ExamGecko
Search Search Login
Home Home / Amazon / ANS-C00
Ask QuestionAsk Question

Amazon ANS-C00 Practice Test - Questions Answers

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Which of these modes is not a configuration mode for a WAF?
Your organization runs a popular e-commerce application deployed on AWS that uses auto scaling in conjunction with an Elastic Load balancing (ELB) service with an HTTPS listener. Your security team reports that an exploitable vulnerability has been discovered in the encryption protocol and cipher that your site uses. Which step should you take to fix this problem?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)
You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
Which service would you use to see who changed your infrastructure?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution. A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location. Which solution will meet this requirement, while minimizing downtime and costs?

Question 1

Report
Export
Collapse

You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?

A.
There is no rule in your bucket policy allowing public access.
A.
There is no rule in your bucket policy allowing public access.
Answers
B.
You have applied your SSL to your Elastic Loadbalancer but not your CDN.
B.
You have applied your SSL to your Elastic Loadbalancer but not your CDN.
Answers
C.
Your S3 Bucket permissions are incorrect.
C.
Your S3 Bucket permissions are incorrect.
Most voted
Answers (1)
Most voted
D.
You are using an SSL from an external CA.
D.
You are using an SSL from an external CA.
Answers
Suggested answer: B

Explanation:

Explanation:

You must apply the SSL to your Elastic Loadblanacer and your CDN to encrypt all aspects of your site.

asked 16/09/2024
Tim Baas
42 questions

Question 2

Report
Export
Collapse

An application runs on a fleet of Amazon EC2 instances in a VPC. All instances can reach one another using private IP addresses. The application owner has a new requirement that the domain name received via DHCP should be different for a particular set of instances that are currently in one particular subnet.

What changes should be made to meet this requirement while continuing to support the existing application requirements?

A.
Modify the existing DHCP option set and specify the different domain name for the specified subnet.
A.
Modify the existing DHCP option set and specify the different domain name for the specified subnet.
Answers
B.
Create a new DHCP option set with the different domain name, associate it with the specified subnet, and re-launch the Amazon EC2 instances.
B.
Create a new DHCP option set with the different domain name, associate it with the specified subnet, and re-launch the Amazon EC2 instances.
Answers
C.
Create a new subnet, configure the DHCP option set with the different domain name, and re-launch the required instances there.
C.
Create a new subnet, configure the DHCP option set with the different domain name, and re-launch the required instances there.
Answers
D.
Create a new peered VPC, configure the DHCP option set with the different domain name, and re-launch the required instances there.
D.
Create a new peered VPC, configure the DHCP option set with the different domain name, and re-launch the required instances there.
Answers
Suggested answer: B
asked 16/09/2024
Kevin Collins
30 questions

Question 3

Report
Export
Collapse

Your company has signed up to trial AWS WorkSpaces. You aren't sure you're going to keep it, but you want to try it out to see if it works for your organization of 112 users. You need to deploy it with as little work and up-front expense as possible while still allowing access to your Active Directory for authentication. What two things should you do? (Choose two.)

A.
Create a VPN connection.
A.
Create a VPN connection.
Answers
B.
Create an AD connector
B.
Create an AD connector
Answers
C.
Setup AWS hosted Microsoft AD
C.
Setup AWS hosted Microsoft AD
Answers
D.
Create a Direct Connect connection to AWS.
D.
Create a Direct Connect connection to AWS.
Answers
Suggested answer: A, B

Explanation:

Explanation:

A VPN connection and an AD connector will allow you to get up and running without having to migrate users, setup expensive equipment or pay for another directory service.

asked 16/09/2024
Daniel williams
51 questions

Question 4

Report
Export
Collapse

Which AWS service is used within an AWS Config Rule to perform the logic evaluation of that rule?

A.
Inspector
A.
Inspector
Answers
B.
WAF
B.
WAF
Answers
C.
Lambda
C.
Lambda
Answers
D.
SWF
D.
SWF
Answers
Suggested answer: C

Explanation:

Explanation:

AWS Config Rules are a great way to help you enforce specific compliance controls and checks across your resources and allows for you to adopt an `ideal' deployment specification for each of your resource types. Each Rule is simply a Lambda function that when called upon evaluates the resource and carries out some simply logic to determine the compliance result with the rule. Reference: http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_nodejs-sample.html

asked 16/09/2024
Tom Rez
35 questions

Question 5

Report
Export
Collapse

What is the minimum number of subnets for an RDS subnet group?

