ExamGecko
Search Search Login
Home Home / Amazon / ANS-C00

Amazon ANS-C00 Practice Test - Questions Answers, Page 21

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URLs, the instances should be able to access any Amazon S3 bucket in the same region via any URL. Which of the following solutions should you deploy? (Choose two.)
Your website is under attack and a malicious party is stealing large amounts of data. You have default NACL rules. Stopping the attack is the ONLY priority in this case. Which two commands should you use? (Choose two.)
Which element of AWS Config can be used to help maintain internal and external compliance controls?
A bank built a new version of its banking application in AWS using containers that connect to an on-premises database over a VPN connection. This application version requires users to also update their client application. The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their onpremises version of the application to serve a small portion of the customers who haven't yet upgraded. What design will allow the company to serve both newer and earlier clients in the MOST efficient way?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)

Question 201

Report
Export
Collapse

You are responsible for several EC2 instances deployed from Amazon AMIs that are required to upload information to an S3 bucket. This information must not traverse the public internet. You must also be able to update the instances. Which option is your best solution?

A.
An S3 endpoint and a NAT
A.
An S3 endpoint and a NAT
Answers
B.
An S3 endpoint
B.
An S3 endpoint
Answers
C.
A VPN to the IP addresses specified in the AWS official S3 prefix list
C.
A VPN to the IP addresses specified in the AWS official S3 prefix list
Answers
D.
A NACL with the AWS prefix list added to it and a VPN.
D.
A NACL with the AWS prefix list added to it and a VPN.
Answers
Suggested answer: B

Explanation:

Explanation:

A NAT is not required as an S3 endpoint will allow an instance to update. C and D are not possible.

Question 202

Report
Export
Collapse

Does Amazon VPC support multicast or broadcast?

A.
Yes, both.
A.
Yes, both.
Answers
B.
It doesn't support any of them.
B.
It doesn't support any of them.
Answers
C.
Multicast yes, Broadcast no.
C.
Multicast yes, Broadcast no.
Answers
D.
Both, but only outside Amazon VPC.
D.
Both, but only outside Amazon VPC.
Answers
Suggested answer: B

Explanation:

Explanation:

Amazon VPC does not support multicast nor broadcast

Reference: https://aws.amazon.com/vpc/faqs/

Question 203

Report
Export
Collapse

You manage a website that uses a load balancer. You are noticing one of the servers is receiving more traffic than the other. What is probably the cause of this?

A.
An Elastic Load Balancer sends traffic based on server load. One server must be a larger instance.
A.
An Elastic Load Balancer sends traffic based on server load. One server must be a larger instance.
Answers
B.
You have DNS latency routing set, so it is diverting traffic to a different instance.
B.
You have DNS latency routing set, so it is diverting traffic to a different instance.
Answers
C.
You have sticky sessions configured and there are several power users that happen to be on the other server.
C.
You have sticky sessions configured and there are several power users that happen to be on the other server.
Answers
D.
The server has more connections available.
D.
The server has more connections available.
Answers
Suggested answer: C

Explanation:

Explanation:

Sticky sessions can keep users on a particular server throughout their session. Latency routing would route to the load balancer, not the instances. Load balancers use a round-robin algorithm to balance.

Question 204

Report
Export
Collapse

Your company just deployed a WAF to protect its resources. You need to create a baseline before you start blocking traffic. How will you achieve this?

A.
Set the WAF to Monitor mode.
A.
Set the WAF to Monitor mode.
Answers
B.
Set the WAF to its defaults and let it do its job.
B.
Set the WAF to its defaults and let it do its job.
Answers
C.
Setup a Lambda function to monitor Flow Logs and analyze the traffic using Elasticsearch.
C.
Setup a Lambda function to monitor Flow Logs and analyze the traffic using Elasticsearch.
Answers
D.
A WAF is default deny and does not allow this. You need to use an IDS instead.
D.
A WAF is default deny and does not allow this. You need to use an IDS instead.
Answers
Suggested answer: A

Explanation:

Explanation:

Monitor mode is the only good choice.

Question 205

Report
Export
Collapse

A logistics company has deployed a hybrid environment that has multiple VPCs in both the us-east-1 Region and the afsouth- 1 Region. The on-premises data center is connected to us-east-1 through an AWS Direct Connect connection. The Direct Connect connection is connected to a Direct Connect gateway that is associated with a transit gateway. The transit gateway is attached to all the VPCs in useast-1. An application that is deployed in af-south-1 requires access to a database in the data center. The application also requires access to file storage in a VPC in us-east-1. Which solution will meet these requirements with the LOWEST latency?

A.
Create a transit gateway in af-south-1, and attach the VPCs. Create a transit gateway peering connection between the transit gateways.
A.
Create a transit gateway in af-south-1, and attach the VPCs. Create a transit gateway peering connection between the transit gateways.
Answers
B.
Create a Direct Connect connection in af-south-1, and attach the VPCs with a Direct Connect gateway and a transit gateway. Create an AWS Site-to-Site VPN connection over the internet between the Direct Connect connections.
B.
Create a Direct Connect connection in af-south-1, and attach the VPCs with a Direct Connect gateway and a transit gateway. Create an AWS Site-to-Site VPN connection over the internet between the Direct Connect connections.
Answers
C.
Create a transit gateway in af-south-1, and attach the VPCs. Associate the transit gateway in af-south-1 with the Direct Connect gateway in us-east-1.
C.
Create a transit gateway in af-south-1, and attach the VPCs. Associate the transit gateway in af-south-1 with the Direct Connect gateway in us-east-1.
Answers
D.
Create inter-Region VPC peering connections between the VPCs in each Region. Use the transit gateway attachments in us-east-1 to access the database in the data center.
D.
Create inter-Region VPC peering connections between the VPCs in each Region. Use the transit gateway attachments in us-east-1 to access the database in the data center.
Answers
Suggested answer: A

Question 206

Report
Export
Collapse

A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?

A.
Configure an AWS Direct Connect private virtual interface to the company's AWS VPC in us-west-2. Create a VPC endpoint and configure the on-premises systems to leverage an HTTPS proxy in the VPC to access Amazon S3.
A.
Configure an AWS Direct Connect private virtual interface to the company's AWS VPC in us-west-2. Create a VPC endpoint and configure the on-premises systems to leverage an HTTPS proxy in the VPC to access Amazon S3.
Answers
B.
Configure a VPN connection to the company's AWS VPC in us-west-2 and use BGP to advertise routes for Amazon S3.
B.
Configure a VPN connection to the company's AWS VPC in us-west-2 and use BGP to advertise routes for Amazon S3.
Answers
C.
Configure a Direct Connect connection public virtual interface to us-west-2. Leverage an on-premises HTTPS proxy tosend traffic to Amazon S3 over a Direct Connect connection.
C.
Configure a Direct Connect connection public virtual interface to us-west-2. Leverage an on-premises HTTPS proxy tosend traffic to Amazon S3 over a Direct Connect connection.
Answers
D.
Configure a VPN connection to the company's AWS VPC in us-west-2. Create a NAT gateway and configure the onpremises systems to leverage an HTTPS proxy in the VPC to access Amazon S3.
D.
Configure a VPN connection to the company's AWS VPC in us-west-2. Create a NAT gateway and configure the onpremises systems to leverage an HTTPS proxy in the VPC to access Amazon S3.
Answers
Suggested answer: C

Question 207

Report
Export
Collapse

A company hosts an application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company recently experienced a network security breach. A network engineer must collect and analyze logs that include the client IP address, target IP address, target port, and user agent of each user that accesses the application. What is the MOST operationally efficient solution that meets these requirements?

A.
Configure the ALB to store logs in an Amazon S3 bucket. Download the files from Amazon S3, and use a spreadsheet application to analyze the logs.
A.
Configure the ALB to store logs in an Amazon S3 bucket. Download the files from Amazon S3, and use a spreadsheet application to analyze the logs.
Answers
B.
Configure the ALB to push logs to Amazon Kinesis Data Streams. Use Amazon Kinesis Data Analytics to analyze the logs.
B.
Configure the ALB to push logs to Amazon Kinesis Data Streams. Use Amazon Kinesis Data Analytics to analyze the logs.
Answers
C.
Configure Amazon Kinesis Data Streams to stream data from the ALB to Amazon Elasticsearch Service (Amazon ES).Use search operations in Amazon ES to analyze the data.
C.
Configure Amazon Kinesis Data Streams to stream data from the ALB to Amazon Elasticsearch Service (Amazon ES).Use search operations in Amazon ES to analyze the data.
Answers
D.
Configure the ALB to store logs in an Amazon S3 bucket. Use Amazon Athena to analyze the logs in Amazon S3.
D.
Configure the ALB to store logs in an Amazon S3 bucket. Use Amazon Athena to analyze the logs in Amazon S3.
Answers
Suggested answer: B

Explanation:

Explanation:

Reference: https://aws.amazon.com/blogs/big-data/implement-serverless-log-analytics-using-amazon-kinesis-analytics/

Question 208

Report
Export
Collapse

A Systems Administrator is designing a hybrid DNS solution with spilt-view. The apex-domain "example.com" should be served through name servers across multiple top-level domains (TLDs). The name server for subdomain "dev.example.com" should reside on-premises. The administrator has decided to use Amazon Route 53 to achieve this scenario. What procedurals steps must be taken to implement the solution?

A.
Use a Route 53 public hosted zone for example.com and a private hosted zone for dev.example.com
A.
Use a Route 53 public hosted zone for example.com and a private hosted zone for dev.example.com
Answers
B.
Use a Route 53 public and private hosted zone for example.com, and perform subdomain delegation for dev.example.com
B.
Use a Route 53 public and private hosted zone for example.com, and perform subdomain delegation for dev.example.com
Answers
C.
Use a Route 53 public hosted zone for example.com, and perform subdomain delegation for dev.example.com
C.
Use a Route 53 public hosted zone for example.com, and perform subdomain delegation for dev.example.com
Answers
D.
Use a Route 53 private hosted zone for example.com, and perform subdomain delegation for dev.example.com
D.
Use a Route 53 private hosted zone for example.com, and perform subdomain delegation for dev.example.com
Answers
Suggested answer: A

Question 209

Report
Export
Collapse

In AWS Direct Connect, to provide for failover, AWS recommends that you request and configure two dedicated connections to AWS. These connections can terminate on one or two routers in your network. You can do this while __________________ with AWS Direct Connect step.

A.
creating a Virtual Interface
A.
creating a Virtual Interface
Answers
B.
configuring redundant connections
B.
configuring redundant connections
Answers
C.
completing the cross-connect
C.
completing the cross-connect
Answers
D.
verifying your Virtual Interface
D.
verifying your Virtual Interface
Answers
Suggested answer: B

Explanation:

Explanation:

In AWS Direct Connect, to provide for failover, AWS recommends that you request and configure two dedicated connections to AWS.

These connections can terminate on one or two routers in your network. You can do this in Configure Redundant Connections with AWS Direct Connect step. Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.html#RedundantConnections

Question 210

Report
Export
Collapse

In Amazon CloudFront, you cannot configure CloudFront to process cookies for_________.

A.
HTTPS web distributions
A.
HTTPS web distributions
Answers
B.
Web and RTMP distributions
B.
Web and RTMP distributions
Answers
C.
RTMP distributions
C.
RTMP distributions
Answers
D.
HTTP web distributions
D.
HTTP web distributions
Answers
Suggested answer: C

Explanation:

Explanation:

You cannot configure Amazon CloudFront to log cookies for RTMP distributions. For web distributions, CloudFront by default doesn't consider cookies when caching your objects in edge locations. If your origin returns two objects and they differ only by the values in the Set-Cookie header, CloudFront caches only one version of the object. Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html

Total 414 questions
Go to page: of 42
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms