AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 188

A company securely connects resources that are in its VPC to a software as a service (SaaS) solution from a SaaS provider. The SaaS solution is hosted in the AWS Cloud and is powered by AWS PrivateLink. The company uses a PrivateLink endpoint to access the SaaS solution behind the SaaS provider's Network Load Balancer (NLB).

The company recently added a new Availability Zone and new subnets to its VPC. A network engineer is unable to deploy a new interface VPC endpoint for the SaaS solution in the new Availability Zone.

What is the cause of this problem?

Answer options

• A. The CIDR block of the new subnets conflicts with the SaaS provider's CIDR block.
• B. The enableDnsHostnames attribute and enableDnsSupport attribute were not configured on the new subnets in the new Availability Zone.
• C. The SaaS provider does not offer the solution in the new Availability Zone and has not configured cross-zone load balancing for the NLB.
• D. The new subnets are missing a route to the VPC internet gateway.

Correct answer: C

Explanation

The correct answer is C because the SaaS provider's solution may not be available in the newly added Availability Zone, which would prevent the deployment of the interface VPC endpoint. The other options do not accurately reflect the constraints of the AWS PrivateLink setup or the NLB configuration related to the SaaS provider's offerings.