Q48 — AWS SAP-C02 Ch.3

Question 48 of 75 | ← Chapter 3

Q273. A company plans to deploy a new private intranet service on Amazon EC2 instances inside a VPC. An AWS Site-to-Site VPN connects the VPC to the company's on-premises network The new service must communicate with existing on-premises services. The on-premises services are accessible through the use of host names that reside in the company example DNS zone. This DNS zone is wholly hosted on premises and is available only on the company's private network. A solutions architect must ensure that the new service can resolve host names on the company example domain to integrate with existing services. Which solution meets these requirements?

Correct Answer: B. Turn on DNS host names for the VPC. Configure a new outbound endpoint with Amazon Route 53 Resolver. Create a Resolver rule to forward requests for company.example to the on-premises name servers.

Explanation

B. Turn on DNS hostnames for the VPC. Configure a new outbound endpoint with Amazon Route 53 Resolver. Create a Resolver rule to forward requests for company.example to the on-premises name servers. By turning on DNS hostnames for the VPC, instances in the VPC can resolve DNS hostnames. Configuring a new outbound endpoint with Amazon Route 53 Resolver enables DNS resolution across the VPN connection between the VPC and the on-premises network, which would allow the VPC to communicate with the on-premises services. By creating a Resolver rule to forward requests for the company.example DNS zone to the on-premises name servers, the new service in the VPC can resolve the host names on the company example domain to integrate with existing services. A, C, and D are not valid solutions: A. Create an empty private zone in Amazon Route 53 for company example. Add an additional NS record to the company's on-premises company.example zone that points to the authoritative name servers for the new private zone in Route 53. This solution would create a new private zone in Route 53, but it would still require configuring a mechanism to resolve DNS names between the VPC and the on-premises network. C. Turn on DNS hostnames for the VPC. Configure a new inbound resolver endpoint with Amazon Route 53 Resolver. Configure the on-premises DNS server to forward requests for company example to the new resolver. This solution involves configuring a new inbound resolver endpoint in Amazon Route 53 Resolver, but this would not allow the VPC to resolve DNS hostnames on the company example domain without configuring the on-premises DNS server to forward requests to the new resolver. D. Use AWS Systems Manager to configure a run document that will install a hosts file that contains any required host names. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to run the document when an instance is entering the running state. This solution would require manually managing a hosts file on each EC2 instance, which could be time- consuming and error-prone. Additionally, this approach would not provide a scalable and centralized solution for resolving DNS hostnames in the VPC.