ExamGecko
Search Search Login
Home Home / Amazon / ANS-C00

Amazon ANS-C00 Practice Test - Questions Answers, Page 11

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URLs, the instances should be able to access any Amazon S3 bucket in the same region via any URL. Which of the following solutions should you deploy? (Choose two.)
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Your website is under attack and a malicious party is stealing large amounts of data. You have default NACL rules. Stopping the attack is the ONLY priority in this case. Which two commands should you use? (Choose two.)
Which element of AWS Config can be used to help maintain internal and external compliance controls?
A bank built a new version of its banking application in AWS using containers that connect to an on-premises database over a VPN connection. This application version requires users to also update their client application. The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their onpremises version of the application to serve a small portion of the customers who haven't yet upgraded. What design will allow the company to serve both newer and earlier clients in the MOST efficient way?
A company is deploying a critical application on two Amazon EC2 instances in a VPC. Failed client connections to the EC2 instances must be logged according to company policy. What is the MOST cost-effective solution to meet these requirements?

Question 101

Report
Export
Collapse

To get started using AWS Direct Connect, in which of the following steps do you configure Border Gateway Protocol (BGP)?

A.
Complete the Cross Connect
A.
Complete the Cross Connect
Answers
B.
Verify your Virtual Interface
B.
Verify your Virtual Interface
Answers
C.
Create a Virtual Interface
C.
Create a Virtual Interface
Answers
D.
Submit AWS Direct Connect Connection Request
D.
Submit AWS Direct Connect Connection Request
Answers
Suggested answer: C

Explanation:

Explanation:

In AWS Direct Connect, your network must support Border Gateway Protocol (BGP) and BGP MD5 authentication, and you need to provide a private Autonomous System Number (ASN) for that to connect to Amazon Virtual Private Cloud (VPC). To connect to public AWS products such as Amazon EC2 and Amazon S3, you will also need to provide a public ASN that you own (preferred) or a private ASN. You have to configure BGP in the Create a Virtual Interface step.

Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.html#createvirtualinterface

Question 102

Report
Export
Collapse

You want to send a broadcast message to your 10.0.0.0/24 subnet, which one of these addresses should you use?

A.
10.0.0.255
A.
10.0.0.255
Answers
B.
10.0.0.1
B.
10.0.0.1
Answers
C.
10.0.0.2
C.
10.0.0.2
Answers
D.
You cannot send a broadcast in an AWS VPC.
D.
You cannot send a broadcast in an AWS VPC.
Answers
Suggested answer: D

Explanation:

Explanation:

You cannot send a broadcast in an AWS VPC, but the address is still reserved.

Question 103

Report
Export
Collapse

Accompany has a public domain, company.com, that is hosted by a DNS provider. The company creates a public hosted zone, cloud.company.com, in Amazon Route 53. The company wants to keep all public AWS application DNS records under this hosted zone.

The company recently deployed its first public application behind an Elastic Load Balancer in its AWS environment. The domain name app1.cloud.company.com needs to access the application. Which solution will meet these requirements?

A.
On the DNS provider, create A records for cloud under company.com. Point these records to Route 53 name server IP addresses of the public hosted zone. In Route 53, create an ALIAS (A) record for app1 under cloud.company.com.Point this record to the Elastic Load Balancer.
A.
On the DNS provider, create A records for cloud under company.com. Point these records to Route 53 name server IP addresses of the public hosted zone. In Route 53, create an ALIAS (A) record for app1 under cloud.company.com.Point this record to the Elastic Load Balancer.
Answers
B.
On the DNS provider, create a subdomain for cloud under company.com. Create a CNAME record for app1 under cloud.company.com. Point this record to the Elastic Load Balancer public DNS name. In Route 53, create NS records forcloud.company.com. Point these records to the DNS provider name servers.
B.
On the DNS provider, create a subdomain for cloud under company.com. Create a CNAME record for app1 under cloud.company.com. Point this record to the Elastic Load Balancer public DNS name. In Route 53, create NS records forcloud.company.com. Point these records to the DNS provider name servers.
Answers
C.
On the DNS provider, create NS records for cloud under company.com. Point these records to Route 53 name servers of the public hosted zone. In Route 53, create an ALIAS (A) record for app1 under cloud.company.com. Point thisrecord to the Elastic Load Balancer.
C.
On the DNS provider, create NS records for cloud under company.com. Point these records to Route 53 name servers of the public hosted zone. In Route 53, create an ALIAS (A) record for app1 under cloud.company.com. Point thisrecord to the Elastic Load Balancer.
Answers
D.
On the DNS provider, create a subdomain for cloud under company.com. Create a CNAME record for app1 under cloud.company.com. Point this record to the Elastic Load Balancer public DNS name. In Route 53, create A records forcloud.company.com. Point these records to the DNS provider name servers.
D.
On the DNS provider, create a subdomain for cloud under company.com. Create a CNAME record for app1 under cloud.company.com. Point this record to the Elastic Load Balancer public DNS name. In Route 53, create A records forcloud.company.com. Point these records to the DNS provider name servers.
Answers
Suggested answer: A

