AWS Certified SysOps Administrator – Associate (SOA-C03) — Question 23

A company operates compute resources in a VPC and in the company’s on-premises data center. The company already has an AWS Direct Connect connection between the VPC and the on-premises data center. A CloudOps engineer needs to ensure that Amazon EC2 instances in the VPC can resolve DNS names for hosts in the on-premises data center.
Which solution will meet this requirement with the LEAST amount of ongoing maintenance?

Answer options

• A. Create an Amazon Route 53 private hosted zone. Populate the zone with the hostnames and IP addresses of the hosts in the on-premises data center.
• B. Create an Amazon Route 53 Resolver outbound endpoint. Add the IP addresses of an on-premises DNS server for the domain names that need to be forwarded.
• C. Set up a forwarding rule for reverse DNS queries in Amazon Route 53 Resolver. Set the enableDnsHostnames attribute to true for the VPC.
• D. Add the hostnames and IP addresses for the on-premises hosts to the /etc/hosts file of each EC2 instance.

Correct answer: B

Explanation

Option B is correct because creating an Amazon Route 53 Resolver outbound endpoint allows DNS queries to be forwarded to an on-premises DNS server, ensuring efficient resolution without additional maintenance. Option A requires manual population of the hosted zone, which can become cumbersome over time. Option C does not address direct DNS resolution to on-premises hosts, and option D is not scalable as it requires manual updates on each EC2 instance.