ExamGecko
Login
Home / Amazon / ANS-C00 / List of questions
Ask Question

Amazon ANS-C00 Practice Test - Questions Answers, Page 14

List of questions

Question 131

Report
Export
Collapse

Your Amazon Kinesis application receives data streams from thousands of devices. The data is then stored in an onpremises Hadoop cluster. You are concerned about historical data that shows periods of sustained traffic between 1 Gbps and 2 Gbps during peaks. You must ensure that you have secure, fault- tolerant connectivity between Amazon Kinesis and your data center. What should you implement to address these needs?

Deploy a single 1-Gbps Direct Connect connection with a VPN backup.
Deploy a single 1-Gbps Direct Connect connection with a VPN backup.
Deploy three 1-Gbps Direct Connect connections.
Deploy three 1-Gbps Direct Connect connections.
Deploy two 1-Gbps Direct Connect connections.
Deploy two 1-Gbps Direct Connect connections.
Set up an IPsec VPN connection over Direct Connect with two tunnels.
Set up an IPsec VPN connection over Direct Connect with two tunnels.
Suggested answer: B

Explanation:

Explanation:

Three connections are required to provide fault tolerance. All of the other options would be unable to handle the peak loads over 1 Gbps without exceeding the available bandwidth.

asked 16/09/2024
Karen Vivanco
29 questions

Question 132

Report
Export
Collapse

You ping an Amazon Elastic Compute Cloud (EC2) instance from an on-premises server. VPC Flow Logs record the following:

2 123456789010 eni-1235b8ca 10.123.234.78 172.11.22.33 0 0 1 8 672 1432917027 1432917142 ACCEPT OK

2 123456789010 eni-1235b8ca 172.11.22.33 10.123.234.78 0 0 1 4 336 1432917027 1432917082 ACCEPT OK

2 123456789010 eni-1235b8ca 172.11.22.33 10.123.234.78 0 0 1 4 336 1432917094 1432917142 REJECT OK

Why are ICMP responses not received by the on-premises system?

The inbound network access control list is blocking the traffic
The inbound network access control list is blocking the traffic
The outbound network access control list is blocking the traffic
The outbound network access control list is blocking the traffic
The inbound security group is blocking the traffic.
The inbound security group is blocking the traffic.
The outbound security group is blocking the traffic.
The outbound security group is blocking the traffic.
Suggested answer: B

Explanation:

Explanation:

An ACCEPT record for the originating ping that was allowed by both the network ACL and the security group, and therefore was allowed to reach your instance. A REJECT record for the response ping that the network ACL denied.

If your network ACL permits outbound ICMP traffic, the flow log displays two ACCEPT records (one for the originating ping and one for the response ping). If your security group denies inbound ICMP traffic, the flow log displays a single REJECT record, because the traffic was not permitted to reach your instance. Reference: https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html

asked 16/09/2024
Gage Adams
37 questions

Question 133

Report
Export
Collapse

Which port range must be allowed through a NACL to ensure all return traffic is successful?

1024 - 65,535
1024 - 65,535
22
22
65,000 - 65,535
65,000 - 65,535
80 - 443
80 - 443
Suggested answer: A

Explanation:

Explanation:

1024 - 65,535 is the full "ephemeral port" range.

asked 16/09/2024
Aparecido Lemos
34 questions

Question 134

Report
Export
Collapse

A media company that is based in Los Angeles, California, closed all of its on-premises data centers due to rising costs and inconsistent utilization. The company has deployed its video editing applications on Amazon EC2 instances in the AWS Cloud. The company has deployed to the us-west-1 Region and uses the internet for delivery of the applications.

Users are reporting high latency from Los Angeles to us-west-1. The company needs to reduce the latency to the EC2 instances while continuing to use the internet for delivery. Which solution meets these requirements?

Order and deploy an AWS Direct Connect private VIF to us-west-1.
Order and deploy an AWS Direct Connect private VIF to us-west-1.
Enable a Los Angeles-based AWS Local Zone. Continue to run the EC2 instances in us-west-1.
Enable a Los Angeles-based AWS Local Zone. Continue to run the EC2 instances in us-west-1.
Order and deploy an AWS Direct Connect public VIF to us-west-2.
Order and deploy an AWS Direct Connect public VIF to us-west-2.
Enable a Los Angeles-based AWS Local Zone. Redeploy the EC2 instances in the Local Zone.
Enable a Los Angeles-based AWS Local Zone. Redeploy the EC2 instances in the Local Zone.
Suggested answer: A

Explanation:

Explanation:

There is one private VIF from AWS Direct Connect location 2 to the Direct Connect gateway. Reference: https://docs.aws.amazon.com/directconnect/latest/UserGuide/dc-ug.pdf

asked 16/09/2024
Sébastien PIERRE
48 questions

Question 135

Report
Export
Collapse

You have several Amazon Glacier vaults you would like to monitor. How might you monitor those vaults?

