AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 183

A company's VPC has Amazon EC2 instances that are communicating with AWS services over the public internet. The company needs to change the connectivity so that the communication does not occur over the public internet.

The company deploys AWS PrivateLink endpoints in the VPC. After the deployment of the PrivateLink endpoints, the EC2 instances can no longer communicate at all with the required AWS services.

Which combination of steps should a network engineer take to restore communication with the AWS services? (Choose two.)

Answer options

• A. In the VPC route table, add a route that has the PrivateLink endpoints as the destination.
• B. Ensure that the enableDnsSupport attribute is set to True for the VPC. Ensure that each VPC endpoint has DNS support enabled.
• C. Ensure that the VPC endpoint policy allows communication.
• D. Create an Amazon Route 53 public hosted zone for all services.
• E. Create an Amazon Route 53 private hosted zone that includes a custom name for each service.

Correct answer: B, C

Explanation

The correct answers are B and C. Ensuring that the enableDnsSupport attribute is True and that DNS support is enabled for each VPC endpoint allows the EC2 instances to resolve the service endpoints correctly. Additionally, having the correct VPC endpoint policy is crucial for allowing the necessary permissions for communication. Options A, D, and E are not relevant to restoring communication with AWS services through PrivateLink.