A company is designing a web application on AWS that uses a VPN connection between its on-premises data centers and its VPCs. The company uses Amazon Route 53 for DNS. The application must use private DNS records so VPC resources can resolve on-premises services. Which solution meets these requirements in the MOST secure manner?
Choose an answer
Tap an option to check your answer.
Correct answer: Create a Route 53 Resolver outbound endpoint. Create a resolver rule. Associate the resolver rule with the VPC..
Why this is the answer
Creating a Route 53 Resolver outbound endpoint allows your VPC to forward DNS queries for on-premises domains to your on-premises DNS servers. A resolver rule specifies which domain names should be forwarded and to which IP addresses (your on-premises DNS servers). Associating this rule with the VPC ensures that instances within that VPC use this forwarding mechanism. This is the most secure option as it keeps the DNS resolution private within your network and only forwards specific queries. An inbound endpoint is for on-premises servers to query AWS resources, which is the opposite of the requirement. A private hosted zone is for resolving AWS resources from within a VPC, not for resolving on-premises services. A public hosted zone is for public DNS resolution and exposes internal service names, which is not secure and doesn't meet the requirement for private DNS records for on-premises services.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed