Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Amazon Discussions

Exam AWS Certified Solutions Architect - Professional topic 1 question 35 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 35
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

You are tasked with moving a legacy application from a virtual machine running inside your datacenter to an Amazon VPC. Unfortunately, this app requires access to a number of on-premises services and no one who configured the app still works for your company. Even worse there's no documentation for it.
What will allow the application running inside the VPC to reach back and access its internal dependencies without being reconfigured? (Choose three.)

  • A. An AWS Direct Connect link between the VPC and the network housing the internal services.
  • B. An Internet Gateway to allow a VPN connection.
  • C. An Elastic IP address on the VPC instance
  • D. An IP address space that does not conflict with the one on-premises
  • E. Entries in Amazon Route 53 that allow the Instance to resolve its dependencies' IP addresses
  • F. A VM Import of the current virtual machine
Show Suggested Answer Hide Answer
Suggested Answer: ADF 🗳️
AWS Direct Connect -
AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or collocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.
AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. Using industry standard 802.1q VLANs, this dedicated connection can be partitioned into multiple virtual interfaces. This allows you to use the same connection to access public resources such as objects stored in Amazon S3 using public IP address space, and private resources such as Amazon EC2 instances running within an

Amazon -
Virtual Private Cloud (VPC)
using private IP space, while maintaining network separation between the public and private environments. Virtual interfaces can be reconfigured at any time to meet your changing needs.
What is AWS Direct Connect?
AWS Direct Connect links your internal network to an AWS Direct Connect location over a standard 1 gigabit or 10 gigabit Ethernet fiber-optic cable. One end of the cable is connected to your router, the other to an AWS Direct Connect router. With this connection in place, you can create virtual interfaces directly to the
AWS cloud (for example, to Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Simple Storage Service (Amazon S3) and to Amazon Virtual Private
Cloud (Amazon VPC), bypassing Internet service providers in your network path. An AWS Direct Connect location provides access to Amazon Web Services in the region it is associated with, as well as access to other US regions. For example, you can provision a single connection to any AWS Direct Connect location in the US and use it to access public AWS services in all US Regions and AWS GovCloud (US).
The following diagram shows how AWS Direct Connect interfaces with your network.


Requirements -
To use AWS Direct Connect, your network must meet one of the following conditions:
Your network is collocated with an existing AWS Direct Connect location. For more information on available AWS Direct Connect locations, go to http:// aws.amazon.com/directconnect/
.
You are working with an AWS Direct Connect partner who is a member of the AWS Partner Network (APN). For a list of AWS Direct Connect partners who can help you connect, go to http://aws.amazon.com/directconnect
.
You are working with an independent service provider to connect to AWS Direct Connect.
In addition, your network must meet the following conditions:
Connections to AWS Direct Connect require single mode fiber, 1000BASE-LX (1310nm) for 1 gigabit Ethernet, or 10GBASE-LR (1310nm) for 10 gigabit Ethernet.
Auto Negotiation for the port must be disabled. You must support 802.1Q VLANs across these connections.
Your network must support Border Gateway Protocol (BGP) and BGP MD5 authentication. Optionally, you may configure Bidirectional Forwarding Detection
(BFD).
To connect to Amazon Virtual Private Cloud (Amazon VPC), you must first do the following:
Provide a private Autonomous System Number (ASN). Amazon allocates a private IP address in the 169.x.x.x range to you.
Create a virtual private gateway and attach it to your VPC. For more information about creating a virtual private gateway, see
Adding a Hardware Virtual Private