Create a custom AWS Config rule.
Create a custom AWS Config rule.
Use an AWS master Config rule.
Use an AWS master Config rule.
Use an AWS managed Config rule.
Use an AWS managed Config rule.
Create a KMS policy and attach it to your Amazon Glacier vault.
Create a KMS policy and attach it to your Amazon Glacier vault.
Suggested answer: A

Explanation:

Explanation:

AWS Config does not currently record Amazon Glacier resources; you must create a custom rule if you wish to monitor such a resource.

Reference: http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_nodejs.html#creating-custom-rulesfor- additional-resource-types

asked 16/09/2024
Barbara Bailey
42 questions

Question 136

Report
Export
Collapse

Refer to the image.

Amazon ANS-C00 image Question 136 223 09162024005350000000

You have three VPCs: A, B, and

VPCs A and C are both peered with VPC
VPCs A and C are both peered with VPC
The IP address ranges are as follows:VPC A: 10.0.0.0/16VPC B: 192.168.0.0/16VPC C: 10.0.0.0/16Instance i-1 in VPC A has the IP address 10.0.0.10. Instance i-2 in VPC C has the IP address 10.0.0.10. Instances i-3 and i- 4 in VPC B have the IP addresses 192.168.1.10 and 192.168.1.20, respectively, i-3 and i-4 are in the subnet 192.168.1.0/24. i-3 must be able to communicate with i-1 i-4 must be able to communicate with i-2 i-3 and i-4 are able to communicate with i-1, but not with i-2.Which two steps will fix this problem? (Choose two.)
The IP address ranges are as follows:VPC A: 10.0.0.0/16VPC B: 192.168.0.0/16VPC C: 10.0.0.0/16Instance i-1 in VPC A has the IP address 10.0.0.10. Instance i-2 in VPC C has the IP address 10.0.0.10. Instances i-3 and i- 4 in VPC B have the IP addresses 192.168.1.10 and 192.168.1.20, respectively, i-3 and i-4 are in the subnet 192.168.1.0/24. i-3 must be able to communicate with i-1 i-4 must be able to communicate with i-2 i-3 and i-4 are able to communicate with i-1, but not with i-2.Which two steps will fix this problem? (Choose two.)
Create subnets 192.168.1.0/28 and 192.168.1.16/28. Move i-3 and i-4 to these subnets, respectively.
Create subnets 192.168.1.0/28 and 192.168.1.16/28. Move i-3 and i-4 to these subnets, respectively.
Create subnets 192.168.1.0/27 and 192.168.1.16/27. Move i-3 and i-4 to these subnets, respectively.
Create subnets 192.168.1.0/27 and 192.168.1.16/27. Move i-3 and i-4 to these subnets, respectively.
VPCs A and C are both peered with VPCChange the IP address of i-2 to 10.0.0.100. Assign it an elastic IP address.
VPCs A and C are both peered with VPCChange the IP address of i-2 to 10.0.0.100. Assign it an elastic IP address.
Create a new route table for VPC B, with unique route entries for destination VPC A and destination VPC C.
Create a new route table for VPC B, with unique route entries for destination VPC A and destination VPC C.
Create two route tables: one with a route for destination VPC A, and another for destination VPC C.
Create two route tables: one with a route for destination VPC A, and another for destination VPC C.
Suggested answer: A, E
asked 16/09/2024
Arash Rind
42 questions

Question 137

Report
Export
Collapse

For _______ distributions, CloudFront does not cache cookies in edge caches.

AMI
AMI
Web
Web
RTMP
RTMP
Web and RTMP
Web and RTMP
Suggested answer: C

Explanation:

Explanation:

For RTMP distributions, when Amazon CloudFront requests an object from the origin server, it removes any cookies before forwarding the request to your origin. If your origin returns any cookies along with the object, CloudFront removes them before returning the object to the viewer.

For RTMP distributions, CloudFront does not cache cookies in edge caches.

Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html

asked 16/09/2024
Siza Motha
30 questions

Question 138

Report
Export
Collapse

An organization will be expanding its current network design. When fully built out, there will be 99 VPCs spread across 11 AWS accounts (9 VPCs per account). There is currently an AWS Direct Connect connection into one account with 9 VPCs, each with a virtual network interface (VIF) per VPC.

