AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 86

A company is migrating an application from on premises to AWS. The company will host the application on Amazon EC2 instances that are deployed in a single VPC. During the migration period, DNS queries from the EC2 instances must be able to resolve names of on-premises servers. The migration is expected to take 3 months After the 3-month migration period, the resolution of on-premises servers will no longer be needed.

What should a network engineer do to meet these requirements with the LEAST amount of configuration?

Answer options

• A. Set up an AWS Site-to-Site VPN connection between on premises and AWS. Deploy an Amazon Route 53 Resolver outbound endpoint in the Region that is hosting the VPC.
• B. Set up an AWS Direct Connect connection with a private VIF. Deploy an Amazon Route 53 Resolver inbound endpoint and a Route 53 Resolver outbound endpoint in the Region that is hosting the VPC.
• C. Set up an AWS Client VPN connection between on premises and AWS. Deploy an Amazon Route 53 Resolver inbound endpoint in the VPC.
• D. Set up an AWS Direct Connect connection with a public VIF. Deploy an Amazon Route 53 Resolver inbound endpoint in the Region that is hosting the VPC. Use the IP address that is assigned to the endpoint for connectivity to the on-premises DNS servers.

Correct answer: A

Explanation

Option A is the correct answer because establishing a Site-to-Site VPN is a straightforward solution that allows secure communication between the on-premises network and AWS, along with an outbound Route 53 Resolver endpoint for DNS queries. Options B and D involve more complex setups with Direct Connect, which are unnecessary for this requirement, while Option C uses a Client VPN, which is not the best fit for resolving on-premises DNS during the migration.