1. Home
  2. Discussions
  3. Amazon Web Services
  4. AWS Certified Specialty
  5. ANS-C01 Discussions
  6. ANS-C01 Exam Topic 6 Question 57 Discussion

Amazon Web Services Amazon AWS Certified Advanced Networking - Specialty ANS-C01 Question # 57 Topic 6 Discussion

 Amazon Web Services Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

Amazon Web Services Amazon AWS Certified Advanced Networking - Specialty ANS-C01 Question # 57 Topic 6 Discussion

ANS-C01 Exam Topic 6 Question 57 Discussion:
Question #: 57
Topic #: 6

An ecommerce company needs to Implement additional security controls on all its domain names that are hosted in Amazon Route 53. The company's new policy requires data authentication and data integrity verification for all queries to the company's domain names. The current Route 53 architecture has four public hosted zones.

A network engineer needs to implement DNS Security Extensions (DNSSEC) signing and validation on the hosted zones. The solution must include an alert capability.

Which combination of steps will meet these requirements? {Select THREE.)
A.

Enable DNSSEC signing for Route 53. Request that Route 53 create a Key-signing key (KSK) based on a customer managed key in AWS Key Management Service (AWS KMS).

B.

Enable DNSSEC signing for Route 53. Request that Route 53 create a zone-signing key (ZSK) based on a customer managed key in AWS Key Management Service (AWS KMS).

C.

Create a chain of trust for the hosted zones by adding a Delegation Signer (DS) record for each subdomain.

D.

Create a chain of trust for the hosted zones by adding a Delegation Signer (DS) record to the parent zone.

E.

Set up an Amazon CloudWatch alarm that provides an alert whenever aDNSSECInternalFailure error or DNSSECKeySigningKeysNeedingAction error is detected.

F.

Set up an AWS CloudTrail alarm that provides an alert whenever a DNSSECInternalFailure error or DNSSECKeySigningKeysNeedingAction error is detected.

Get Premium ANS-C01 Questions
Actual exam question for Amazon Web Services ANS-C01 exam by Xander4348 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next