SAA-C03 · Question #501
SAA-C03 Question #501: Real Exam Question with Answer & Explanation
The correct answer is B: Create an Amazon Route 53 outbound endpoint in one of the workload VPCs.. To enable DNS resolution from AWS VPCs to on-premises DNS servers over Direct Connect or VPN, AWS recommends using Amazon Route 53 Resolver with outbound endpoints. An outbound endpoint allows DNS queries originating in the VPC to be forwarded to a customer- managed DNS server (e
Question
A company has a single AWS account. The company runs workloads on Amazon EC2 instances in multiple VPCs in one AWS Region. The company also runs workloads in an on-premises data center that connects to the company's AWS account by using AWS Direct Connect. The company needs all EC2 instances in the VPCs to resolve DNS queries for the internal.example.com domain to the authoritative DNS server that is located in the on-premises data center. The solution must use private communication between the VPCs and the on- premises network. All route tables, network ACLs, and security groups are configured correctly between AWS and the on-premises data center. Which combination of actions will meet these requirements? (Select THREE.)
Options
- ACreate an Amazon Route 53 inbound endpoint in all the workload VPCs.
- BCreate an Amazon Route 53 outbound endpoint in one of the workload VPCs.
- CCreate an Amazon Route 53 Resolver rule with the Forward type configured to forward queries
- DCreate an Amazon Route 53 Resolver rule with the System type configured to forward queries for
- EAssociate the Amazon Route 53 Resolver rule with all the workload VPCs.
- FAssociate the Amazon Route 53 Resolver rule with the workload VPC with the new Route 53
Explanation
To enable DNS resolution from AWS VPCs to on-premises DNS servers over Direct Connect or VPN, AWS recommends using Amazon Route 53 Resolver with outbound endpoints. An outbound endpoint allows DNS queries originating in the VPC to be forwarded to a customer- managed DNS server (e.g., on-prem). Next, a forwarding rule (Forward type) must be created to forward DNS queries for the custom domain internal.example.com to the on-premises DNS IP addresses. This rule defines what domain names are forwarded and to which DNS servers. Finally, the rule must be associated with all workload VPCs to allow those VPCs to use the rule. There is no need to deploy endpoints in every VPC - one outbound endpoint is sufficient and can be shared across VPCs via rule association.
Community Discussion
No community discussion yet for this question.