Gateway to Your VPC -
in the Amazon VPC User Guide.
To connect to public AWS products such as Amazon EC2 and Amazon S3, you need to provide the following:
A public ASN that you own (preferred) or a private ASN.
Public IP addresses (/31) (that is, one for each end of the BGP session) for each BGP session. If you do not have public IP addresses to assign to this connection, log on to AWS and then open a ticket with AWS Support
.
The public routes that you will advertise over BGP.
by Warrenn at Oct. 25, 2019, 5:36 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Warrenn
Highly Voted 2 years, 7 months ago
ADE The question asks what will allow the application running inside the VPC to reach back and access its internal dependencies without being reconfigured. Not how to migrate it. To properly resolve internal dependency address you need Route53 https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-getting-started.html
upvoted 22 times
EricZhang
2 years, 7 months ago
You need to configure Resolver that forward the DNS query to on-prem DNS servers. I think E means adding A/CNAME/Alias records into Route 53.
upvoted 4 times
Smart
2 years, 7 months ago
Agreed. Option F is simply not relevant to the question asked. Option E is more appropriate. In this case, we setup a R53 Private Hosted Zone. More appropriately, also setup R53 Resolver. Answer is ADE.
upvoted 2 times
kakashi
2 years, 7 months ago
Although I agree that Route53 could be used E does not clearly explain what needs to be done. D is important because is a VM with no documentation so you might not be able to recreate it from scratch and the best way is to import the VM into AWS.
upvoted 1 times
...
...
...
tan9
2 years, 7 months ago
ADF. The question is "MOVING a legacy application from a virtual machine running inside your datacenter to an Amazon VPC," hence (E) VM Import is the necessary step to do. Besides, (D) Route 53 Private DNS will only work for DNS names rather than IP addresses.
upvoted 13 times
sashenka
2 years, 6 months ago
AD[E]. So if the application is referencing internal/on-prem domains one would need to forward those to the on-prem DNS via R53. The facts we're given is there is "no documentation" about the app. For example the app could be trying to connect to an on-prem database or file server via a FQDN which is a best practice rather than reference IP's. So in this scenario how would you suggest it function if one does not leverage R53? Take another look at what we are being asked for... it is communication dependencies and not migration methodology.
upvoted 2 times
hobokabobo
1 year, 4 months ago
Um, first sentence: "You are tasked with moving a legacy application from a virtual machine running inside your datacenter to an Amazon VPC"
upvoted 1 times
shammous
4 months, 1 week ago
That step was already done. the question is about connectivity not migration
upvoted 1 times
...
...
...
...
...
AnNguyen
Highly Voted 2 years, 7 months ago
Answer is A,D,F B: Virtual and Customer gateway is needed C: Don’t need a EIP as private subnets can also interact with on-premises network E: Route 53 is not required
upvoted 11 times
...
devilman222
Most Recent 1 month, 1 week ago
Don't understand how its anything but ADE. A. Only way mentioned to communicate with on prem. F. Can't work without it. Without a DNS resolver, the two machines will never find each other D. This is necessary for F to work. Wrong answers. B. It doesn't need to be public C. An elastic IP solve the problem of communicating with on Prem. F. Lots of ways to do this, but you only get three which are required for it to work.
upvoted 1 times
...
kondratyevmn
10 months, 2 weeks ago
Why everyone is so convinced about D? I would choose C over D, because an Elastic IP address comes from Amazon's pool of IPv4 addresses, !!!OR!!! from a custom IPv4 address pool that you have brought to your AWS account. Meaning that you can keep the IP from on-premise. ACF
upvoted 1 times
...
Prasadvd
1 year, 2 months ago
Selected Answer: ADE
Question is not on how to migrate the VM. The VM is assumed to have already been migrated. Resolution of address would require outbound endpoint and Rte 53 Resolver https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html
upvoted 2 times
...
TigerInTheCloud
1 year, 5 months ago
Selected Answer: ADF
A. Possible for connection, if we do not have any other (better) way B. Wrong, the internet gateway is not for VNP. C. No, EIP is not needed. D. Yes, no IP conflict (or you need NAT) E. Good, I prefer hostnames over IPs F. Surely, for moving applications to the cloud. So choose three ADF; If choose four ADEF
upvoted 2 times
...
Cal88
1 year, 6 months ago
I don't know why a lot of comments here are talking about route 53 when its not relevant at all. If we have a direct connect connection and a server that's migrated from on premise as is (including DNS config in /etc/resolv.conf ) That server will still use on premise DNS since we already have reachability to our on premise using direct connect You use route 53 resolver to point an ec2 instance that's using your VPC DNS to on premise The question is clearly asking for a "Lift and shift" approach so I would go with ADF