Explanation:

Explanation:

Reference: https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Route53/dns-alias-record-for-rootdomain.html

Question 104

Report
Export
Collapse

You are using the CLI to assign multiple IP addresses to interfaces. The operation fails. What is the most likely reason?

A.
You cannot assign IP addresses in the CLI.
A.
You cannot assign IP addresses in the CLI.
Answers
B.
You can only assign 5 IP addresses at a time through the CLI.
B.
You can only assign 5 IP addresses at a time through the CLI.
Answers
C.
One or more of the IP addresses could not be assigned.
C.
One or more of the IP addresses could not be assigned.
Answers
D.
All of the IP addresses could not be assigned.
D.
All of the IP addresses could not be assigned.
Answers
Suggested answer: C

Explanation:

Explanation:

One more of the IP addresses could not be assigned. It only takes one failed assignment for the entire operation to fail.

Question 105

Report
Export
Collapse

You are building an application that provides real-time audio and video services to customers on the Internet. The application requires high throughput. To ensure proper audio and video transmission, minimal latency is required. Which of the following will improve transmission quality?

A.
Enable enhanced networking
A.
Enable enhanced networking
Answers
B.
Select G2 instance types
B.
Select G2 instance types
Answers
C.
Enable jumbo frames
C.
Enable jumbo frames
Answers
D.
Use multiple elastic network interfaces
D.
Use multiple elastic network interfaces
Answers
Suggested answer: D

Question 106

Report
Export
Collapse

A company has two redundant AWS Direct Connect connections to a VPC. The VPC is configured using BGP metrics so that one Direct Connect connection is used as the primary traffic path. The company wants the primary Direct Connect connection to fail to the secondary in less than one second. What should be done to meet this requirement?

A.
Configure BGP on the company's router with a keep-alive to 300 ms and the BGP hold timer to 900 ms.
A.
Configure BGP on the company's router with a keep-alive to 300 ms and the BGP hold timer to 900 ms.
Answers
B.
Enable Bidirectional Forwarding Detection (BFD) on the company's router with a detection minimum interval of 300 ms and a BFD liveness detection multiplier of 3.
B.
Enable Bidirectional Forwarding Detection (BFD) on the company's router with a detection minimum interval of 300 ms and a BFD liveness detection multiplier of 3.
Answers
C.
Enable Dead Peer Detection (DPD) on the company's router with a detection minimum interval of 300 ms and a DPD liveliness detection multiplier of 3.
C.
Enable Dead Peer Detection (DPD) on the company's router with a detection minimum interval of 300 ms and a DPD liveliness detection multiplier of 3.
Answers
D.
Enable Bidirectional Forwarding Detection (BFD) echo mode on the company's router and disable sending the Internet Control Message Protocol (ICMP) IP packet requests.
D.
Enable Bidirectional Forwarding Detection (BFD) echo mode on the company's router and disable sending the Internet Control Message Protocol (ICMP) IP packet requests.
Answers
Suggested answer: B

Explanation:

Explanation:

Reference: https://aws.amazon.com/directconnect/faqs/

Question 107

Report
Export
Collapse

Your application server instances reside in the private subnet of your VPC. These instances need to access a Git repository on the Internet. You create a NAT gateway in the public subnet of your VPC. The NAT gateway can reach the Git repository, but instances in the private subnet cannot. You confirm that a default route in the private subnet route table points to the NAT gateway. The security group for your application server instances permits all traffic to the NAT gateway.

