ExamGecko
Home / Amazon / ANS-C00 / List of questions
Ask Question

Amazon ANS-C00 Practice Test - Questions Answers, Page 17

List of questions

Question 161

Report
Export
Collapse

A company needs to set up a VPN between AWS VPC and its on-premises network. A team creates a VPN connection in the AWS Management Console, downloads the configuration file, and installs it on the on-premises router. The tunnel is not coming up because of firewall restrictions on the router. Which two network traffic options should you allow through the firewall? (Choose two.)

UDP port 500
UDP port 500
IP protocol 50
IP protocol 50
IP protocol 5
IP protocol 5
TCP port 50
TCP port 50
TCP port 500
TCP port 500
Suggested answer: A, B

Explanation:

Explanation:

References: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_VPN.html

asked 16/09/2024
Grzegorz GÅ‚ogowski
32 questions

Question 162

Report
Export
Collapse

Your company has just completed a transition to IPv6 and has deployed a website on a server. You were able to download software on the instance without an issue. This website is deployed using IPv6, but the public is not able to access it. What should you do to fix this problem?

Add an internet gateway for the instance.
Add an internet gateway for the instance.
Add an egress-only internet gateway.
Add an egress-only internet gateway.
Add an inbound rule to your security group that allows inbound traffic on port 80 for ::/0.
Add an inbound rule to your security group that allows inbound traffic on port 80 for ::/0.
Add an inbound rule to your security group that allows inbound traffic on port 80 for 0.0.0.0/0.
Add an inbound rule to your security group that allows inbound traffic on port 80 for 0.0.0.0/0.
Suggested answer: C

Explanation:

Explanation:

Your instance can reach the internet if it was able to download sofftware, so an IGW is not needed. 0.0.0.0/0 is for IPv4.

asked 16/09/2024
Salman Hashmi
39 questions

Question 163

Report
Export
Collapse

A company provisions an AWS Direct Connect connection to permit access to Amazon EC2 resources in several Amazon VPCs and to data stored in private Amazon S3 buckets. The Network Engineer needs to configure the company's onpremises router for this Direct Connect connection.

Which of the following actions will require the LEAST amount of configuration overhead on the customer router?

Configure private virtual interfaces for the VPC resources and for Amazon S3.
Configure private virtual interfaces for the VPC resources and for Amazon S3.
Configure private virtual interfaces for the VPC resources and a public virtual interface for Amazon S3.
Configure private virtual interfaces for the VPC resources and a public virtual interface for Amazon S3.
Configure a private virtual interface to a Direct Connect gateway for the VPC resources and for Amazon S3.
Configure a private virtual interface to a Direct Connect gateway for the VPC resources and for Amazon S3.
Configure a private virtual interface to a Direct Connect gateway for the VPC resources and a public virtual interface for Amazon S3.
Configure a private virtual interface to a Direct Connect gateway for the VPC resources and a public virtual interface for Amazon S3.
Suggested answer: A
asked 16/09/2024
N C
39 questions

Question 164

Report
Export
Collapse

You are a holdings company that buys many businesses and must integrate their VPCs into your network. You are constantly encountering networks with similar or overlapping subnets. What is the best way to manage this.

BFD
BFD
VRF
VRF
A standby router for the overlapping subnets.
A standby router for the overlapping subnets.
A strict IP addressing policy that forces new companies to change the IP addresses of their VPCs.
A strict IP addressing policy that forces new companies to change the IP addresses of their VPCs.
Suggested answer: B

Explanation:

Explanation:

VRF, or Virtual Routing and Forwarding will allow you to have multiple routing tables on your router.

asked 16/09/2024
Manish Chaudhary
37 questions

Question 165

Report
Export
Collapse

Your website is under attack and a malicious party is stealing large amounts of data. You have default NACL rules. Stopping the attack is the ONLY priority in this case. Which two commands should you use? (Choose two.)

aws ec2 delete-network-acl-entry -network-acl-id acl-5fb84d47 -ingress -rule-number 32768
aws ec2 delete-network-acl-entry -network-acl-id acl-5fb84d47 -ingress -rule-number 32768
aws ec2 delete-network-acl-entry -network-acl-id acl-5fb84d47 -egress rule-number 100
aws ec2 delete-network-acl-entry -network-acl-id acl-5fb84d47 -egress rule-number 100
aws ec2 delete-network-acl-entry -network-acl-id acl-5fb84d47 -ingress rule-number 100
aws ec2 delete-network-acl-entry -network-acl-id acl-5fb84d47 -ingress rule-number 100
aws ec2 create-network-acl-entry -network-acl-id acl-5fb84d47 -ingress rule-number 100 -protocol -1 -port-range From =- 1,To =-1 -cidr-block 0.0.0.0/0 -rule-action deny
aws ec2 create-network-acl-entry -network-acl-id acl-5fb84d47 -ingress rule-number 100 -protocol -1 -port-range From =- 1,To =-1 -cidr-block 0.0.0.0/0 -rule-action deny
Suggested answer: B, C

