nerdexam
ExamsANS-C01Questions#109
AmazonAmazon

ANS-C01 · Question #109

ANS-C01 Question #109: Real Exam Question with Answer & Explanation

The correct answer is B: Create the interface endpoint for Amazon SQS with the option for private DNS names turned off.. To access interface endpoints through other VPCs, we need to: 1. Disable private DNS for VPC endpoints 2. Create PHZ e.g. sqs.us-east-1.amazonaws.com 3. Create Alias record pointing to VPC endpoint DNS 4. Associate PHZ with all the spoke VPCs https://docs.aws.amazon.com/whitepape

Submitted by klara.se· Mar 6, 2026Implement Hybrid Connectivity

Question

A company has a hybrid cloud environment. The company's data center is connected to the AWS Cloud by an AWS Direct Connect connection. The AWS environment includes VPCs that are connected together in a hub-and-spoke model by a transit gateway. The AWS environment has a transit VIF with a Direct Connect gateway for on-premises connectivity. The company has a hybrid DNS model. The company has configured Amazon Route 53 Resolver endpoints in the hub VPC to allow bidirectional DNS traffic flow. The company is running a backend application in one of the VPCs. The company uses a message-oriented architecture and employs Amazon Simple Queue Service (Amazon SQS) to receive messages from other applications over a private network. A network engineer wants to use an interface VPC endpoint for Amazon SQS for this architecture. Client services must be able to access the endpoint service from on premises and from multiple VPCs within the company's AWS infrastructure. Which combination of steps should the network engineer take to ensure that the client applications can resolve DNS for the interface endpoint? (Choose three.)

Options

  • ACreate the interface endpoint for Amazon SQS with the option for private DNS names turned on.
  • BCreate the interface endpoint for Amazon SQS with the option for private DNS names turned off.
  • CManually create a private hosted zone for sqs.us-east-1.amazonaws.com. Add necessary records
  • DUse the automatically created private hosted zone for sqs.us-east-1.amazonaws.com with
  • EAccess the SQS endpoint by using the public DNS name sqs.us-east-1 amazonaws.com in VPCs
  • FAccess the SQS endpoint by using the private DNS name of the interface endpoint .sqs.us-east-

Explanation

To access interface endpoints through other VPCs, we need to: 1. Disable private DNS for VPC endpoints 2. Create PHZ e.g. sqs.us-east-1.amazonaws.com 3. Create Alias record pointing to VPC endpoint DNS 4. Associate PHZ with all the spoke VPCs https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network- infrastructure/centralized-access-to-vpc-private-endpoints.html https://aws.amazon.com/es/blogs/networking-and-content-delivery/centralized-dns-management- of-hybrid-cloud-with-amazon-route-53-and-aws-transit-gateway/

Topics

#VPC Endpoints#Route 53 Resolver#Hybrid DNS#Amazon SQS

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full ANS-C01 PracticeBrowse All ANS-C01 Questions