ExamGecko
Search Search Login
Home Home / Amazon / ANS-C00

Amazon ANS-C00 Practice Test - Questions Answers, Page 24

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URLs, the instances should be able to access any Amazon S3 bucket in the same region via any URL. Which of the following solutions should you deploy? (Choose two.)
Your website is under attack and a malicious party is stealing large amounts of data. You have default NACL rules. Stopping the attack is the ONLY priority in this case. Which two commands should you use? (Choose two.)
Which element of AWS Config can be used to help maintain internal and external compliance controls?
A bank built a new version of its banking application in AWS using containers that connect to an on-premises database over a VPN connection. This application version requires users to also update their client application. The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their onpremises version of the application to serve a small portion of the customers who haven't yet upgraded. What design will allow the company to serve both newer and earlier clients in the MOST efficient way?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)

Question 231

Report
Export
Collapse

Your organization uses a VPN to connect to your VPC but must upgrade to a 1-G AWS Direct Connect connection for stability and performance. Your telecommunications provider has provisioned the circuit from your data center to an AWS Direct Connect facility and needs information on how to cross-connect (e.g., which rack/port to connect). What is the AWS-recommended procedure for providing this information?

A.
Create a support ticket. Provide your AWS account number and telecommunications company's name and where you need the Direct Connect connection to terminate.
A.
Create a support ticket. Provide your AWS account number and telecommunications company's name and where you need the Direct Connect connection to terminate.
Answers
B.
Create a new connection through your AWS Management Console and wait for an email from AWS with information.
B.
Create a new connection through your AWS Management Console and wait for an email from AWS with information.
Answers
C.
Ask your telecommunications provider to contact AWS through an AWS Partner Channel. Provide your AWS account number.
C.
Ask your telecommunications provider to contact AWS through an AWS Partner Channel. Provide your AWS account number.
Answers
D.
Contact an AWS Account Manager and provide your AWS account number, telecommunications company's name, and where you need the Direct Connect connection to terminate.
D.
Contact an AWS Account Manager and provide your AWS account number, telecommunications company's name, and where you need the Direct Connect connection to terminate.
Answers
Suggested answer: A

Question 232

Report
Export
Collapse

Which one of the following options is not true about WorkSpaces?

A.
WorkSpaces allows integration with Microsoft AD.
A.
WorkSpaces allows integration with Microsoft AD.
Answers
B.
WorkSpaces is great for running Linux applications.
B.
WorkSpaces is great for running Linux applications.
Answers
C.
WorkSpaces is a fully managed, secure desktop computing service.
C.
WorkSpaces is a fully managed, secure desktop computing service.
Answers
D.
WorkSpaces can query on-premises domains for authentication.
D.
WorkSpaces can query on-premises domains for authentication.
Answers
Suggested answer: D

Question 233

Report
Export
Collapse

You are configuring a virtual interface for access to your VPC on a newly provisioned 1-Gbps AWS Direct Connect connection. Which two configuration values do you need to provide? (Choose two.)

A.
Public AS number
A.
Public AS number
Answers
B.
VLAN ID
B.
VLAN ID
Answers
C.
IP prefixes to advertise
C.
IP prefixes to advertise
Answers
D.
Direct Connect location
D.
Direct Connect location
Answers
E.
Virtual private gateway
E.
Virtual private gateway
Answers
Suggested answer: A, E

Explanation:

Explanation:

References: https://aws.amazon.com/directconnect/faqs/

Question 234

Report
Export
Collapse

You have a server that serves www, FTP, and mail. You need to access this server using www.yourname.com, ftp.yourname.com, and mail.yourname.com. You want to ensure an IP change results in the least number of other changes. What is the best solution?

A.
Create PTR records and point the IP address of the server back to www, ftp, and mail.
A.
Create PTR records and point the IP address of the server back to www, ftp, and mail.
Answers
B.
Create an A record pointing to the server's IP address and create CNAME records for www, ftp, and mail and point those to the A record.
B.
Create an A record pointing to the server's IP address and create CNAME records for www, ftp, and mail and point those to the A record.
Answers
C.
Create an A record for www, ftp and mail, and point it to the ALIAS of the server.
C.
Create an A record for www, ftp and mail, and point it to the ALIAS of the server.
Answers
D.
Create CNAME records for www, ftp, and mail and point those to the A record already provided to the instance by AWS.
D.
Create CNAME records for www, ftp, and mail and point those to the A record already provided to the instance by AWS.
Answers
Suggested answer: B

Explanation:

Explanation:

There is no ALIAS record for an EC2 instance, CNAME records pointed to the A record provided by AWS won't work because if the IP changes, the A record will change also. A PTR record is not appropriate here and cannot point to more than one record. Having three CNAME records and one A record will result in only having to change the A record if the IP changes.

Question 235

Report
Export
Collapse

You have a web application (app.mycompany.com) running on an EC2 instance with a single elastic network interface in a subnet in a VPC. Because of a network redesign, you need to move the web application to a different subnet in the same Availability Zone.

Which of the following migration strategies meets the requirements?

A.
Create an elastic network interface in the new subnet. Attach this interface to the instance, and detach the old interface.
A.
Create an elastic network interface in the new subnet. Attach this interface to the instance, and detach the old interface.
Answers
B.
Launch a new instance in the subnet via an AMI created from the instance, and redirect new connections to this new instance using DNS. Decommission the old instance.
B.
Launch a new instance in the subnet via an AMI created from the instance, and redirect new connections to this new instance using DNS. Decommission the old instance.
Answers
C.
Make an API call to change the subnet association of the elastic network interface.
C.
Make an API call to change the subnet association of the elastic network interface.
Answers
D.
Change the IP addresses manually to another subnet within the server operating system.
D.
Change the IP addresses manually to another subnet within the server operating system.
Answers
Suggested answer: B

Explanation:

Explanation:

Instances cannot change subnets, so a new instance must be created (Response B). A is wrong because you cannot remove the original elastic network interface. C is not possible. D is wrong because the OS has no ability to affect the AWS assigned IP addresses.

Question 236

Report
Export
Collapse

With AWS CloudTrail, creating multiple trails in one region allows ____ to focus on one aspect of AWS operation.

A.
callers
A.
callers
Answers
B.
events
B.
events
Answers
C.
buckets
C.
buckets
Answers
D.
stakeholders
D.
stakeholders
Answers
Suggested answer: D

Explanation:

Explanation:

With multiple trails, different stakeholders such as security administrators, software developers, and IT auditors can create and manage their own trails. For example, a security administrator can create a trail that applies to all regions and configure encryption using one Key Management Service key. A developer can create a trail that applies to one region for troubleshooting operational issues. Reference: https://aws.amazon.com/cloudtrail/faqs/

Question 237

Report
Export
Collapse

Your company is expanding its cloud infrastructure and moving many of its flat files and static assets to S3. You currently use a VPN to access your compute infrastructure, but you require more reliability for your static files as you are offloading all of your important data to AWS. What is your best course of action while keeping costs low?

A.
Create a Direct Connect connection using a Private VIF to access both compute and S3 resources.
A.
Create a Direct Connect connection using a Private VIF to access both compute and S3 resources.
Answers
B.
Create an S3 endpoint and create a route to the endpoint prefix list for your VPN to allow access to your S3 resources.
B.
Create an S3 endpoint and create a route to the endpoint prefix list for your VPN to allow access to your S3 resources.
Answers
C.
Create two Direct Connect connections. Each connected to a Private VIF to ensure maximum resiliency.
C.
Create two Direct Connect connections. Each connected to a Private VIF to ensure maximum resiliency.
Answers
D.
Create a Direct Connect connection using a Public VIF and route your VPN over the DX connection to your VPN endpoint.
D.
Create a Direct Connect connection using a Public VIF and route your VPN over the DX connection to your VPN endpoint.
Answers
Suggested answer: D

Explanation:

Explanation:

An S3 endpoint cannot be used with a VPN. A Private VIF cannot access S3 resources. A Public VIF with a VPN will ensure security for your compute resources and access to your S3 resources. Two DX connections are very expensive and a Private VIF still won't allow access to your S3 resources.

Question 238

Report
Export
Collapse

What is the maximum number of CloudTrails that you can create per AWS region?

A.
10
A.
10
Answers
B.
2
B.
2
Answers
C.
16
C.
16
Answers
D.
5
D.
5
Answers
Suggested answer: D

Explanation:

Explanation:

You can create up to five CloudTrails per Amazon AWS region. A trail that applies to all regions exists in each region and is counted as one trail in each region. Reference: https://aws.amazon.com/cloudtrail/faqs/

Question 239

Report
Export
Collapse

What two items are required for all AWS VPNs? (Choose two.)

A.
Virtual Private Gateway
A.
Virtual Private Gateway
Answers
B.
ASN
B.
ASN
Answers
C.
A hardware router
C.
A hardware router
Answers
D.
Customer Gateway
D.
Customer Gateway
Answers
Suggested answer: A, D

Explanation:

Explanation:

An ASN is only required for dynamic VPNs and hardware routers are not required.

Question 240

Report
Export
Collapse

In order to change the name of the AWS Config ____, you must stop the configuration recorder, delete the current one, and create a new one with a new name, since there can only be one of these per AWS account.

A.
SNS topic
A.
SNS topic
Answers
B.
configuration history
B.
configuration history
Answers
C.
delivery channel
C.
delivery channel
Answers
D.
S3 bucket path
D.
S3 bucket path
Answers
Suggested answer: C

Explanation:

Explanation:

As AWS Config continually records the changes that occur to your AWS resources, it sends notifications and updated configuration states through the delivery channel. You can manage the delivery channel to control where AWS Config sends configuration updates. You can have only one delivery channel per AWS account, and the delivery channel is required to use AWS Config. To change the delivery channel name, you must delete it and create a new delivery channel with the desired name. Before you can delete the delivery channel, you must temporarily stop the configuration recorder. The AWS Config console does not provide the option to delete the delivery channel, so you must use the AWS CLI, the AWS Config API, or one of the AWS SDKs.

Reference: http://docs.aws.amazon.com/config/latest/developerguide/update-dc.html

Total 414 questions
Go to page: of 42
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms