: I'm not sure if that's necessary. Maybe we should first ensure DNS support is enabled for the VPC and VPC endpoints.
upvoted 0 times
...
Mona
5 months ago
Candidate 3: Should we also create a Route 53 private hosted zone with custom names for each service?
upvoted 0 times
...
Alaine
6 months ago
Candidate 2: Yes, that sounds like a good idea. We also need to ensure that the VPC endpoint policy allows communication.
upvoted 0 times
...
Lauryn
6 months ago
Candidate 1: I think we should add a route in the VPC route table to the PrivateLink endpoints.
upvoted 0 times
...
Alecia
6 months ago
Yes, that's a good point. We need to make sure the policy is set correctly.
upvoted 0 times
...
Shannon
7 months ago
But shouldn't we also check if the VPC endpoint policy allows communication?
upvoted 0 times
...
Gerald
7 months ago
Agreed, we also need to ensure enableDnsSupport and enable DNS support for each VPC endpoint.
upvoted 0 times
...
Alecia
7 months ago
I think we should add a route with the PrivateLink endpoints in the VPC route table.
upvoted 0 times
...
Ethan
8 months ago
Yeah, the DNS piece is crucial here. I'm guessing the PrivateLink endpoints need to be registered in a private hosted zone so the EC2 instances can resolve the service names correctly.
upvoted 0 times
...
Penney
8 months ago
Yup, sounds good to me. Now let's just hope the rest of the exam is as straightforward as this one!
upvoted 0 times
...
Junita
8 months ago
Agreed. Okay, I think we've got a good handle on this now. Let's go with B and C as our answers.
upvoted 0 times
...
Kathrine
8 months ago
Haha, I can just imagine the network engineer trying to figure this out. 'Okay, let me try adding a route to the PrivateLink endpoints... Nope, that's not it. Wait, what about the DNS settings? Aha, that must be it!'
upvoted 0 times
...
Serina
8 months ago
Haha, yeah, that one's a real doozy. Definitely a red herring. Let's stick to the PrivateLink and VPC networking stuff.
upvoted 0 times
...
Justine
8 months ago
Yeah, that makes sense. I was also thinking about the route table, but that's probably not the main issue here. The question specifically says the communication is broken after the PrivateLink deployment, so the routing should be fine.
upvoted 0 times
Cammy
6 months ago
And we need to ensure that each VPC endpoint has DNS support enabled.
upvoted 0 times
...
Catina
6 months ago
We should check if the VPC endpoint policy allows communication.
upvoted 0 times
...
...
Helga
8 months ago
I agree, the DNS configuration is probably the key here. Let's see, I think option B and E might be the right ones. We need to make sure the DNS support is enabled for the VPC and the PrivateLink endpoints, and we might need to create a private hosted zone to resolve the service names.
upvoted 0 times
Caprice
7 months ago
Correct, setting up all these steps should restore communication with the AWS services.
upvoted 0 times
...
Georgeanna
7 months ago
Adding a route in the VPC route table to the PrivateLink endpoints should also help.
upvoted 0 times
...
Elfrieda
8 months ago
Make sure the VPC endpoint policy allows communication as well.
upvoted 0 times
...
Alex
8 months ago
That sounds right. DNS configuration is definitely key in this situation.
upvoted 0 times
...
Rodolfo
8 months ago
We also need to create a private hosted zone to resolve the service names.
upvoted 0 times
...
Leslie
8 months ago
Yes, enabling DNS support for the VPC and PrivateLink endpoints is crucial.
upvoted 0 times
...
Jannette
8 months ago
I think B and E are the right options.
upvoted 0 times
...
...
Tonja
8 months ago
Hmm, I'm guessing the issue has to do with the DNS configuration. The question mentions that the EC2 instances can't communicate with the services after the PrivateLink deployment, so we might need to look at DNS settings.
upvoted 0 times
...
Clay
8 months ago
This question seems pretty straightforward, but I'm not sure about the PrivateLink part. I think it's asking us to figure out how to enable communication between the EC2 instances and the AWS services after the PrivateLink deployment.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77