ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 357 discussion

Exam question from Amazon's ANS-C00
Question #: 357
Topic #: 1
[All ANS-C00 Questions]

A company has an application running on Amazon EC2 instances in a VPC. The application must publish custom metrics to Amazon CloudWatch in the same
AWS Region. The metrics include proprietary information. All connectivity must be over private IP addresses.
Which solution will meet these requirements?

  • A. Connect to CloudWatch through a NAT gateway.
  • B. Connect to CloudWatch through a gateway endpoint.
  • C. Connect to CloudWatch through an internet gateway.
  • D. Connect to CloudWatch through an interface endpoint.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by walkwolf3 at Sept. 5, 2021, 2:25 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
walkwolf3
Highly Voted 3 years, 8 months ago
D To connect your VPC to CloudWatch Logs, you define an interface VPC endpoint for CloudWatch Logs. This type of endpoint enables you to connect your VPC to AWS services. The endpoint provides reliable, scalable connectivity to CloudWatch Logs without requiring an internet gateway, network address translation (NAT) instance, or VPN connection. Interface VPC endpoints are powered by AWS PrivateLink, an AWS technology that enables private communication between AWS services using an elastic network interface with private IP addresses. https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/cloudwatch-logs-and-interface-VPC.html
upvoted 9 times
...
Marty2021
Most Recent 2 years, 11 months ago
D is correct - A & C (NATGW and IGW) go over public AWS zone and B uses a Gateway endpoint which only supports DynamoDB and S3.
upvoted 1 times
...
jerac58653
3 years ago
Selected Answer: D
I do not think there is a way to connect to the CloudWatch without interface endpoint, so D should be the correct answer, but what do they mean by "All communication must be conducted over secret IP addresses." ?! It makes you think you need to hide it from CloudWatch with NAT, but when you think about it even with Interface Endpoint there is NAT somewhere on the way to CloudWatch as it is a shared service between multiple customers with the same ranges. So maybe the IP is really secret and hidden from CloudWatch.
upvoted 1 times
...
sapien45
3 years, 3 months ago
I always confuse the two endpoints type. D indeed
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel