ExamGecko
Search Search Login
Home Home / Amazon / ANS-C00

Amazon ANS-C00 Practice Test - Questions Answers, Page 20

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URLs, the instances should be able to access any Amazon S3 bucket in the same region via any URL. Which of the following solutions should you deploy? (Choose two.)
Your website is under attack and a malicious party is stealing large amounts of data. You have default NACL rules. Stopping the attack is the ONLY priority in this case. Which two commands should you use? (Choose two.)
Which element of AWS Config can be used to help maintain internal and external compliance controls?
A bank built a new version of its banking application in AWS using containers that connect to an on-premises database over a VPN connection. This application version requires users to also update their client application. The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their onpremises version of the application to serve a small portion of the customers who haven't yet upgraded. What design will allow the company to serve both newer and earlier clients in the MOST efficient way?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)

Question 191

Report
Export
Collapse

A company is connecting to a VPC over an AWS Direct Connect using a private VIF, and a dynamic VPN connection as a backup. The company's Reliability Engineering team has been running failover and resiliency tests on the network and the existing VPC by simulating an outage situation on the Direct Connect connection. During the resiliency tests, traffic failed to switch over to the backup VPN connection. How can this failure be troubleshot?

A.
Ensure that Bidirectional Forwarding Detection is enabled on the Direct Connect connection
A.
Ensure that Bidirectional Forwarding Detection is enabled on the Direct Connect connection
Answers
B.
Confirm that the same routes are being advertised over both the VPN and Direct Connect.
B.
Confirm that the same routes are being advertised over both the VPN and Direct Connect.
Answers
C.
Reconfigure the Direct Connect session from static routes to Border Gateway Protocol (BGP) peering.
C.
Reconfigure the Direct Connect session from static routes to Border Gateway Protocol (BGP) peering.
Answers
D.
Configure a virtual private gateway for the VPN and another virtual private gateway for Direct Connect.
D.
Configure a virtual private gateway for the VPN and another virtual private gateway for Direct Connect.
Answers
Suggested answer: C

Explanation:

Explanation:

Reference: https://aws.amazon.com/answers/networking/aws-single-data-center-ha-network-connectivity/

Question 192

Report
Export
Collapse

What MTU is recommended for VPN and Direct Connect links?

A.
1500
A.
1500
Answers
B.
2000
B.
2000
Answers
C.
128
C.
128
Answers
D.
Jumbo Frames
D.
Jumbo Frames
Answers
Suggested answer: A

Explanation:

Explanation:

Jumbo frames will not pass through VPN and Direct Connect links using AWS connections. You must use an MTU of 1500.

Question 193

Report
Export
Collapse

AWS Config flags a resource as ____ if a resource violates any conditions of an AWS Config rule that it evaluates on the resource in question.

A.
corrupted
A.
corrupted
Answers
B.
noncompliant
B.
noncompliant
Answers
C.
invalid
C.
invalid
Answers
D.
misconfigured
D.
misconfigured
Answers
Suggested answer: B

Explanation:

Explanation:

Use AWS Config to evaluate the configuration settings of your AWS resources. You do this by creating AWS Config rules, which represent your ideal configuration settings. AWS Config provides customizable, predefined rules called managed rules to help you get started. You can also create your own custom rules. While AWS Config continuously tracks the configuration changes that occur among your resources, it checks whether these changes violate any of the conditions in your rules. If a resource violates a rule, AWS Config flags the resource and the rule as noncompliant. Reference: http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html

Question 194

Report
Export
Collapse

You have a management server that needs to be able to communicate with two subnets. One of these subnets is private. This subnet must remain private and must not pass any traffic back to other subnets. How would you configure this?

A.
Configure a NACL to allow access from the management server to the private server.
A.
Configure a NACL to allow access from the management server to the private server.
Answers
B.
Add an ENI to the management server that resides in the subnet of the private server.
B.
Add an ENI to the management server that resides in the subnet of the private server.
Answers
C.
You can't do this without allowing traffic back through the other subnet.
C.
You can't do this without allowing traffic back through the other subnet.
Answers
D.
Configure a security group rule to allow access from the management server to the private server.
D.
Configure a security group rule to allow access from the management server to the private server.
Answers
Suggested answer: B

Explanation:

Explanation:

Add an ENI to the management server that resides in the subnet of the private server. This will allow the management server to communicate with the private server without having to change security rules.

Question 195

Report
Export
Collapse

What does the term "statistics" mean with respect to CloudWatch metrics?

A.
Time of a metric collection
A.
Time of a metric collection
Answers
B.
Data aggregation over a specific period of time
B.
Data aggregation over a specific period of time
Answers
C.
Status of a metric
C.
Status of a metric
Answers
D.
Unit of a metric
D.
Unit of a metric
Answers
Suggested answer: B

Explanation:

Explanation:

Statistics represents data aggregation of the metric data values over a specific period of time.

Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#Statistic

Question 196

Report
Export
Collapse

In the context of CloudFront RTMP Distribution, the Adobe Flash Media Server _________ file specifies which domains can access media files in a particular domain.

A.
accessdomain.JSON
A.
accessdomain.JSON
Answers
B.
crossdomain.xml
B.
crossdomain.xml
Answers
C.
accessdomain.xml
C.
accessdomain.xml
Answers
D.
crossdomain.JSON
D.
crossdomain.JSON
Answers
Suggested answer: B

Explanation:

Explanation:

In the context of CloudFront RTMP Distribution, the Adobe Flash Media Server crossdomain.xml file specifies which domains can access media files in a particular domain. Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Streaming_CrossDomain.html

Question 197

Report
Export
Collapse

Your application is hosted behind an Elastic Load Balancer (ELB) within an autoscaling group. The autoscaling group is configured with a minimum of 2, a maximum of 14, and a desired value of 2. The autoscaling cooldown and the termination policies are set to the default value.

CloudWatch reports that the site typically requires just two servers, but spikes at the start and end of the business day can require eight to ten servers. You receive intermittent reports of timeouts and partially loaded web pages.

Which configuration change should you make to address this issue?

A.
Configure connection draining on the ELB.
A.
Configure connection draining on the ELB.
Answers
B.
Configure the autoscaling cooldown to 600 seconds.
B.
Configure the autoscaling cooldown to 600 seconds.
Answers
C.
Configure the termination policy to oldest instance.
C.
Configure the termination policy to oldest instance.
Answers
D.
Configure a Terminating: Wait lifecycle hook on a scale in event.
D.
Configure a Terminating: Wait lifecycle hook on a scale in event.
Answers
Suggested answer: A

Explanation:

Explanation:

References: https://docs.aws.amazon.com/autoscaling/ec2/userguide/attach-load-balancer-asg.html

Question 198

Report
Export
Collapse

A company has two AWS accounts: one for Production and one for Connectivity. A network engineer needs to connect the Production account VPC to a transit gateway in the Connectivity account. The feature to auto accept shared attachments is not enabled on the transit gateway.

Which set of steps should the network engineer follow in each AWS account to meet these requirements?

