Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 18 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02

Question #: 18
Topic #: 1

[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A DevOps engineer is creating an AWS CloudFormation template to deploy a web service. The web service will run on Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB). The DevOps engineer must ensure that the service can accept requests from clients that have IPv6 addresses.
What should the DevOps engineer do with the CloudFormation template so that IPv6 clients can access the web service?

A. Add an IPv6 CIDR block to the VPC and the private subnet for the EC2 instances. Create route table entries for the IPv6 network, use EC2 instance types that support IPv6, and assign IPv6 addresses to each EC2 instance.
B. Assign each EC2 instance an IPv6 Elastic IP address. Create a target group, and add the EC2 instances as targets. Create a listener on port 443 of the ALB, and associate the target group with the ALB.
C. Replace the ALB with a Network Load Balancer (NLB). Add an IPv6 CIDR block to the VPC and subnets for the NLB, and assign the NLB an IPv6 Elastic IP address.
D. Add an IPv6 CIDR block to the VPC and subnets for the ALB. Create a listener on port 443. and specify the dualstack IP address type on the ALB. Create a target group, and add the EC2 instances as targets. Associate the target group with the ALB.

Show Suggested Answer

Suggested Answer: D 🗳️

by lqpO_Oqpl at April 5, 2023, 4:09 a.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

levster

Highly Voted 2 years, 3 months ago

D "To support IPv6, configure your Application Load Balancers or Network Load Balancers with the “dualstack” IP address type. This means that clients can communicate with the load balancers using both IPv4 and IPv6 addresses. In a dual-stack IP address type, the DNS name of the load balancer provides both IPv4 and IPv6 addresses, and creates A and AAAA records respectively. " https://docs.aws.amazon.com/whitepapers/latest/ipv6-on-aws/scaling-the-dual-stack-network-design-in-aws.html

upvoted 7 times

...

01037

Most Recent 1 year, 3 months ago

Selected Answer: D

But why is port 443 necessary?

upvoted 3 times

flaacko

1 year ago

Port 443 is the TCP port for HTTPS which a secured or encrypted version of HTTP. To enable the ALB handle HTTPS traffic having a listener on port 443 is necessary.

upvoted 2 times

...

c3518fc

1 year, 3 months ago

Selected Answer: D

The correct answer is D. Add an IPv6 CIDR block to the VPC and subnets for the ALB. Create a listener on port 443. and specify the dualstack IP address type on the ALB. Create a target group, and add the EC2 instances as targets. Associate the target group with the ALB.

upvoted 1 times

...

zijo

1 year, 5 months ago

Why is the need for port 443 reference on D and D has no reference to private subnet. That makes me think the answer is A, but A has no reference to ALB.

upvoted 2 times

...

thanhnv142

1 year, 6 months ago

D is correct: use dual stack + listener on 443 A: no mention of the ALB B: no mention of adding dualstack IP to ALB C: cannot replace the ALB

upvoted 4 times

...

sksegha

1 year, 7 months ago

definitely D

upvoted 2 times

...

Jamshif01

1 year, 7 months ago

keyword is "Dualstack"

upvoted 2 times

...

z_inderjot

1 year, 8 months ago

Selected Answer: D

D is correct , To enable ALB to deal with Ipv6 requests , vpc should enable for dual stack, by configuring a ipv6 cidr , and ALB subnet should also adhere to the same , by having ipv4 and 6 cidr B is incorrect , we can assisg any public ip to instance , since it is in private subnet .

upvoted 3 times

...

madperro

2 years, 2 months ago

Selected Answer: D

D is the correct answer. C is wrong, we don't need Elastic IPs for a private app.

upvoted 1 times

...

Rick365

2 years, 2 months ago

Selected Answer: D

D i answer

upvoted 1 times

...

bcx

2 years, 2 months ago

I would say it is D. The backend instances serving the data can be IPv4. The ALB shoult serve IPv6 to the public (which is what is required by the question). So the only place in the VPC that needs IPv6 are the ALB subnets.

upvoted 4 times

...

ParagSanyashiv

2 years, 3 months ago

Selected Answer: D

D is the correct answer in this case

upvoted 1 times

...

haazybanj

2 years, 3 months ago

Selected Answer: D

To allow IPv6 clients to access the web service running on Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB) using an AWS CloudFormation template, the DevOps engineer should choose option D: Add an IPv6 CIDR block to the VPC and subnets for the ALB. Create a listener on port 443, and specify the dualstack IP address type on the ALB. Create a target group, add the EC2 instances as targets, and associate the target group with the ALB. The dualstack IP address type enables the ALB to support both IPv4 and IPv6 traffic. By adding an IPv6 CIDR block to the VPC and subnets for the ALB, the VPC automatically assigns an IPv6 address to the ALB.

upvoted 4 times

...