A.
3
A.
3
Answers
B.
4
B.
4
Answers
C.
1
C.
1
Answers
D.
2
D.
2
Answers
Suggested answer: D

Explanation:

Explanation:

This allows for high availability and failover in case an RDS instance goes down.

asked 16/09/2024
josny Cameus
38 questions

Question 6

Report
Export
Collapse

Which two statements about placement groups are correct? (Choose two.)

A.
A placement group can span multiple VPCs.
A.
A placement group can span multiple VPCs.
Answers
B.
A placement group can span multiple Availability Zones.
B.
A placement group can span multiple Availability Zones.
Answers
C.
You cannot merge placement groups.
C.
You cannot merge placement groups.
Answers
D.
It is best to use the same instance types in a placement group.
D.
It is best to use the same instance types in a placement group.
Answers
Suggested answer: A, C

Explanation:

Explanation:

A placement group can span multiple VPCs but may not experience the full performance benefit. The only way to add instances from one placement group to another is to create AMIs out of the instances and spin them all up into one placement group.

asked 16/09/2024
ML MASANE
46 questions

Question 7

Report
Export
Collapse

You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active.

What two configuration changes should you implement? (Choose two.)

A.
MPLS
A.
MPLS
Answers
B.
BFD
B.
BFD
Answers
C.
AS_PATH Prepending
C.
AS_PATH Prepending
Answers
D.
BGP
D.
BGP
Answers
Suggested answer: B, C

Explanation:

Explanation:

Bidirectional-Forwarding Detection will allow for faster failover times. AS_PATH Prepending will allow you to choose the default path. BGP is already implemented and MPLS does not matter.

asked 16/09/2024
Ahmed Otmani Amaoui
30 questions

Question 8

Report
Export
Collapse

How many BGP advertised routes can you have per route table?

A.
50
A.
50
Answers
B.
200
B.
200
Answers
C.
100
C.
100
Answers
D.
As many as you want as long as you contact AWS first.
D.
As many as you want as long as you contact AWS first.
Answers
Suggested answer: C

Explanation:

Explanation:

You can only have 100 advertised routes from BGP. This cannot be changed.

asked 16/09/2024
Siza Motha
30 questions

Question 9

Report
Export
Collapse

When configuring Active/Passive HA on VPN tunnels, choose the two best ways to configure this. (Choose two.)

A.
Keep both tunnels up.
A.
Keep both tunnels up.
Answers
B.
Configure AS_PATH prepending on one of the paths.
B.
Configure AS_PATH prepending on one of the paths.
Answers
C.
Turn off one of the paths until you need it.
C.
Turn off one of the paths until you need it.
Answers
D.
Configure MED on one of the tunnels.
D.
Configure MED on one of the tunnels.
Answers
Suggested answer: A, B

Explanation:

Explanation:

AWS prefers AS_PATH prepending and for a tunnel to provide true failover, it must always be on.

asked 16/09/2024
Marcin Cieślak
43 questions

Question 10

Report
Export
Collapse

Your company is building a new data center. You currently have an on-premises data center that accesses your single VPC via VPN. You need to provide access to your single VPC to your new data center. Since your new data center build is already over budget, you need to keep costs low. How should you accomplish this?

A.
Add a Private VIF and create a Direct Connect connection.
A.
Add a Private VIF and create a Direct Connect connection.
Answers
B.
Create a new Customer Gateway and add it to your VPN using a CloudHub infrastructure model.
B.
Create a new Customer Gateway and add it to your VPN using a CloudHub infrastructure model.
Answers
C.
Add a Public VIF and create a Direct Connect connection.
C.
Add a Public VIF and create a Direct Connect connection.
Answers
D.
Create a new Virtual Gateway and add it to your VPN using a CloudHub infrastructure model.
D.
Create a new Virtual Gateway and add it to your VPN using a CloudHub infrastructure model.
Answers
Suggested answer: B

Explanation:

Explanation:

Create a new Customer Gateway. A Private VIF would work, but you want to keep costs low. A Public VIF is only for AWS specific resources, such as S3. A Virtual Gateway would be created if you were creating a new VPN connection in a new VPC. A Customer Gateway would allow you to add the new datacenter to your VPN.

asked 16/09/2024
Thuy Nguyen
32 questions
Total 414 questions
Go to page: of 42
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy policy
Terms
Disclaimer
Refund policy
Copyright
Twitter X
Facebook
Medium