Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam ANS-C01 Topic 4 Question 44 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 44
Topic #: 4
[All ANS-C01 Questions]

A company has AWS accounts in an organization in AWS Organizations. The company has implemented Amazon VPC IP Address Manager (IPAM)in its networking AWS account. The company is using AWS Resource Access Manager (AWS RAM) to share IPAM pools with other AWS accounts. The company has created a top-level pool with a CIDR block of 10.0.0.0/8. For each AWS account, the company has created an IPAM pool within the top-level pool.

A network engineer needs to implement a solution to ensure that users in each AWS account cannot create new VPCs. The solution also must prevent users from associating a CIDR block with existing VPCs unless the CIDR block is from the IPAM pool for that account.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Sharika at Jan 12, 2025, 02:46 AM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Mammie
22 days ago
I wonder if the exam writer had to come up with a way to make 'lpv4lpamPoolld' sound like a real thing. Gotta love those AWS acronyms!
upvoted 0 times
...
Amber
26 days ago
Who else read this question and immediately thought, 'Oh, this is gonna be good. Time to break out the popcorn!'
upvoted 0 times
...
Dante
28 days ago
I think option D is a bit overkill. Why use an EventBridge rule and a Lambda function when an SCP can do the job just as well?
upvoted 0 times
Nidia
11 days ago
But option B with SCP seems simpler and more straightforward to implement for restricting VPC creation and CIDR block association.
upvoted 0 times
...
Lauran
19 days ago
Option D is more comprehensive and ensures real-time monitoring of VPC creation and CIDR block association.
upvoted 0 times
...
...
Marge
1 months ago
I'm not sure. Option D also seems like a viable solution to me.
upvoted 0 times
...
Ocie
1 months ago
I like how option B uses the IPAM pool ID as the condition. That's a clever way to ensure the CIDR blocks are from the right pool.
upvoted 0 times
Samira
9 days ago
User 3: Option D could also work by checking CloudTrail events, but Option B seems more straightforward.
upvoted 0 times
...
Tish
11 days ago
User 2: I agree, using the IPAM pool ID as a condition is a smart way to enforce the rules.
upvoted 0 times
...
Cortney
14 days ago
User 1: Option B seems like the best choice to restrict VPC creation and CIDR block association.
upvoted 0 times
...
...
Felice
1 months ago
B is the correct answer. Using an SCP to deny these actions is the most straightforward way to implement this solution.
upvoted 0 times
Haley
6 days ago
Definitely, implementing restrictions at the SCP level is a good security measure.
upvoted 0 times
...
Serina
12 days ago
It's important to ensure users can only use CIDR blocks from the IPAM pool.
upvoted 0 times
...
Chun
19 days ago
Agreed, using an SCP to deny those actions is the best approach.
upvoted 0 times
...
Bette
25 days ago
I think B is the correct answer.
upvoted 0 times
...
...
Frederica
1 months ago
I agree with Tayna. Option B seems to be the most efficient way to prevent users from creating new VPCs.
upvoted 0 times
...
Tayna
1 months ago
I think option B is the best solution.
upvoted 0 times
...

Save Cancel