Which of the following designs will minimize cost while allowing the organization to expand?

Order 10 new Direct Connect connections, one from each of the accounts that will be provisioned. Create private VIFs in each account. Attach one private VIF per VPC.
Order 10 new Direct Connect connections, one from each of the accounts that will be provisioned. Create private VIFs in each account. Attach one private VIF per VPC.
Create a public VIF on the Direct Connect connection. Leverage the public VIF to create a VPN connection to each VPC.
Create a public VIF on the Direct Connect connection. Leverage the public VIF to create a VPN connection to each VPC.
Create hosted private VIFs in the existing account. Connect a private VIF to an AWS Direct Connect gateway in each account. Connect the gateway in each account to the VPCs.
Create hosted private VIFs in the existing account. Connect a private VIF to an AWS Direct Connect gateway in each account. Connect the gateway in each account to the VPCs.
Create a transit VPC in the existing account that consists of two routers in separate Availability Zones. Connect each VPC to the two routers in the transit VPC by using VPN.
Create a transit VPC in the existing account that consists of two routers in separate Availability Zones. Connect each VPC to the two routers in the transit VPC by using VPN.
Suggested answer: D
asked 16/09/2024
Eric Persson
31 questions

Question 139

Report
Export
Collapse

In Amazon CloudFront, while creating a web distribution, which of the following can be used as origin servers?

Any combination AWS Glacier archives and Oracle server
Any combination AWS Glacier archives and Oracle server
Any combination of Amazon DB intances and XML servers
Any combination of Amazon DB intances and XML servers
Any combination of Amazon S3 buckets and HTTP servers
Any combination of Amazon S3 buckets and HTTP servers
Any combination of Amazon Data Insights and PHP servers
Any combination of Amazon Data Insights and PHP servers
Suggested answer: C

Explanation:

Explanation:

In Amazon CloudFront, while creating a web distribution, you can create one or more Amazon S3 buckets or configure HTTPservers as your origin servers. An origin is the location where you store the original version of your web content. WhenCloudFront gets a request for your files, it goes to the origin to get the files that it distributes at edge locations. You can useany combination of Amazon S3 buckets and HTTP servers as your origin servers.

Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-creating.html

asked 16/09/2024
Mario Herrera González
46 questions

Question 140

Report
Export
Collapse

You run a well-architected, multi-AZ application in the eu-central-1 (Frankfurt) AWS region. The application is hosted in a VPC and is only accessed from the corporate network. To support large volumes of data transfer and administration of the application, you use a single 10-Gbps AWS Direct Connect connection with multiple private virtual interfaces. As part of a review, you decide to improve the resilience of your connection to AWS and make sure that any additional connectivity does not share the same Direct Connect routers at AWS. You need to provide the best levels of resilience to meet the application's needs.

Which two options should you consider? (Choose two.)

Install a second 10-Gbps Direct Connect connection to the same Direct Connection location.
Install a second 10-Gbps Direct Connect connection to the same Direct Connection location.
Deploy an IPsec VPN over a public virtual interface on a new 10-Gbps Direct Connect connection.
Deploy an IPsec VPN over a public virtual interface on a new 10-Gbps Direct Connect connection.
Install a second 10-Gbps Direct Connect connection to a Direct Connect location in eu-west-1.
Install a second 10-Gbps Direct Connect connection to a Direct Connect location in eu-west-1.
Deploy an IPsec VPN over the Internet to the eu-west-1 region for diversity.
Deploy an IPsec VPN over the Internet to the eu-west-1 region for diversity.
Install a second 10-Gbps Direct Connect connection to a second Direct Connect location for eu-central-1.
Install a second 10-Gbps Direct Connect connection to a second Direct Connect location for eu-central-1.
Suggested answer: B, C
asked 16/09/2024
Epitacio Neto
30 questions
Total 414 questions
Go to page: of 42
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Which of these modes is not a configuration mode for a WAF?
Your organization runs a popular e-commerce application deployed on AWS that uses auto scaling in conjunction with an Elastic Load balancing (ELB) service with an HTTPS listener. Your security team reports that an exploitable vulnerability has been discovered in the encryption protocol and cipher that your site uses. Which step should you take to fix this problem?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)
You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
Which service would you use to see who changed your infrastructure?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution. A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location. Which solution will meet this requirement, while minimizing downtime and costs?