A.
1. In the Production account: Create a resource share in AWS Resource Access Manager for the transit gateway. Provide the Connectivity account ID. Enable the feature to allow external accounts.
A.
1. In the Production account: Create a resource share in AWS Resource Access Manager for the transit gateway. Provide the Connectivity account ID. Enable the feature to allow external accounts.
Answers
B.
In the Connectivity account: Accept the resource.
B.
In the Connectivity account: Accept the resource.
Answers
C.
In the Connectivity account: Create an attachment to the VPC subnets.
C.
In the Connectivity account: Create an attachment to the VPC subnets.
Answers
D.
In the Production account: Accept the attachment. Associate a route table with the attachment.
D.
In the Production account: Accept the attachment. Associate a route table with the attachment.
Answers
E.
1. In the Production account: Create a resource share in AWS Resource Access Manager for the VPC subnets. Provide the Connectivity account ID. Enable the feature to allow external accounts.
E.
1. In the Production account: Create a resource share in AWS Resource Access Manager for the VPC subnets. Provide the Connectivity account ID. Enable the feature to allow external accounts.
Answers
F.
In the Connectivity account: Accept the resource.
F.
In the Connectivity account: Accept the resource.
Answers
G.
In the Production account: Create an attachment on the transit gateway to the VPC subnets.
G.
In the Production account: Create an attachment on the transit gateway to the VPC subnets.
Answers
H.
In the Connectivity account: Accept the attachment. Associate a route table with the attachment.
H.
In the Connectivity account: Accept the attachment. Associate a route table with the attachment.
Answers
I.
1. In the Connectivity account: Create a resource share in AWS Resource Access Manager for the VPC subnets. Provide the Production account ID. Enable the feature to allow external accounts.
I.
1. In the Connectivity account: Create a resource share in AWS Resource Access Manager for the VPC subnets. Provide the Production account ID. Enable the feature to allow external accounts.
Answers
J.
In the Production account: Accept the resource.
J.
In the Production account: Accept the resource.
Answers
K.
In the Connectivity account: Create an attachment on the transit gateway to the VPC subnets.
K.
In the Connectivity account: Create an attachment on the transit gateway to the VPC subnets.
Answers
L.
In the Production account: Accept the attachment. Associate a route table with the attachment.
L.
In the Production account: Accept the attachment. Associate a route table with the attachment.
Answers
M.
1. In the Connectivity account: Create a resource share in AWS Resource Access Manager for the transit gateway.Provide the Production account IEnable the feature to allow external accounts.
M.
1. In the Connectivity account: Create a resource share in AWS Resource Access Manager for the transit gateway.Provide the Production account IEnable the feature to allow external accounts.
Answers
N.
In the Production account: Accept the resource.
N.
In the Production account: Accept the resource.
Answers
O.
In the Production account: Create an attachment to the VPC subnets.
O.
In the Production account: Create an attachment to the VPC subnets.
Answers
P.
In the Connectivity account: Accept the attachment. Associate a route table with the attachment.
P.
In the Connectivity account: Accept the attachment. Associate a route table with the attachment.
Answers
Suggested answer: A

Explanation:

Explanation:

Reference: https://aws.amazon.com/blogs/networking-and-content-delivery/automating-aws-transit-gateway-attachments-toa-transit-gateway-in-a-central-account/

Question 199

Report
Export
Collapse

You are preparing to launch Amazon WorkSpaces and need to configure the appropriate networking resources. What must be configured to meet this requirement?

A.
At least two subnets in different Availability Zones.
A.
At least two subnets in different Availability Zones.
Answers
B.
A dedicated VPC with Active Directory Services.
B.
A dedicated VPC with Active Directory Services.
Answers
C.
An IPsec VPN to on-premises Active Directory.
C.
An IPsec VPN to on-premises Active Directory.
Answers
D.
Network address translation for outbound traffic.
D.
Network address translation for outbound traffic.
Answers
Suggested answer: A, D

Explanation:

Explanation:

References: https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces-vpc.html

Question 200

Report
Export
Collapse

What is NOT a benefit of CloudFront?

A.
Helps ease the strain on your web servers
A.
Helps ease the strain on your web servers
Answers
B.
Distributes traffic evenly to EC2 instances
B.
Distributes traffic evenly to EC2 instances
Answers
C.
Speeds up distribution of RTMP content
C.
Speeds up distribution of RTMP content
Answers
D.
Speeds up distribution of static and dynamic web content
D.
Speeds up distribution of static and dynamic web content
Answers
Suggested answer: B

Explanation:

Explanation:

Elastic Load balancers distribute traffic to EC2 instances.

Total 414 questions
Go to page: of 42
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms