ExamGecko
Login
Home / Amazon / ANS-C00 / List of questions
Ask Question

Amazon ANS-C00 Practice Test - Questions Answers, Page 16

List of questions

Question 151

Report
Export
Collapse

Select the answer/s that correctly state how Jumbo Frames work

Jumbo Frames assist with application disk storage
Jumbo Frames assist with application disk storage
Jumbo Frames can assist with application performance
Jumbo Frames can assist with application performance
Jumbo Frames are supported across Virtual Private Gateway connections
Jumbo Frames are supported across Virtual Private Gateway connections
Jumbo Frames are enabled by increasing the MTU size to 9000 kilobytes
Jumbo Frames are enabled by increasing the MTU size to 9000 kilobytes
Suggested answer: B

Explanation:

Explanation:

We know by definition that Jumbo Frames support 9000 byte MTU - therefore Answer A is incorrect (the stated unit is kilobytes). Jumbo Frames is a data transmission unit configuration option - it does not change or alter anything related to security - therefore Answer B is incorrect. Answer C is correct - we can get improved application performance when used within appropriate scenarios. Jumbo Frames are not supported over VPG IPsec VPN connections - therefore Answer D is incorrect. Answer E is nonsensical - Jumbo Frames is a networking construct and has nothing to do with disk storage. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html

asked 16/09/2024
Arslan Sheik
37 questions

Question 152

Report
Export
Collapse

You received reports from clients in another time zone that they experienced an outage of your website several hours before you arrived at work. What two AWS services could prove crucial in figuring out what happened? (Choose two.)

AWS Support
AWS Support
CloudTrail
CloudTrail
CloudWatch
CloudWatch
Flow Logs
Flow Logs
Suggested answer: C, D

Explanation:

Explanation:

CloudTrail is for finding out who made a change. This could be a reason for the outage, but you need to see the metrics first. CloudWatch and Flow Logs are the best for this.

asked 16/09/2024
Steven Bertoldi
28 questions

Question 153

Report
Export
Collapse

A company's website is hosted on an Amazon EC2 instance. The website delivers dynamic content through Amazon CloudFront to users. After instance maintenance, users receive HTTP 502 (Bad Gateway) errors while attempting to access the website.

What is the MOST likely cause of this issue?

The security group configuration on the origin is blocking traffic from CloudFront.
The security group configuration on the origin is blocking traffic from CloudFront.
The origin does not support the ciphers or protocols in the SSL/TLS exchange with CloudFront.
The origin does not support the ciphers or protocols in the SSL/TLS exchange with CloudFront.
There are resource constraints, and CloudFront cannot route requests to an available edge location.
There are resource constraints, and CloudFront cannot route requests to an available edge location.
The origin does not have enough capacity to support the request rate.
The origin does not have enough capacity to support the request rate.
Suggested answer: B

Explanation:

Explanation:

Reference: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/http-502-bad-gateway.html

asked 16/09/2024
Joe Evanchak
39 questions

Question 154

Report
Export
Collapse

You would like to ensure that all Amazon S3 buckets going forward, current and newly created ones, have logging enabled. What type of trigger(s) should you use?

only a periodic trigger
only a periodic trigger
only a configuration change trigger
only a configuration change trigger
both configuration change and periodic triggers
both configuration change and periodic triggers
only a transitioning trigger
only a transitioning trigger
Suggested answer: B

Explanation:

Explanation:

This case requires only a configuration change trigger because you only need to trigger when S3 buckets are created and changed. There is no time component to when the trigger needs to fire.

Reference: http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config-rules.html

asked 16/09/2024
Paul Walker
41 questions

Question 155

Report
Export
Collapse

Which service is used by default to store the CloudTrail log files?

Elastic Block Store (EBS)
Elastic Block Store (EBS)
Redshift
Redshift
Simple Storage Service (S3)
Simple Storage Service (S3)
Glacier
Glacier
Suggested answer: C

Explanation:

Explanation:

S3 is used by default to store the CloudTrail log files and a dedicated S3 bucket is required during the creation of a new Trail Reference: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-working-with-log-files.html

asked 16/09/2024
Tyler Smith
42 questions

Question 156

Report
Export
Collapse

Which CloudWatch attributes are used for the statistics generation?

All the options are used
All the options are used
Dimension
Dimension
Data point unit
Data point unit
NameSpace
NameSpace
Suggested answer: A

Explanation:

Explanation:

Statistics represents data aggregation of the metric data values over a specific period of time. These aggregations are made using the namespace, metric name, dimensions and the data point unit of measure within the time period that the user has specified.

Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html

asked 16/09/2024
Jeffrey Sammaritano
33 questions

Question 157

Report
Export
Collapse

You need to ensure the files served by your CloudFront distribution are only accessible to authorized users. You hope to serve thousands of users. What two steps should you take? (Choose two.)

Configure signed cookies.
Configure signed cookies.
Configure a WAF.
Configure a WAF.
Configure a bucket policy restricting the bucket to only CloudFront OAI.
Configure a bucket policy restricting the bucket to only CloudFront OAI.
Configure an SSL on the distribution.
Configure an SSL on the distribution.
Suggested answer: A, C

Explanation:

Explanation:

A WAF can block users from accessing the site and CloudFront, but that's not the best option since you have so many users. An SSL will encrypt, but not prevent a user from viewing the content.

asked 16/09/2024
stefano atzei
33 questions

Question 158

Report
Export
Collapse

Your organization's corporate website must be available on www.acme.com and acme.com. How should you configure Amazon Route 53 to meet this requirement?

Configure acme.com with an ALIAS record targeting the EL
Configure acme.com with an ALIAS record targeting the EL
www.acme.com with an ALIAS record targeting the ELB.
www.acme.com with an ALIAS record targeting the ELB.
Configure acme.com with an A record targeting the ELwww.acme.com with a CNAME record targeting the acme.com record.
Configure acme.com with an A record targeting the ELwww.acme.com with a CNAME record targeting the acme.com record.
Configure acme.com with a CNAME record targeting the ELB. www.acme.com with a CNAME record targeting the acme.com record.
Configure acme.com with a CNAME record targeting the ELB. www.acme.com with a CNAME record targeting the acme.com record.
Configure acme.com using a second ALIAS record with the ELB target. www.acme.com using a PTR record with the acme.com record target.
Configure acme.com using a second ALIAS record with the ELB target. www.acme.com using a PTR record with the acme.com record target.
Suggested answer: A
asked 16/09/2024
KENEILWE DITHLAGE
42 questions

Question 159

Report
Export
Collapse

You are architecting your e-business application for PCI compliance. To meet the compliance requirements, you need to monitor web application logs to identify any malicious activity. You also need to monitor for remote attempts to change the network interface of web instances.

Which two AWS services will be helpful to achieve this goal?

Amazon CloudWatch Logs and VPC Flow Logs
Amazon CloudWatch Logs and VPC Flow Logs
AWS CloudTrail and VPC Flow Logs
AWS CloudTrail and VPC Flow Logs
AWS CloudTrail and CloudWatch Logs
AWS CloudTrail and CloudWatch Logs
AWS CloudTrail and AWS Config
AWS CloudTrail and AWS Config
Suggested answer: C

Explanation:

Explanation:

Web application logs are internal to the operating system, so the only way to monitor them with an AWS service is to export them using CloudWatch Logs. AWS CloudTrail monitors the API activity and can be used to watch for particular API calls.

The correct answer is the only one that references both these services.

asked 16/09/2024
Duncan Brundseaux
41 questions

Question 160

Report
Export
Collapse

An AWS Config rule can be set to be evaluated if a certain set of resources undergoes a configuration change. The set of resources to which the rule applies can be restricted by the rule's ____, which can include a combination of a resource type and a resource ID, for example.

trigger
trigger
domain
domain
manifest
manifest
scope
scope
Suggested answer: D

Explanation:

Explanation:

When you add an AWS Config rule to your account, you can specify when you want AWS Config to run the rule; this is called a trigger. AWS Config evaluates your resource configurations against the rule when the trigger occurs. You choose which resources trigger the evaluation by defining the rule's scope. The scope can include the following:

One or more resource types

A combination of a resource type and a resource ID A combination of a tag key and value.

When any recorded resource is created, updated, or deleted AWS Config runs the evaluation when it detects a change to a resource that matches the rule's scope. You can use the scope to constrain which resources trigger evaluations. Otherwise, evaluations are triggered when any recorded resource changes.

Reference: http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config-rules.html

asked 16/09/2024
Mark Hughes
30 questions
Total 414 questions
Go to page: of 42
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Which of these modes is not a configuration mode for a WAF?
Your organization runs a popular e-commerce application deployed on AWS that uses auto scaling in conjunction with an Elastic Load balancing (ELB) service with an HTTPS listener. Your security team reports that an exploitable vulnerability has been discovered in the encryption protocol and cipher that your site uses. Which step should you take to fix this problem?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)
You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
Which service would you use to see who changed your infrastructure?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution. A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location. Which solution will meet this requirement, while minimizing downtime and costs?