ExamGecko
Login
Home / Amazon / ANS-C00 / List of questions
Ask Question

Amazon ANS-C00 Practice Test - Questions Answers, Page 11

List of questions

Question 101

Report
Export
Collapse

To get started using AWS Direct Connect, in which of the following steps do you configure Border Gateway Protocol (BGP)?

Complete the Cross Connect
Complete the Cross Connect
Verify your Virtual Interface
Verify your Virtual Interface
Create a Virtual Interface
Create a Virtual Interface
Submit AWS Direct Connect Connection Request
Submit AWS Direct Connect Connection Request
Suggested answer: C

Explanation:

Explanation:

In AWS Direct Connect, your network must support Border Gateway Protocol (BGP) and BGP MD5 authentication, and you need to provide a private Autonomous System Number (ASN) for that to connect to Amazon Virtual Private Cloud (VPC). To connect to public AWS products such as Amazon EC2 and Amazon S3, you will also need to provide a public ASN that you own (preferred) or a private ASN. You have to configure BGP in the Create a Virtual Interface step.

Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.html#createvirtualinterface

asked 16/09/2024
Noor Amy
35 questions

Question 102

Report
Export
Collapse

You want to send a broadcast message to your 10.0.0.0/24 subnet, which one of these addresses should you use?

10.0.0.255
10.0.0.255
10.0.0.1
10.0.0.1
10.0.0.2
10.0.0.2
You cannot send a broadcast in an AWS VPC.
You cannot send a broadcast in an AWS VPC.
Suggested answer: D

Explanation:

Explanation:

You cannot send a broadcast in an AWS VPC, but the address is still reserved.

asked 16/09/2024
Hicham Kaoussi
28 questions

Question 103

Report
Export
Collapse

Accompany has a public domain, company.com, that is hosted by a DNS provider. The company creates a public hosted zone, cloud.company.com, in Amazon Route 53. The company wants to keep all public AWS application DNS records under this hosted zone.

The company recently deployed its first public application behind an Elastic Load Balancer in its AWS environment. The domain name app1.cloud.company.com needs to access the application. Which solution will meet these requirements?

On the DNS provider, create A records for cloud under company.com. Point these records to Route 53 name server IP addresses of the public hosted zone. In Route 53, create an ALIAS (A) record for app1 under cloud.company.com.Point this record to the Elastic Load Balancer.
On the DNS provider, create A records for cloud under company.com. Point these records to Route 53 name server IP addresses of the public hosted zone. In Route 53, create an ALIAS (A) record for app1 under cloud.company.com.Point this record to the Elastic Load Balancer.
On the DNS provider, create a subdomain for cloud under company.com. Create a CNAME record for app1 under cloud.company.com. Point this record to the Elastic Load Balancer public DNS name. In Route 53, create NS records forcloud.company.com. Point these records to the DNS provider name servers.
On the DNS provider, create a subdomain for cloud under company.com. Create a CNAME record for app1 under cloud.company.com. Point this record to the Elastic Load Balancer public DNS name. In Route 53, create NS records forcloud.company.com. Point these records to the DNS provider name servers.
On the DNS provider, create NS records for cloud under company.com. Point these records to Route 53 name servers of the public hosted zone. In Route 53, create an ALIAS (A) record for app1 under cloud.company.com. Point thisrecord to the Elastic Load Balancer.
On the DNS provider, create NS records for cloud under company.com. Point these records to Route 53 name servers of the public hosted zone. In Route 53, create an ALIAS (A) record for app1 under cloud.company.com. Point thisrecord to the Elastic Load Balancer.
On the DNS provider, create a subdomain for cloud under company.com. Create a CNAME record for app1 under cloud.company.com. Point this record to the Elastic Load Balancer public DNS name. In Route 53, create A records forcloud.company.com. Point these records to the DNS provider name servers.
On the DNS provider, create a subdomain for cloud under company.com. Create a CNAME record for app1 under cloud.company.com. Point this record to the Elastic Load Balancer public DNS name. In Route 53, create A records forcloud.company.com. Point these records to the DNS provider name servers.
Suggested answer: A

Explanation:

Explanation:

Reference: https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Route53/dns-alias-record-for-rootdomain.html

asked 16/09/2024
carlos soto
36 questions

Question 104

Report
Export
Collapse

You are using the CLI to assign multiple IP addresses to interfaces. The operation fails. What is the most likely reason?

You cannot assign IP addresses in the CLI.
You cannot assign IP addresses in the CLI.
You can only assign 5 IP addresses at a time through the CLI.
You can only assign 5 IP addresses at a time through the CLI.
One or more of the IP addresses could not be assigned.
One or more of the IP addresses could not be assigned.
All of the IP addresses could not be assigned.
All of the IP addresses could not be assigned.
Suggested answer: C

Explanation:

Explanation:

One more of the IP addresses could not be assigned. It only takes one failed assignment for the entire operation to fail.

asked 16/09/2024
Monique Canham
37 questions

Question 105

Report
Export
Collapse

You are building an application that provides real-time audio and video services to customers on the Internet. The application requires high throughput. To ensure proper audio and video transmission, minimal latency is required. Which of the following will improve transmission quality?

Enable enhanced networking
Enable enhanced networking
Select G2 instance types
Select G2 instance types
Enable jumbo frames
Enable jumbo frames
Use multiple elastic network interfaces
Use multiple elastic network interfaces
Suggested answer: D
asked 16/09/2024
Maxime SELLY
43 questions

Question 106

Report
Export
Collapse

A company has two redundant AWS Direct Connect connections to a VPC. The VPC is configured using BGP metrics so that one Direct Connect connection is used as the primary traffic path. The company wants the primary Direct Connect connection to fail to the secondary in less than one second. What should be done to meet this requirement?

Configure BGP on the company's router with a keep-alive to 300 ms and the BGP hold timer to 900 ms.
Configure BGP on the company's router with a keep-alive to 300 ms and the BGP hold timer to 900 ms.
Enable Bidirectional Forwarding Detection (BFD) on the company's router with a detection minimum interval of 300 ms and a BFD liveness detection multiplier of 3.
Enable Bidirectional Forwarding Detection (BFD) on the company's router with a detection minimum interval of 300 ms and a BFD liveness detection multiplier of 3.
Enable Dead Peer Detection (DPD) on the company's router with a detection minimum interval of 300 ms and a DPD liveliness detection multiplier of 3.
Enable Dead Peer Detection (DPD) on the company's router with a detection minimum interval of 300 ms and a DPD liveliness detection multiplier of 3.
Enable Bidirectional Forwarding Detection (BFD) echo mode on the company's router and disable sending the Internet Control Message Protocol (ICMP) IP packet requests.
Enable Bidirectional Forwarding Detection (BFD) echo mode on the company's router and disable sending the Internet Control Message Protocol (ICMP) IP packet requests.
Suggested answer: B

Explanation:

Explanation:

Reference: https://aws.amazon.com/directconnect/faqs/

asked 16/09/2024
Adam Burdett
31 questions

Question 107

Report
Export
Collapse

Your application server instances reside in the private subnet of your VPC. These instances need to access a Git repository on the Internet. You create a NAT gateway in the public subnet of your VPC. The NAT gateway can reach the Git repository, but instances in the private subnet cannot. You confirm that a default route in the private subnet route table points to the NAT gateway. The security group for your application server instances permits all traffic to the NAT gateway.

What configuration change should you make to ensure that these instances can reach the patch server?

Assign public IP addresses to the instances and route 0.0.0.0/0 to the Internet gateway.
Assign public IP addresses to the instances and route 0.0.0.0/0 to the Internet gateway.
Configure an outbound rule on the application server instance security group for the Git repository.
Configure an outbound rule on the application server instance security group for the Git repository.
Configure inbound network access control lists (network ACLs) to allow traffic from the Git repository to the public subnet.
Configure inbound network access control lists (network ACLs) to allow traffic from the Git repository to the public subnet.
Configure an inbound rule on the application server instance security group for the Git repository.
Configure an inbound rule on the application server instance security group for the Git repository.
Suggested answer: B

Explanation:

Explanation:

The traffic leaves the instance destined for the Git repository; at this point, the security group must allow it through. The route then directs that traffic (based on the IP) to the NAT gateway. A is wrong because it removes the private aspect of the subnet and would have no effect on the blocked traffic anyway. C is wrong because the problem is that outgoing traffic is not getting to the NAT gateway. D is wrong because to allow outgoing traffic to the Git repository requires an outgoing security group rule.

asked 16/09/2024
Innos Phoku
41 questions

Question 108

Report
Export
Collapse

Considering your knowledge of both the OSI and TCP/IP models - select the following statement which you consider to NOT be true.

The TCP/IP Application layer maps to 2 of the OSI Layers
The TCP/IP Application layer maps to 2 of the OSI Layers
The top layer in the OSI model is named the Application layer
The top layer in the OSI model is named the Application layer
The TCP/IP Application layer maps to 3 of the OSI Layers
The TCP/IP Application layer maps to 3 of the OSI Layers
The top layer in the TCP/IP model is named the Application layer
The top layer in the TCP/IP model is named the Application layer
Suggested answer: A

Explanation:

Explanation:

The OSI model is a 7 layered model. The TCP/IP model is a 4 layered model. The top layer in both models is called the Application layer. The TCP/IP Application layer maps to the top 3 OSI layers (Application, Presentation, and Session layers).

Reference: https://en.wikipedia.org/wiki/OSI_model

asked 16/09/2024
annalise ramdin
36 questions

Question 109

Report
Export
Collapse

A user is running a batch process on EBS backed EC2 instances. The batch process launches few EC2 instances to process hadoop Map reduce jobs which can run between 50-600 minutes or sometimes for even more time. The user wants a configuration that can terminate the instance only when the process is completed. How can the user configure this with CloudWatch?

Configure a job which terminates all instances after 600 minutes
Configure a job which terminates all instances after 600 minutes
It is not possible to terminate instances automatically
It is not possible to terminate instances automatically
Set up the CloudWatch with Auto Scaling to terminate all the instances
Set up the CloudWatch with Auto Scaling to terminate all the instances
Configure the CloudWatch action to terminate the instance when the CPU utilization falls below 5%
Configure the CloudWatch action to terminate the instance when the CPU utilization falls below 5%
Suggested answer: D

Explanation:

Explanation:

Amazon CloudWatch alarm watches a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The user can setup an action which terminates the instances when their CPU utilization is below a certain threshold for a certain period of time. The EC2 action can either terminate or stop the instance as part of the EC2 action.

Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/UsingAlarmActions.html

asked 16/09/2024
Jose Castillo
39 questions

Question 110

Report
Export
Collapse

Your company has decided to deploy AWS WorkSpaces for its hosted desktop solution. Your manager is very concerned with security and cost, as well as reliability. What two things should be deployed? (Choose two.)

VPN
VPN
AWS Hosted AD
AWS Hosted AD
Direct Connect
Direct Connect
AD Connector
AD Connector
Suggested answer: C, D

Explanation:

Explanation:

A VPN should be deployed over Direct Connect to ensure the traffic is encrypted. You would use an AD Connector here since it doesn't cache any credentials in the cloud. AWS Hosted AD is more expensive and caches credentials.

asked 16/09/2024
Scott Taylor
33 questions
Total 414 questions
Go to page: of 42
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Which of these modes is not a configuration mode for a WAF?
Your organization runs a popular e-commerce application deployed on AWS that uses auto scaling in conjunction with an Elastic Load balancing (ELB) service with an HTTPS listener. Your security team reports that an exploitable vulnerability has been discovered in the encryption protocol and cipher that your site uses. Which step should you take to fix this problem?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)
You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
Which service would you use to see who changed your infrastructure?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution. A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location. Which solution will meet this requirement, while minimizing downtime and costs?