Explanation:

Explanation:

You should remove the default allow rules in your NACL and a default deny will be the only rule left for inbound and outbound. If you attempt to create a rule number 100, it will encounter an error as there is already a rule 100.

asked 16/09/2024
Glen Teis
34 questions

Question 166

Report
Export
Collapse

Your company has a highly-available Direct Connect solution that utilizes two datacenters. Each datacenter was initially configured with one four-connection LAG and one standard DX connection. How many LOA documents have been requested and completed for this configuration?

1
1
4
4
2
2
10
10
Suggested answer: B

Explanation:

Explanation:

Only one LOA document is required for each physical connection. The logical connections in the LAG do not need separate LOAs, but they do have separate pages.

asked 16/09/2024
Mary Cris Barreda
33 questions

Question 167

Report
Export
Collapse

You manage a webserver that serves a webpage on AWS infrastructure. You utilize an Application Load Balancer, CloudFront, S3, and some other AWS services for this site. You are only responsible for the server and you don't have access to the AWS console or API.

You need to find out what IPs are accessing your website. What is the best way to achieve this?

Ask someone with IAM permissions to view the Flow Logs to give you access.
Ask someone with IAM permissions to view the Flow Logs to give you access.
View the access logs. They already show this information.
View the access logs. They already show this information.
Run "curl http://169.254.169.254/latest/meta-data/access_log
Run "curl http://169.254.169.254/latest/meta-data/access_log
Add "X-Forwarded For" to the access logs and view the access logs.
Add "X-Forwarded For" to the access logs and view the access logs.
Suggested answer: D

Explanation:

Explanation:

Add "X-Forwarded For" to the access logs and view the access logs is the best answer here. IAM permissions could work, but not necessary, the curl command queries metadata, not access logs.

asked 16/09/2024
Suman Konda
46 questions

Question 168

Report
Export
Collapse

Which endpoint is considered to be best practice when analyzing data within a Configuration Stream of AWS Config?

SNS
SNS
E-Mail
E-Mail
SQS
SQS
Kinesis
Kinesis
Suggested answer: C

Explanation:

Explanation:

The Simple Queue Service can be subscribed to the AWS Config topic (the Configuration Stream) which gives you a highly available and decoupled environment for the data within your Configuration Streams. By using SQS it allows you to create and use your own applications to extract only information and data that is pertinent to you. There can be vast amounts of data coming into the Configuration Stream, but you might only want to be notified and made away of any changes that may relate to any potential security issues. As a result, you may want to pull information from the queue that only relate to Security Groups/NACLs/IAM Roles or any other resource type that could affect the security of your environment.

Reference: http://docs.aws.amazon.com/config/latest/developerguide/monitor-resource-changes.html

asked 16/09/2024
Nitharsan Balanavaneethan
45 questions

Question 169

Report
Export
Collapse

An organization is using a VPC endpoint for Amazon S3. When the security group rules for a set of instances were initially configured, access was restricted to allow traffic only to the IP addresses of the Amazon S3 API endpoints in the region from the published JSON file. The application was working properly, but now is logging a growing number of timeouts when connecting with Amazon S3. No internet gateway is configured for the VPC. Which solution will fix the connectivity failures with the LEAST amount of effort?

Create a Lambda function to update the security group based on AmazonIPSpaceChanged notifications.
Create a Lambda function to update the security group based on AmazonIPSpaceChanged notifications.
Update the VPC routing to direct Amazon S3 prefix-list traffic to the VPC endpoint using the route table APIs.
Update the VPC routing to direct Amazon S3 prefix-list traffic to the VPC endpoint using the route table APIs.
Update the application server's outbound security group to use the prefix-list for Amazon S3 in the same region.
Update the application server's outbound security group to use the prefix-list for Amazon S3 in the same region.
Create an additional VPC endpoint for Amazon S3 in the same route table to scale the concurrent connections to Amazon S3.
Create an additional VPC endpoint for Amazon S3 in the same route table to scale the concurrent connections to Amazon S3.
Suggested answer: C
asked 16/09/2024
Matthew Wood
22 questions

Question 170

Report
Export
Collapse

What number does the binary number 11000000 correspond to?

128
128
192
192
64
64
117
117
Suggested answer: B

Explanation:

Explanation:

128 + 64 + 0 + 0 + 0 + 0 + 0 + 0 = 192

asked 16/09/2024
Nandor Gombos
47 questions
Total 414 questions
Go to page: of 42
Search

Related questions