ExamGecko
Login
Home / Amazon / ANS-C00 / List of questions
Ask Question

Amazon ANS-C00 Practice Test - Questions Answers, Page 20

List of questions

Question 191

Report
Export
Collapse

A company is connecting to a VPC over an AWS Direct Connect using a private VIF, and a dynamic VPN connection as a backup. The company's Reliability Engineering team has been running failover and resiliency tests on the network and the existing VPC by simulating an outage situation on the Direct Connect connection. During the resiliency tests, traffic failed to switch over to the backup VPN connection. How can this failure be troubleshot?

Ensure that Bidirectional Forwarding Detection is enabled on the Direct Connect connection
Ensure that Bidirectional Forwarding Detection is enabled on the Direct Connect connection
Confirm that the same routes are being advertised over both the VPN and Direct Connect.
Confirm that the same routes are being advertised over both the VPN and Direct Connect.
Reconfigure the Direct Connect session from static routes to Border Gateway Protocol (BGP) peering.
Reconfigure the Direct Connect session from static routes to Border Gateway Protocol (BGP) peering.
Configure a virtual private gateway for the VPN and another virtual private gateway for Direct Connect.
Configure a virtual private gateway for the VPN and another virtual private gateway for Direct Connect.
Suggested answer: C

Explanation:

Explanation:

Reference: https://aws.amazon.com/answers/networking/aws-single-data-center-ha-network-connectivity/

asked 16/09/2024
Malik Khabir
34 questions

Question 192

Report
Export
Collapse

What MTU is recommended for VPN and Direct Connect links?

1500
1500
2000
2000
128
128
Jumbo Frames
Jumbo Frames
Suggested answer: A

Explanation:

Explanation:

Jumbo frames will not pass through VPN and Direct Connect links using AWS connections. You must use an MTU of 1500.

asked 16/09/2024
Abigail Dodson
37 questions

Question 193

Report
Export
Collapse

AWS Config flags a resource as ____ if a resource violates any conditions of an AWS Config rule that it evaluates on the resource in question.

corrupted
corrupted
noncompliant
noncompliant
invalid
invalid
misconfigured
misconfigured
Suggested answer: B

Explanation:

Explanation:

Use AWS Config to evaluate the configuration settings of your AWS resources. You do this by creating AWS Config rules, which represent your ideal configuration settings. AWS Config provides customizable, predefined rules called managed rules to help you get started. You can also create your own custom rules. While AWS Config continuously tracks the configuration changes that occur among your resources, it checks whether these changes violate any of the conditions in your rules. If a resource violates a rule, AWS Config flags the resource and the rule as noncompliant. Reference: http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html

asked 16/09/2024
Saysha Vargas
29 questions

Question 194

Report
Export
Collapse

You have a management server that needs to be able to communicate with two subnets. One of these subnets is private. This subnet must remain private and must not pass any traffic back to other subnets. How would you configure this?

Configure a NACL to allow access from the management server to the private server.
Configure a NACL to allow access from the management server to the private server.
Add an ENI to the management server that resides in the subnet of the private server.
Add an ENI to the management server that resides in the subnet of the private server.
You can't do this without allowing traffic back through the other subnet.
You can't do this without allowing traffic back through the other subnet.
Configure a security group rule to allow access from the management server to the private server.
Configure a security group rule to allow access from the management server to the private server.
Suggested answer: B

Explanation:

Explanation:

Add an ENI to the management server that resides in the subnet of the private server. This will allow the management server to communicate with the private server without having to change security rules.

asked 16/09/2024
Luyanda Hatta
34 questions

Question 195

Report
Export
Collapse

What does the term "statistics" mean with respect to CloudWatch metrics?

Time of a metric collection
Time of a metric collection
Data aggregation over a specific period of time
Data aggregation over a specific period of time
Status of a metric
Status of a metric
Unit of a metric
Unit of a metric
Suggested answer: B

Explanation:

Explanation:

Statistics represents data aggregation of the metric data values over a specific period of time.

Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#Statistic

asked 16/09/2024
Nicolas Da Silva
42 questions

Question 196

Report
Export
Collapse

In the context of CloudFront RTMP Distribution, the Adobe Flash Media Server _________ file specifies which domains can access media files in a particular domain.

accessdomain.JSON
accessdomain.JSON
crossdomain.xml
crossdomain.xml
accessdomain.xml
accessdomain.xml
crossdomain.JSON
crossdomain.JSON
Suggested answer: B

Explanation:

Explanation:

In the context of CloudFront RTMP Distribution, the Adobe Flash Media Server crossdomain.xml file specifies which domains can access media files in a particular domain. Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Streaming_CrossDomain.html

asked 16/09/2024
Selladurai Ravi
42 questions

Question 197

Report
Export
Collapse

Your application is hosted behind an Elastic Load Balancer (ELB) within an autoscaling group. The autoscaling group is configured with a minimum of 2, a maximum of 14, and a desired value of 2. The autoscaling cooldown and the termination policies are set to the default value.

CloudWatch reports that the site typically requires just two servers, but spikes at the start and end of the business day can require eight to ten servers. You receive intermittent reports of timeouts and partially loaded web pages.

Which configuration change should you make to address this issue?

Configure connection draining on the ELB.
Configure connection draining on the ELB.
Configure the autoscaling cooldown to 600 seconds.
Configure the autoscaling cooldown to 600 seconds.
Configure the termination policy to oldest instance.
Configure the termination policy to oldest instance.
Configure a Terminating: Wait lifecycle hook on a scale in event.
Configure a Terminating: Wait lifecycle hook on a scale in event.
Suggested answer: A

Explanation:

Explanation:

References: https://docs.aws.amazon.com/autoscaling/ec2/userguide/attach-load-balancer-asg.html

asked 16/09/2024
Arturs Grigorjevs
42 questions

Question 198

Report
Export
Collapse

A company has two AWS accounts: one for Production and one for Connectivity. A network engineer needs to connect the Production account VPC to a transit gateway in the Connectivity account. The feature to auto accept shared attachments is not enabled on the transit gateway.

Which set of steps should the network engineer follow in each AWS account to meet these requirements?

1. In the Production account: Create a resource share in AWS Resource Access Manager for the transit gateway. Provide the Connectivity account ID. Enable the feature to allow external accounts.
1. In the Production account: Create a resource share in AWS Resource Access Manager for the transit gateway. Provide the Connectivity account ID. Enable the feature to allow external accounts.
In the Connectivity account: Accept the resource.
In the Connectivity account: Accept the resource.
In the Connectivity account: Create an attachment to the VPC subnets.
In the Connectivity account: Create an attachment to the VPC subnets.
In the Production account: Accept the attachment. Associate a route table with the attachment.
In the Production account: Accept the attachment. Associate a route table with the attachment.
1. In the Production account: Create a resource share in AWS Resource Access Manager for the VPC subnets. Provide the Connectivity account ID. Enable the feature to allow external accounts.
1. In the Production account: Create a resource share in AWS Resource Access Manager for the VPC subnets. Provide the Connectivity account ID. Enable the feature to allow external accounts.
In the Connectivity account: Accept the resource.
In the Connectivity account: Accept the resource.
In the Production account: Create an attachment on the transit gateway to the VPC subnets.
In the Production account: Create an attachment on the transit gateway to the VPC subnets.
In the Connectivity account: Accept the attachment. Associate a route table with the attachment.
In the Connectivity account: Accept the attachment. Associate a route table with the attachment.
1. In the Connectivity account: Create a resource share in AWS Resource Access Manager for the VPC subnets. Provide the Production account ID. Enable the feature to allow external accounts.
1. In the Connectivity account: Create a resource share in AWS Resource Access Manager for the VPC subnets. Provide the Production account ID. Enable the feature to allow external accounts.
In the Production account: Accept the resource.
In the Production account: Accept the resource.
In the Connectivity account: Create an attachment on the transit gateway to the VPC subnets.
In the Connectivity account: Create an attachment on the transit gateway to the VPC subnets.
In the Production account: Accept the attachment. Associate a route table with the attachment.
In the Production account: Accept the attachment. Associate a route table with the attachment.
1. In the Connectivity account: Create a resource share in AWS Resource Access Manager for the transit gateway.Provide the Production account IEnable the feature to allow external accounts.
1. In the Connectivity account: Create a resource share in AWS Resource Access Manager for the transit gateway.Provide the Production account IEnable the feature to allow external accounts.
In the Production account: Accept the resource.
In the Production account: Accept the resource.
In the Production account: Create an attachment to the VPC subnets.
In the Production account: Create an attachment to the VPC subnets.
In the Connectivity account: Accept the attachment. Associate a route table with the attachment.
In the Connectivity account: Accept the attachment. Associate a route table with the attachment.
Suggested answer: A

Explanation:

Explanation:

Reference: https://aws.amazon.com/blogs/networking-and-content-delivery/automating-aws-transit-gateway-attachments-toa-transit-gateway-in-a-central-account/

asked 16/09/2024
Chengyang Zhang
43 questions

Question 199

Report
Export
Collapse

You are preparing to launch Amazon WorkSpaces and need to configure the appropriate networking resources. What must be configured to meet this requirement?

At least two subnets in different Availability Zones.
At least two subnets in different Availability Zones.
A dedicated VPC with Active Directory Services.
A dedicated VPC with Active Directory Services.
An IPsec VPN to on-premises Active Directory.
An IPsec VPN to on-premises Active Directory.
Network address translation for outbound traffic.
Network address translation for outbound traffic.
Suggested answer: A, D

Explanation:

Explanation:

References: https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces-vpc.html

asked 16/09/2024
carlos salgado
40 questions

Question 200

Report
Export
Collapse

What is NOT a benefit of CloudFront?

Helps ease the strain on your web servers
Helps ease the strain on your web servers
Distributes traffic evenly to EC2 instances
Distributes traffic evenly to EC2 instances
Speeds up distribution of RTMP content
Speeds up distribution of RTMP content
Speeds up distribution of static and dynamic web content
Speeds up distribution of static and dynamic web content
Suggested answer: B

Explanation:

Explanation:

Elastic Load balancers distribute traffic to EC2 instances.

asked 16/09/2024
Ronald Armas
34 questions
Total 414 questions
Go to page: of 42
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Which of these modes is not a configuration mode for a WAF?
Your organization runs a popular e-commerce application deployed on AWS that uses auto scaling in conjunction with an Elastic Load balancing (ELB) service with an HTTPS listener. Your security team reports that an exploitable vulnerability has been discovered in the encryption protocol and cipher that your site uses. Which step should you take to fix this problem?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)
You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
Which service would you use to see who changed your infrastructure?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution. A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location. Which solution will meet this requirement, while minimizing downtime and costs?