ANS-C01 · Question #16
ANS-C01 Question #16: Real Exam Question with Answer & Explanation
Sign in or unlock ANS-C01 to reveal the answer and full explanation for question #16. The question stem and answer options stay visible for context.
Question
A company is using a NAT gateway to allow internet connectivity for private subnets in a VPC in the us-west-2 Region. After a security audit, the company needs to remove the NAT gateway. In the private subnets, the company has resources that use the unified Amazon CloudWatch agent. A network engineer must create a solution to ensure that the unified CloudWatch agent continues to work after the removal of the NAT gateway. Which combination of steps should the network engineer take to meet these requirements? (Choose three.)
Options
- AValidate that private DNS is enabled on the VPC by setting the enableDnsHostnames VPC
- BCreate a new security group with an entry to allow outbound traffic that uses the TCP protocol on
- CCreate a new security group with entries to allow inbound traffic that uses the TCP protocol on
- DCreate the following interface VPC endpoints in the VPC: com.amazonaws.us-west-2.logs and
- ECreate the following interface VPC endpoint in the VPC: com.amazonaws.us-west-2.cloudwatch.
- FAssociate the VPC endpoint or endpoints with route tables that the private subnets use.
Unlock ANS-C01 to see the answer
You've previewed enough free ANS-C01 questions. Unlock ANS-C01 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.