upvoted 2 times
...
welcomeYM
1 year, 8 months ago
Selected Answer: ADF
ADF ADF ADF ADF ADF
upvoted 1 times
marcotglb
1 year, 5 months ago
The question is just about reachability. It is not about how the machine should be migrated. The original machine could also be migrated in other ways.
upvoted 1 times
...
...
snakecharmer2
2 years ago
Selected Answer: ADF
F and no E - We need to import the VM because we want to move all the configruations and keys that are located on its disk with it, so it is a must for the migration. Route53 is not a must!!!
upvoted 1 times
...
aloha123
2 years ago
Selected Answer: ADE
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html
upvoted 1 times
...
RVivek
2 years, 4 months ago
ADE or ADF ADE : If you take the question "What enables the application operating inside the VPC to communicate with and access its internal dependencies without requiring reconfiguration?" In this case we assume the VM migaration is over ADF: If you focus on the question part "You've been entrusted with the responsibility of migrating a legacy application from a virtual machine" . here we assume the application uses hardcoded IP address and do not use DNS names
upvoted 1 times
RVivek
2 years, 4 months ago
ADF after reading this https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html#resolver-overview-forward-vpc-to-network On route 53 you configure an outboud end point and forward queries from VPC to on-pre DNS server. You need not (cannot ?) make netries on Route53
upvoted 1 times
...
...
sashenka
2 years, 6 months ago
AD[E]. We are being asked for communication dependencies and NOT migration strategy! If the application is referencing internal/on-prem domains one would need to forward those to the on-prem DNS via R53. The facts we're given is there is "no documentation" about the app. So if the app could be configured to connect to an on-prem database or file server via a FQDN which is a best practice rather than reference IP's. So in this scenario how would you suggest it function if one does not leverage R53? Take another look at what we are being asked for... it is communication dependencies and not migration method!
upvoted 1 times
Cal88
1 year, 6 months ago
That's not true We are asked to "Lift and shift" the application and make it work in AWS as it was on premise. Why would. you need route 53 when the server is already using the on premise DNS and direct connect is being used? The DNS queries will go from the server to the on premise without the need to setup anything on route 53. if you use VM import export the same server will be replicated to AWS and all of its configuration will be the same including DNS configs I would choose ADF.
upvoted 1 times
...
...
joyees1979
2 years, 6 months ago
ADE should be correct. Not F because the questionasks what will be required for the applicaton running inside the VPC (assumption that the application has already been migrated).
upvoted 1 times
...
Akhil254
2 years, 6 months ago
ADF Correct
upvoted 2 times
...
01037
2 years, 6 months ago
I believe the answer is ADE. F may be correct, but it's not what the question asks. From what the questions says, we can assume that no change can be made to on-prem service, so if the application accesses them via domain name, then it has to be the same after migrating to AWS. So E could be necessary.
upvoted 2 times
01037
2 years, 6 months ago
Second thought. Since there no doc about the app, and no one knows it, using VM import to import it to EC2 is the only way doing the job. So ADF
upvoted 1 times
...
...
ChauPhan
2 years, 7 months ago
A,D,F. First you would like to move your on-premise server to AWS server (for ex, EC2), it require VM import to import our image to AWS EC2. So F is mandatory. This server requires connecting back to your data center network (services), so it requires connection, in this case Direct Connect, so A. The connection is internal from AWS VPC to your data center through DX, so Route53 or EIP (which are for external/Internet) is not essential here. When internally connected, you need IP of your AWS machine not conflict with data center services IPs, so it's D
upvoted 6 times
ChauPhan
2 years, 6 months ago
Route53 is used to resolve between server's DNS and its IP, you don't need in this case. You only need IP address of the server. EIP is external fixed IP of AWS for external permanent IP, you connect from internet, which is not required in the case.
upvoted 1 times
...
...
qkhanhpro
2 years, 7 months ago
A B D The question does not even ask about being able to start or import the VM. It just ask what are the requirements to reach back to on prem without reconfiguration So VM import is not related
upvoted 1 times
RVivek
2 years, 4 months ago
B is not required. B is not relevent
upvoted 2 times
...
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel