Crucial Exams

AWS Certified Solutions Architect Professional SAP-C02 Practice Question

A company operates a shared services VPC and several application VPCs in the us-east-1 Region. Each VPC hosts its own Amazon Route 53 private hosted zone that uses a sub-domain of aws.example.com. The on-premises data center runs Microsoft Active Directory-integrated DNS for corp.example.com. Connectivity between the data center and AWS is provided by an AWS Direct Connect private virtual interface, and VPC-to-VPC peering is already in place for east-west traffic.

The networking team has set the following requirements:

  1. On-premises clients must be able to resolve records that reside in any VPC private hosted zone.
  2. EC2 instances in every VPC must resolve corp.example.com names by querying the existing on-premises DNS servers.
  3. DNS queries must not cross VPC-to-VPC peering links.
  4. The design must block open recursion and require minimal per-VPC effort as new VPCs are added.

Which approach meets these requirements?

  • For each VPC, create a Route 53 Resolver outbound endpoint and a forwarding rule that targets the on-premises DNS servers for corp.example.com. Configure the on-premises DNS servers to forward all aws.example.com queries to the VPC's Amazon-provided (.2) resolver IP.

  • Deploy a centralized pair of Route 53 Resolver inbound and outbound endpoints in the shared services VPC. Point on-premises DNS conditional forwarders for all aws.example.com sub-domains to the inbound endpoint IPs. Create a conditional forwarding rule for corp.example.com on the outbound endpoint, share the rule with all application VPCs by using AWS Resource Access Manager, and associate it with those VPCs.

  • Create a single private hosted zone for corp.example.com in the shared services VPC and associate it with all application VPCs. Configure Route 53 Resolver endpoints so that on-premises clients can recurse into this hosted zone for name resolution.

  • Create Route 53 Resolver inbound endpoints only in the shared services VPC and use Route 53 Resolver DNS Firewall to associate a corp.example.com forwarding rule with every VPC. Configure on-premises DNS to forward aws.example.com queries to the inbound endpoint IPs.

AWS Certified Solutions Architect Professional SAP-C02
Design Solutions for Organizational Complexity
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot