Topic 1 Question 33
3 つ選択A company delivers applications over the internet. An Amazon Route 53 public hosted zone is the authoritative DNS service for the company and its internet applications, all of which are offered from the same domain name. A network engineer is working on a new version of one of the applications. All the application's components are hosted in the AWS Cloud. The application has a three-tier design. The front end is delivered through Amazon EC2 instances that are deployed in public subnets with Elastic IP addresses assigned. The backend components are deployed in private subnets from RFC1918. Components of the application need to be able to access other components of the application within the application's VPC by using the same host names as the host names that are used over the public internet. The network engineer also needs to accommodate future DNS changes, such as the introduction of new host names or the retirement of DNS entries. Which combination of steps will meet these requirements?
Add a geoproximity routing policy in Route 53.
Create a Route 53 private hosted zone for the same domain name Associate the application’s VPC with the new private hosted zone.
Enable DNS hostnames for the application's VPC.
Create entries in the private hosted zone for each name in the public hosted zone by using the corresponding private IP addresses.
Create an Amazon EventBridge (Amazon CloudWatch Events) rule that runs when AWS CloudTrail logs a Route 53 API call to the public hosted zone. Create an AWS Lambda function as the target of the rule. Configure the function to use the event information to update the private hosted zone.
Add the private IP addresses in the existing Route 53 public hosted zone.
ユーザの投票
コメント(8)
- 正解だと思う選択肢: BCD
Correct Answer: BCD B - you need a priavte hosted zone to resolve the same names to private IPs C - this one is tricky but you really need both of the DNS options enbaled in the VPC (enableDnsHostnames and enableDnsSupport) https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-hostnames "If you use custom DNS domain names defined in a private hosted zone in Amazon Route 53, or use private DNS with interface VPC endpoints (AWS PrivateLink), you must set both the enableDnsHostnames and enableDnsSupport attributes to true." D - This is correct A - wrong - no need to explain E - Nobody is asking to autmoate the process F - This will simply not work as you need records to resolve to both private nad poublic, yu must have two zones
👍 6linuxek212023/04/07 B is correct C is correct D is correct E is also correct But the question has this part: "The network engineer also needs to accommodate future DNS changes, such as the introduction of new host names or the retirement of DNS entries." so I think I'll go with BCE
👍 4rhinozD2023/04/26B, C, D - correct.
Option B is correct because it allows the application's components to access each other within the same VPC using the same hostnames as the public internet. Creating a private hosted zone for the same domain name and associating the VPC with it provides a mechanism for Route 53 to resolve the private DNS names to private IP addresses.
Option C is correct because enabling DNS hostnames for the VPC allows instances in the VPC to have a DNS hostname that resolves to the private IP address of the instance.
Option D is correct because it allows Route 53 to resolve the private DNS names to private IP addresses. The private hosted zone created in option B should be populated with the DNS entries that correspond to the names in the public hosted zone, using the private IP addresses of the corresponding resources.
👍 3zaazanuna2023/03/18
シャッフルモード