AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 115

A company deploys an internal website behind an Application Load Balancer (ALB) in a VPC. The VPC has a CIDR block of 172.31.0.0/16. The company creates a private hosted zone for the domain example.com for the website in Amazon Route 53. The company establishes an AWS Site-to-Site VPN connection between its office network and the VPC.

A network engineer needs to set up a DNS solution so that employees can visit the internal webpage by accessing a private domain URL (https://example.com) from the office network.

Which combination of steps will meet this requirement? (Choose two.)

Answer options

• A. Create an alias record that points to the ALB in the Route 53 private hosted zone.
• B. Create a CNAME record that points to the ALB internal domain in the Route 53 private hosted zone.
• C. Create a Route 53 Resolver inbound endpoint. On the office DNS server, configure a conditional forwarder to forward the DNS queries to the Route 53 Resolver inbound endpoint.
• D. Create a Route 53 Resolver outbound endpoint. On the office DNS server, configure a conditional forwarder to forward the DNS queries to the Route 53 Resolver outbound endpoint.
• E. On the office DNS server, configure a conditional forwarder for the private domain to the VPC DNS at 172.31.0.2.

Correct answer: A, C

Explanation

The correct steps are A and C. Creating an alias record (A) allows the internal website to be accessed through the private domain in the Route 53 private hosted zone, while setting up a Route 53 Resolver inbound endpoint (C) enables the office DNS server to forward queries to the private hosted zone. Options B, D, and E are incorrect as they do not meet the requirement of resolving the private domain from the office network effectively.