Exam ANS-C00 topic 1 question 44 discussion

Exam question from Amazon's ANS-C00

Question #: 44
Topic #: 1

A company is about to migrate an application from its on-premises data center to AWS. As part of the planning process, the following requirements involving DNS have been identified.
✑ On-premises systems must be able to resolve the entries in an Amazon Route 53 private hosted zone.
✑ Amazon EC2 instances running in the organization's VPC must be able to resolve the DNS names of on-premises systems
The organization's VPC uses the CIDR block 172.16.0.0/16.
Assuming that there is no DNS namespace overlap, how can these requirements be met?

A. Change the DHCP options set for the VPC to use both the Amazon-provided DNS server and the on-premises DNS systems. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.
B. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to 172.16.0.2. Change the DHCP options set for the VPC to use the new DNS proxies. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.
C. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to the Amazon-provided DNS server (172.16.0.2). Change the DHCP options set for the VPC to use the new DNS proxies. Configure the on-premises DNS systems with a stub-zone, delegating the proxies as authoritative for the Route 53 private hosted zone.
D. Change the DHCP options set for the VPC to use both the on-premises DNS systems. Configure the on-premises DNS systems with a stub-zone, delegating the Route 53 private hosted zone's name servers as authoritative for the Route 53 private hosted zone.

Show Suggested Answer

Suggested Answer: C 🗳️

by theCloudCTO at Nov. 17, 2019, 12:01 a.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

theCloudCTO

Highly Voted 3 years, 8 months ago

C: https://aws.amazon.com/blogs/security/how-to-set-up-dns-resolution-between-on-premises-networks-and-aws-by-using-unbound/

upvoted 14 times

...

ChauPhan

Highly Voted 3 years, 7 months ago

Is it old question? Why don't we use Route 53 Outbound/Inbound?

upvoted 6 times

TerrenceC

3 years, 7 months ago

It seems to be. I believe that Route53 In/Outbound Endpoints did not release when this question came up.

upvoted 3 times

...

PavanKushwah123

Most Recent 2 years, 5 months ago

Correct Answer C

upvoted 1 times

...

AzureDP900

3 years, 4 months ago

C is right

upvoted 2 times

...

3 years, 8 months ago

can any of you tell me the difference between B and C?

upvoted 1 times

ohcan

3 years, 8 months ago

sorry, I noticed. "delegating the proxies as authoritative" instead of "172.16.0.2". That's the difference. C is the right one.

upvoted 1 times

...

Rim007

3 years, 8 months ago

delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone. delegating the proxy as authoritative for the Route 53 private hosted zone.

upvoted 1 times

...