Your organization's corporate website must be available on www.acme.com and acme.com. How should you configure Amazon Route 53 to meet this requirement?
A.
Configure acme.com with an ALIAS record targeting the ELB. www.acme.com with an ALIAS record targeting the ELB.
B.
Configure acme.com with an A record targeting the ELB. www.acme.com with a CNAME record targeting the acme.com record.
C.
Configure acme.com with a CNAME record targeting the ELB. www.acme.com with a CNAME record targeting the acme.com record.
D.
Configure acme.com using a second ALIAS record with the ELB target. www.acme.com using a PTR record with the acme.com record target.
This is another poorly worded unfair AWS question.
What you would want is to have an A record with an ALIAS to the ELB for acme.com and a CNAME record for www.acme.com pointing to acme.com. That way, if you needed to replace the ELB, you wouldn't need to update multiple records.
Cost is not a consideration or an objective, the question doesn't lead you in anyway to consider costs..
CNAME = www.acme.com
A = A record for the ALB
Therefore A is Correct.
Agreed poorly worded example question.
Point of clarification. An Alias is a CNAME. So if I want WWW.HELLO.COM to point at HELLO.COM, I'd created a A-Record in the zone for hello.com for *.hello, and then a CNAME for www to point at *.hello.com
You cannot write a question based on the column HEADER shown in the Route 53 as within the UI when you creating these objects its called a CNAME not an Alias
Am I right, or wrong?
https://snipboard.io/tlr0je.jpg
A
A zone apex record is a DNS record at the root of a DNS zone, such as ‘example.com.’ RFC 1034 states that the zone apex must be an A Record, and not a CNAME record. This means that the zone apex record must point to one or more IP addresses.
AWS provides alias record sets to redirect your zone apex requests to an AWS service DNS name. But, when using many third-party DNS providers, this isn’t possible.
https://aws.amazon.com/blogs/networking-and-content-delivery/solving-dns-zone-apex-challenges-with-third-party-dns-providers-using-aws/#:~:text=A%20zone%20apex%20record%20is,provided%20rather%20than%20IP%20addresses.
B and C are incorrect, you can't use a CNAME or A record for zone apex (acme.com). D is incorrect as using a PTR (name to IP) to point www.acme.com at acme.com is incorrect.
By elimination this only leaves A as the "best" answer, but as others have said badly worded question.
Unlike a CNAME record, you can create an alias record at the top node of a DNS namespace, also known as the zone apex. For example, if you register the DNS name example.com, the zone apex is example.com. You can't create a CNAME record for example.com, but you can create an alias record for example.com that routes traffic to www.example.com (as long as www.example.com doesn't already have a CNAME record).
Ref: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-alias-non-alias.html
A company uses an AWS Site-to-Site VPN to connect its corporate network The company recently added an AWS Direct Connect connection A network engineer wants all traffic to use the Direct Connect connection and for the VPN to be used as backup However after the Direct Connect connection was added traffic continued to pass through the VPN connection. What should the network engineer do to route the traffic through the Direct Connect connection'?
A. Add routes to the VPC route tables that specify the Direct Connect connection.
B. Set local preference BGP community tags on the on-premises router.
C. Advertise the same network routes over the Direct Connect connection and VPN connection.
D. Ensure the Direct Connect connection AS_PATH is longer than the VPN connection AS_PATH.
Answer B
Important: Be sure that Direct Connect is the preferred route from your end, and not over VPN when the Direct Connect virtual interface is up in order to avoid asymmetric routing; this might cause traffic to be dropped. We always prefer a Direct Connect connection over VPN routes on the AWS side.
https://aws.amazon.com/premiumsupport/knowledge-center/configure-vpn-backup-dx/
https://aws.amazon.com/directconnect/faqs/
A company wants to conduct a proof of concept for an SAP HANA application with a hey objective to automate the provisioning of infrastructure and the application. The company operates a hybrid cloud infrastructure with AWS Direct Connect between its data center and VPC. Security policy dictates that all traffic from AWS be routed through on-premises data center firewalls. Security policy also prohibits the use of a VPC internet gateway for internet access. The company enforces use of a forward proxy server for all outbound network traffic. All resources inside the VPC are able to reach on-premises servers. All Amazon EC2 Linux instances require package updates over the internet. However, the updates are failing and sending errors. What would cause these errors?
A. Inbound security groups are configured incorrectly on the EC2 instances running in the VPC.
B. The VPC route table does not have entries for the proxy server in the data center.
C. The EC2 instances are not configured to use the proxy running in the data center for traffic on TCP port 80.
D. The data center firewall is blocking all traffic sent from the VPC CIDR range destined for 0.0.0.0/0.
C
A - of course is wrong
B - is wrong because "All resources inside the VPC are able to reach on-premises servers"
D - It's said that on-prems firewall has outbound default rule, but from VPC CIDR to 0.0.0. only, the real packet will be VPC CIDR -> proxy IP <-> Internet, So it wont be denied
For most of proxy setting, the port 80 is used, as well as yum update.
https://acloud.guru/forums/aws-certified-solutions-architect-associate/discussion/-KgjZaTaED_z1o1rjuUX/does_%22yum_update_-y%22_use_port
A
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-alias-non-alias.html
CNAME records
You can't create a CNAME record that has the same name as the hosted zone (the zone apex). This is true both for hosted zones for domain names (example.com) and for hosted zones for subdomains (zenith.example.com).
Option A is the right answer
if you register the DNS name example.com, the zone apex is example.com. You can't create a CNAME record for example.com, but you can create an alias record for example.com that routes traffic to www.example.com.
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-alias-non-alias.html
The answer is A.
Here's a Configuring a "Static Website Using a Custom Domain Registered with Route 53" Developer guide.
https://docs.aws.amazon.com/AmazonS3/latest/dev/website-hosting-custom-domain-walkthrough.html#root-domain-walkthrough-add-record-to-hostedzoned
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Mkumar
Highly Voted 3 years, 2 months agosunilpatel040506
Highly Voted 3 years, 2 months agoshadi1982
3 years, 2 months agoshadi1982
3 years, 2 months agoAjani
3 years, 2 months agoImAlwaysRight
3 years, 1 month agoStelSen
3 years, 1 month agoCyril_the_Squirl
3 years, 1 month agongmichael
Most Recent 1 year, 1 month agoPavanKushwah123
1 year, 11 months agoMehmet_v2
1 year, 11 months agoGARBA12
1 year, 12 months agoMarty2021
2 years, 5 months agotttao
2 years, 11 months agowalkwolf3
3 years, 1 month agowalkwolf3
3 years, 1 month agoshammous
2 years, 11 months agowalkwolf3
3 years, 1 month agowalkwolf3
3 years, 1 month agowalkwolf3
3 years, 1 month agoChauPhan
3 years, 1 month agoNSF2
3 years, 1 month agoHuntkey
3 years, 1 month agotarq
3 years, 1 month agoAshu1901
3 years, 1 month agoluckymuki
3 years, 1 month agoOrel
3 years, 1 month ago