ExamGecko
Search Search Login
Home Home / Amazon / ANS-C00

Amazon ANS-C00 Practice Test - Questions Answers, Page 16

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URLs, the instances should be able to access any Amazon S3 bucket in the same region via any URL. Which of the following solutions should you deploy? (Choose two.)
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Your website is under attack and a malicious party is stealing large amounts of data. You have default NACL rules. Stopping the attack is the ONLY priority in this case. Which two commands should you use? (Choose two.)
Which element of AWS Config can be used to help maintain internal and external compliance controls?
A bank built a new version of its banking application in AWS using containers that connect to an on-premises database over a VPN connection. This application version requires users to also update their client application. The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their onpremises version of the application to serve a small portion of the customers who haven't yet upgraded. What design will allow the company to serve both newer and earlier clients in the MOST efficient way?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)

Question 151

Report
Export
Collapse

Select the answer/s that correctly state how Jumbo Frames work

A.
Jumbo Frames assist with application disk storage
A.
Jumbo Frames assist with application disk storage
Answers
B.
Jumbo Frames can assist with application performance
B.
Jumbo Frames can assist with application performance
Answers
C.
Jumbo Frames are supported across Virtual Private Gateway connections
C.
Jumbo Frames are supported across Virtual Private Gateway connections
Answers
D.
Jumbo Frames are enabled by increasing the MTU size to 9000 kilobytes
D.
Jumbo Frames are enabled by increasing the MTU size to 9000 kilobytes
Answers
Suggested answer: B

Explanation:

Explanation:

We know by definition that Jumbo Frames support 9000 byte MTU - therefore Answer A is incorrect (the stated unit is kilobytes). Jumbo Frames is a data transmission unit configuration option - it does not change or alter anything related to security - therefore Answer B is incorrect. Answer C is correct - we can get improved application performance when used within appropriate scenarios. Jumbo Frames are not supported over VPG IPsec VPN connections - therefore Answer D is incorrect. Answer E is nonsensical - Jumbo Frames is a networking construct and has nothing to do with disk storage. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html

Question 152

Report
Export
Collapse

You received reports from clients in another time zone that they experienced an outage of your website several hours before you arrived at work. What two AWS services could prove crucial in figuring out what happened? (Choose two.)

A.
AWS Support
A.
AWS Support
Answers
B.
CloudTrail
B.
CloudTrail
Answers
C.
CloudWatch
C.
CloudWatch
Answers
D.
Flow Logs
D.
Flow Logs
Answers
Suggested answer: C, D

Explanation:

Explanation:

CloudTrail is for finding out who made a change. This could be a reason for the outage, but you need to see the metrics first. CloudWatch and Flow Logs are the best for this.

Question 153

Report
Export
Collapse

A company's website is hosted on an Amazon EC2 instance. The website delivers dynamic content through Amazon CloudFront to users. After instance maintenance, users receive HTTP 502 (Bad Gateway) errors while attempting to access the website.

What is the MOST likely cause of this issue?

A.
The security group configuration on the origin is blocking traffic from CloudFront.
A.
The security group configuration on the origin is blocking traffic from CloudFront.
Answers
B.
The origin does not support the ciphers or protocols in the SSL/TLS exchange with CloudFront.
B.
The origin does not support the ciphers or protocols in the SSL/TLS exchange with CloudFront.
Answers
C.
There are resource constraints, and CloudFront cannot route requests to an available edge location.
C.
There are resource constraints, and CloudFront cannot route requests to an available edge location.
Answers
D.
The origin does not have enough capacity to support the request rate.
D.
The origin does not have enough capacity to support the request rate.
Answers
Suggested answer: B

Explanation:

Explanation:

Reference: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/http-502-bad-gateway.html

Question 154

Report
Export
Collapse

You would like to ensure that all Amazon S3 buckets going forward, current and newly created ones, have logging enabled. What type of trigger(s) should you use?

A.
only a periodic trigger
A.
only a periodic trigger
Answers
B.
only a configuration change trigger
B.
only a configuration change trigger
Answers
C.
both configuration change and periodic triggers
C.
both configuration change and periodic triggers
Answers
D.
only a transitioning trigger
D.
only a transitioning trigger
Answers
Suggested answer: B

Explanation:

Explanation:

This case requires only a configuration change trigger because you only need to trigger when S3 buckets are created and changed. There is no time component to when the trigger needs to fire.

Reference: http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config-rules.html

Question 155

Report
Export
Collapse

Which service is used by default to store the CloudTrail log files?

A.
Elastic Block Store (EBS)
A.
Elastic Block Store (EBS)
Answers
B.
Redshift
B.
Redshift
Answers
C.
Simple Storage Service (S3)
C.
Simple Storage Service (S3)
Answers
D.
Glacier
D.
Glacier
Answers
Suggested answer: C

Explanation:

Explanation:

S3 is used by default to store the CloudTrail log files and a dedicated S3 bucket is required during the creation of a new Trail Reference: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-working-with-log-files.html

Question 156

Report
Export
Collapse

Which CloudWatch attributes are used for the statistics generation?

A.
All the options are used
A.
All the options are used
Answers
B.
Dimension
B.
Dimension
Answers
C.
Data point unit
C.
Data point unit
Answers
D.
NameSpace
D.
NameSpace
Answers
Suggested answer: A

Explanation:

Explanation:

Statistics represents data aggregation of the metric data values over a specific period of time. These aggregations are made using the namespace, metric name, dimensions and the data point unit of measure within the time period that the user has specified.

Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html

Question 157

Report
Export
Collapse

You need to ensure the files served by your CloudFront distribution are only accessible to authorized users. You hope to serve thousands of users. What two steps should you take? (Choose two.)

A.
Configure signed cookies.
A.
Configure signed cookies.
Answers
B.
Configure a WAF.
B.
Configure a WAF.
Answers
C.
Configure a bucket policy restricting the bucket to only CloudFront OAI.
C.
Configure a bucket policy restricting the bucket to only CloudFront OAI.
Answers
D.
Configure an SSL on the distribution.
D.
Configure an SSL on the distribution.
Answers
Suggested answer: A, C

Explanation:

Explanation:

A WAF can block users from accessing the site and CloudFront, but that's not the best option since you have so many users. An SSL will encrypt, but not prevent a user from viewing the content.

Question 158

Report
Export
Collapse

Your organization's corporate website must be available on www.acme.com and acme.com. How should you configure Amazon Route 53 to meet this requirement?

A.
Configure acme.com with an ALIAS record targeting the EL
A.
Configure acme.com with an ALIAS record targeting the EL
Answers
B.
www.acme.com with an ALIAS record targeting the ELB.
B.
www.acme.com with an ALIAS record targeting the ELB.
Answers
C.
Configure acme.com with an A record targeting the ELwww.acme.com with a CNAME record targeting the acme.com record.
C.
Configure acme.com with an A record targeting the ELwww.acme.com with a CNAME record targeting the acme.com record.
Answers
D.
Configure acme.com with a CNAME record targeting the ELB. www.acme.com with a CNAME record targeting the acme.com record.
D.
Configure acme.com with a CNAME record targeting the ELB. www.acme.com with a CNAME record targeting the acme.com record.
Answers
E.
Configure acme.com using a second ALIAS record with the ELB target. www.acme.com using a PTR record with the acme.com record target.
E.
Configure acme.com using a second ALIAS record with the ELB target. www.acme.com using a PTR record with the acme.com record target.
Answers
Suggested answer: A

Question 159

Report
Export
Collapse

You are architecting your e-business application for PCI compliance. To meet the compliance requirements, you need to monitor web application logs to identify any malicious activity. You also need to monitor for remote attempts to change the network interface of web instances.

Which two AWS services will be helpful to achieve this goal?

A.
Amazon CloudWatch Logs and VPC Flow Logs
A.
Amazon CloudWatch Logs and VPC Flow Logs
Answers
B.
AWS CloudTrail and VPC Flow Logs
B.
AWS CloudTrail and VPC Flow Logs
Answers
C.
AWS CloudTrail and CloudWatch Logs
C.
AWS CloudTrail and CloudWatch Logs
Answers
D.
AWS CloudTrail and AWS Config
D.
AWS CloudTrail and AWS Config
Answers
Suggested answer: C

Explanation:

Explanation:

Web application logs are internal to the operating system, so the only way to monitor them with an AWS service is to export them using CloudWatch Logs. AWS CloudTrail monitors the API activity and can be used to watch for particular API calls.

The correct answer is the only one that references both these services.

Question 160

Report
Export
Collapse

An AWS Config rule can be set to be evaluated if a certain set of resources undergoes a configuration change. The set of resources to which the rule applies can be restricted by the rule's ____, which can include a combination of a resource type and a resource ID, for example.

A.
trigger
A.
trigger
Answers
B.
domain
B.
domain
Answers
C.
manifest
C.
manifest
Answers
D.
scope
D.
scope
Answers
Suggested answer: D

Explanation:

Explanation:

When you add an AWS Config rule to your account, you can specify when you want AWS Config to run the rule; this is called a trigger. AWS Config evaluates your resource configurations against the rule when the trigger occurs. You choose which resources trigger the evaluation by defining the rule's scope. The scope can include the following:

One or more resource types

A combination of a resource type and a resource ID A combination of a tag key and value.

When any recorded resource is created, updated, or deleted AWS Config runs the evaluation when it detects a change to a resource that matches the rule's scope. You can use the scope to constrain which resources trigger evaluations. Otherwise, evaluations are triggered when any recorded resource changes.

Reference: http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config-rules.html

Total 414 questions
Go to page: of 42
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms