Amazon ANS-C01 Exam Dumps

A company is using custom DNS servers that run BIND for name resolution in its VPCs. The VPCs are deployed across multiple AWS accountsthat are part of the same organization in AWS Organizations. All the VPCs are connected to a transit gateway. The BIND servers are running ina central VPC and are configured to forward all queries for an on-premises DNS domain to DNS servers that are hosted in an on-premises datacenter. To ensure that all the VPCs use the custom DNS servers, a network engineer has configured a VPC DHCP options set in all the VPCsthat specifies the custom DNS servers to be used as domain name servers.Multiple development teams in the company want to use Amazon Elastic File System (Amazon EFS). A development team has created a newEFS file system but cannot mount the file system to one of its Amazon EC2 instances. The network engineer discovers that the EC2 instancecannot resolve the IP address for the EFS mount point fs-33444567d.efs.us-east-1.amazonaws.com. The network engineer needs to implementa solution so that development teams throughout the organization can mount EFS file systems.Which combination of steps will meet these requirements? (Choose two.)

A. Configure the BIND DNS servers in the central VPC to forward queries for efs.us-east-1.amazonaws.com to the Amazon provided DNSserver (169.254.169.253).

B. Create an Amazon Route 53 Resolver outbound endpoint in the central VPC. Update all the VPC DHCP options sets to useAmazonProvidedDNS for name resolution.

C. Create an Amazon Route 53 Resolver inbound endpoint in the central VPUpdate all the VPC DHCP options sets to use the Route 53Resolver inbound endpoint in the central VPC for name resolution.

D. Create an Amazon Route 53 Resolver rule to forward queries for the on-premises domain to the on-premises DNS servers. Share therule with the organization by using AWS Resource Access Manager (AWS RAM). Associate the rule with all the VPCs.

E. Create an Amazon Route 53 private hosted zone for the efs.us-east-1.amazonaws.com domain. Associate the private hosted zone withthe VPC where the EC2 instance is deployed. Create an A record for fs-33444567d.efs.us-east1.amazonaws.com in the private hostedzone. Configure the A record to return the mount target of the EFS mount point.

A company operates its IT services through a multi-site hybrid infrastructure. The company deploys resources on AWS in the us-east-1 Regionand in the eu-west-2 Region. The company also deploys resources in its own data centers that are located in the United States (US) and in theUnited Kingdom (UK). In both AWS Regions, the company uses a transit gateway to connect 15 VPCs to each other. The company has createda transit gateway peering connection between the two transit gateways. The VPC CIDR blocks do not overlap with each other or with IPaddresses used within the data centers. The VPC CIDR prefixes can also be aggregated either on a Regional level or for the company's entireAWS environment.The data centers are connected to each other by a private WAN connection. IP routing information is exchanged dynamically through InteriorBGP (iBGP) sessions. The data centers maintain connectivity to AWS through one AWS Direct Connect connection in the US and one DirectConnect connection in the UK. Each Direct Connect connection is terminated on a Direct Connect gateway and is associated with a localtransit gateway through a transit VIF.Traffic follows the shortest geographical path from source to destination. For example, packets from the UK data center that are targeted toresources in eu-west-2 travel across the local Direct Connect connection. In cases of cross-Region data transfers, such as from the UK datacenter to VPCs in us-east-1, the private WAN connection must be used to minimize costs on AWS. A network engineer has configured eachtransit gateway association on the Direct Connect gateway to advertise VPC-specific CIDR IP prefixes only from the local Region. The routestoward the other Region must be learned through BGP from the routers in the other data center in the original, non-aggregated form.The company recently experienced a problem with cross-Region data transfers because of issues with its private WAN connection. Thenetwork engineer needs to modify the routing setup to prevent similar interruptions in the future. The solution cannot modify the originaltraffic routing goal when the network is operating normally.Which modifications will meet these requirements? (Choose two.)

A. Remove all the VPC CIDR prefixes from the list of subnets advertised through the local Direct Connect connection. Add the company'sentire AWS environment aggregate route to the list of subnets advertised through the local Direct Connect connection.

B. Add the CIDR prefixes from the other Region VPCs and the local VPC CIDR blocks to the list of subnets advertised through the localDirect Connect connection. Configure data center routers to make routing decisions based on the BGP communities received.

C. Add the aggregate IP prefix for the other Region and the local VPC CIDR blocks to the list of subnets advertised through the local DirectConnect connection.

D. Add the aggregate IP prefix for the company's entire AWS environment and the local VPC CIDR blocks to the list of subnets advertisedthrough the local Direct Connect connection.

E. Remove all the VPC CIDR prefixes from the list of subnets advertised through the local Direct Connect connection. Add both Regionalaggregate IP prefixes to the list of subnets advertised through the Direct Connect connection on both sides of the network. Configure datacenter routers to make routing decisions based on the BGP communities received.

A company is migrating an application from on premises to AWS. The company will host the application on Amazon EC2 instances that aredeployed in a single VPC. During the migration period, DNS queries from the EC2 instances must be able to resolve names of on-premisesservers. The migration is expected to take 3 months After the 3-month migration period, the resolution of on-premises servers will no longerbe needed.What should a network engineer do to meet these requirements with the LEAST amount of configuration?

A. Set up an AWS Site-to-Site VPN connection between on premises and AWS. Deploy an Amazon Route 53 Resolver outbound endpoint inthe Region that is hosting the VPC.

B. Set up an AWS Direct Connect connection with a private VIF. Deploy an Amazon Route 53 Resolver inbound endpoint and a Route 53Resolver outbound endpoint in the Region that is hosting the VPC.

C. Set up an AWS Client VPN connection between on premises and AWS. Deploy an Amazon Route 53 Resolver inbound endpoint in theVPC.

D. Set up an AWS Direct Connect connection with a public VIF. Deploy an Amazon Route 53 Resolver inbound endpoint in the Region that ishosting the VPC. Use the IP address that is assigned to the endpoint for connectivity to the on-premises DNS servers.