What configuration change should you make to ensure that these instances can reach the patch server?

A.
Assign public IP addresses to the instances and route 0.0.0.0/0 to the Internet gateway.
A.
Assign public IP addresses to the instances and route 0.0.0.0/0 to the Internet gateway.
Answers
B.
Configure an outbound rule on the application server instance security group for the Git repository.
B.
Configure an outbound rule on the application server instance security group for the Git repository.
Answers
C.
Configure inbound network access control lists (network ACLs) to allow traffic from the Git repository to the public subnet.
C.
Configure inbound network access control lists (network ACLs) to allow traffic from the Git repository to the public subnet.
Answers
D.
Configure an inbound rule on the application server instance security group for the Git repository.
D.
Configure an inbound rule on the application server instance security group for the Git repository.
Answers
Suggested answer: B

Explanation:

Explanation:

The traffic leaves the instance destined for the Git repository; at this point, the security group must allow it through. The route then directs that traffic (based on the IP) to the NAT gateway. A is wrong because it removes the private aspect of the subnet and would have no effect on the blocked traffic anyway. C is wrong because the problem is that outgoing traffic is not getting to the NAT gateway. D is wrong because to allow outgoing traffic to the Git repository requires an outgoing security group rule.

Question 108

Report
Export
Collapse

Considering your knowledge of both the OSI and TCP/IP models - select the following statement which you consider to NOT be true.

A.
The TCP/IP Application layer maps to 2 of the OSI Layers
A.
The TCP/IP Application layer maps to 2 of the OSI Layers
Answers
B.
The top layer in the OSI model is named the Application layer
B.
The top layer in the OSI model is named the Application layer
Answers
C.
The TCP/IP Application layer maps to 3 of the OSI Layers
C.
The TCP/IP Application layer maps to 3 of the OSI Layers
Answers
D.
The top layer in the TCP/IP model is named the Application layer
D.
The top layer in the TCP/IP model is named the Application layer
Answers
Suggested answer: A

Explanation:

Explanation:

The OSI model is a 7 layered model. The TCP/IP model is a 4 layered model. The top layer in both models is called the Application layer. The TCP/IP Application layer maps to the top 3 OSI layers (Application, Presentation, and Session layers).

Reference: https://en.wikipedia.org/wiki/OSI_model

Question 109

Report
Export
Collapse

A user is running a batch process on EBS backed EC2 instances. The batch process launches few EC2 instances to process hadoop Map reduce jobs which can run between 50-600 minutes or sometimes for even more time. The user wants a configuration that can terminate the instance only when the process is completed. How can the user configure this with CloudWatch?

A.
Configure a job which terminates all instances after 600 minutes
A.
Configure a job which terminates all instances after 600 minutes
Answers
B.
It is not possible to terminate instances automatically
B.
It is not possible to terminate instances automatically
Answers
C.
Set up the CloudWatch with Auto Scaling to terminate all the instances
C.
Set up the CloudWatch with Auto Scaling to terminate all the instances
Answers
D.
Configure the CloudWatch action to terminate the instance when the CPU utilization falls below 5%
D.
Configure the CloudWatch action to terminate the instance when the CPU utilization falls below 5%
Answers
Suggested answer: D

Explanation:

Explanation:

Amazon CloudWatch alarm watches a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The user can setup an action which terminates the instances when their CPU utilization is below a certain threshold for a certain period of time. The EC2 action can either terminate or stop the instance as part of the EC2 action.

Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/UsingAlarmActions.html

Question 110

Report
Export
Collapse

Your company has decided to deploy AWS WorkSpaces for its hosted desktop solution. Your manager is very concerned with security and cost, as well as reliability. What two things should be deployed? (Choose two.)

A.
VPN
A.
VPN
Answers
B.
AWS Hosted AD
B.
AWS Hosted AD
Answers
C.
Direct Connect
C.
Direct Connect
Answers
D.
AD Connector
D.
AD Connector
Answers
Suggested answer: C, D

Explanation:

Explanation:

A VPN should be deployed over Direct Connect to ensure the traffic is encrypted. You would use an AD Connector here since it doesn't cache any credentials in the cloud. AWS Hosted AD is more expensive and caches credentials.

Total 414 questions
Go to page: of 42
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms