ExamGecko
Search Search Login
Home Home / Amazon / ANS-C00

Amazon ANS-C00 Practice Test - Questions Answers, Page 25

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URLs, the instances should be able to access any Amazon S3 bucket in the same region via any URL. Which of the following solutions should you deploy? (Choose two.)
Your website is under attack and a malicious party is stealing large amounts of data. You have default NACL rules. Stopping the attack is the ONLY priority in this case. Which two commands should you use? (Choose two.)
Which element of AWS Config can be used to help maintain internal and external compliance controls?
A bank built a new version of its banking application in AWS using containers that connect to an on-premises database over a VPN connection. This application version requires users to also update their client application. The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their onpremises version of the application to serve a small portion of the customers who haven't yet upgraded. What design will allow the company to serve both newer and earlier clients in the MOST efficient way?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)

Question 241

Report
Export
Collapse

In AWS, which service provides a reliable and inexpensive way to backup and archive CloudTrail log files?

A.
Amazon Archiver
A.
Amazon Archiver
Answers
B.
Amazon Glacier
B.
Amazon Glacier
Answers
C.
AWS Storage Gateway
C.
AWS Storage Gateway
Answers
D.
Amazon Elastic Block Store
D.
Amazon Elastic Block Store
Answers
Suggested answer: B

Explanation:

Explanation:

You control the retention policies for your CloudTrail log files. By default, log files are stored indefinitely, but for cost efficiency, you may want to delete old log files or archive them to Amazon Glacier, a storage service optimized for data archiving and backup of infrequently used data. Reference: https://aws.amazon.com/cloudtrail/faqs/

Question 242

Report
Export
Collapse

You are building an application in AWS that requires Amazon Elastic MapReduce (Amazon EMR). The application needs to resolve hostnames in your internal, on-premises Active Directory domain. You update your DHCP Options Set in the VPC to point to a pair of Active Directory integrated DNS servers running in your VPC. Which action is required to support a successful Amazon EMR cluster launch?

A.
Add a conditional forwarder to the Amazon-provided DNS server.
A.
Add a conditional forwarder to the Amazon-provided DNS server.
Answers
B.
Enable seamless domain join for the Amazon EMR cluster.
B.
Enable seamless domain join for the Amazon EMR cluster.
Answers
C.
Launch an AD connector for the internal domain.
C.
Launch an AD connector for the internal domain.
Answers
D.
Configure an Amazon Route 53 private zone for the EMR cluster.
D.
Configure an Amazon Route 53 private zone for the EMR cluster.
Answers
Suggested answer: B

Explanation:

Explanation:

References: https://aws.amazon.com/blogs/security/how-to-connect-your-on-premises-active-directory-to-aws-using-adconnector/

Question 243

Report
Export
Collapse

How many tunnels do you get with each VPN connection hosted by AWS?

A.
4
A.
4
Answers
B.
1
B.
1
Answers
C.
2
C.
2
Answers
Suggested answer: C

Explanation:

Explanation:

All AWS VPNs come with 2 tunnels for resiliency.

Question 244

Report
Export
Collapse

An AWS account owner has setup multiple IAM users. One of these IAM users, named John, has CloudWatch access, but no access to EC2 services. John has setup an alarm action which stops EC2 instances when their CPU utilization is below the threshold limit. When an EC2 instance's CPU Utilization rate drops below the threshold John has set, what will happen and why?

A.
Nothing will happen. John cannot set an alarm on EC2 since he does not have the permission.
A.
Nothing will happen. John cannot set an alarm on EC2 since he does not have the permission.
Answers
B.
CloudWatch will stop the instance when the action is executed
B.
CloudWatch will stop the instance when the action is executed
Answers
C.
Nothing will happen because it is not possible to stop the instance using the CloudWatch alarm
C.
Nothing will happen because it is not possible to stop the instance using the CloudWatch alarm
Answers
D.
Nothing will happen. John can setup the action, but it will not be executed because he does not have EC2 access through IAM policies.
D.
Nothing will happen. John can setup the action, but it will not be executed because he does not have EC2 access through IAM policies.
Answers
Suggested answer: D

Explanation:

Explanation:

Amazon CloudWatch alarms watch a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The user can setup an action which stops the instances when their CPU utilization is below a certain threshold for a certain period of time. The EC2 action can either terminate or stop the instance as part of the EC2 action. If the IAM user has read/write permissions for Amazon CloudWatch but not for Amazon EC2, he can still create an alarm. However, the stop or terminate actions will not be performed on the Amazon EC2 instance. Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/UsingAlarmActions.html

Question 245

Report
Export
Collapse

You are auditing an AWS infrastructure after you noticed some abnormal charges on the bill. You use AWS Config to monitor your changes. What else is required to find out who made the change?

A.
There is no information to find this. You will need to sign up for Config Premium.
A.
There is no information to find this. You will need to sign up for Config Premium.
Answers
B.
Use the eventID of the change and reference it with your Flow Logs.
B.
Use the eventID of the change and reference it with your Flow Logs.
Answers
C.
Use the eventId of the change and reference it with CloudTrail to find the culprit.
C.
Use the eventId of the change and reference it with CloudTrail to find the culprit.
Answers
D.
Use the eventID of the change and reference it with CloudWatch to find the culprit.
D.
Use the eventID of the change and reference it with CloudWatch to find the culprit.
Answers
Suggested answer: C

Explanation:

Explanation:

CloudTrail is for finding "who" performed an action.

Question 246

Report
Export
Collapse

An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF.

What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?

A.
Configure each application VPC with a static route entry pointing the on-premises CIDR block to the software VPN instances.
A.
Configure each application VPC with a static route entry pointing the on-premises CIDR block to the software VPN instances.
Answers
B.
Configure the central VPC with a static route entry pointing the on-premises CIDR block to local VGWs.
B.
Configure the central VPC with a static route entry pointing the on-premises CIDR block to local VGWs.
Answers
C.
Advertise all application VPC CIDR blocks to on-premises resources via the VGW in the central VPC.
C.
Advertise all application VPC CIDR blocks to on-premises resources via the VGW in the central VPC.
Answers
D.
Configure IPSec tunnels from the on-premises router into the software VPN instances with dynamic routing.
D.
Configure IPSec tunnels from the on-premises router into the software VPN instances with dynamic routing.
Answers
Suggested answer: B

Question 247

Report
Export
Collapse

In the "start using the AWS Direct Connect steps," when can you complete the Cross Connect step?

A.
After verifying your virtual interface
A.
After verifying your virtual interface
Answers
B.
After you have received your Letter of Authorization and Connecting Facility Assignment (LOA-CFA) from AWS
B.
After you have received your Letter of Authorization and Connecting Facility Assignment (LOA-CFA) from AWS
Answers
C.
72 hours after submitting your request for AWS Direct Connect Connection
C.
72 hours after submitting your request for AWS Direct Connect Connection
Answers
D.
Immediately after submitting your request for AWS Direct Connect Connection
D.
Immediately after submitting your request for AWS Direct Connect Connection
Answers
Suggested answer: B

Explanation:

Explanation:

To complete the steps of "start using the AWS Direct Connect," after submitting your request for AWS Direct Connect connection, AWS will send you an email within 72 hours with a Letter of Authorization and Connecting Facility Assignment (LOA-CFA). After you have received your LOA-CFA, you need to complete your cross-network connection, also known as a cross connect. Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/Colocation.html

Question 248

Report
Export
Collapse

You have an application that is processing confidential data. The data is currently stored in your data center. You are moving workloads to AWS, and you need to ensure confidentiality and integrity of the data in transit to your VPC. Your company has an existing AWS Direct Connect connection.

What combination of steps should you perform to set up the most cost-effective connection between your on-premises data center and AWS? (Choose three.)

A.
Set up a VPC with a virtual private gateway.
A.
Set up a VPC with a virtual private gateway.
Answers
B.
Set up a VPC with an Internet gateway.
B.
Set up a VPC with an Internet gateway.
Answers
C.
Configure a public virtual interface on your Direct Connect connection.
C.
Configure a public virtual interface on your Direct Connect connection.
Answers
D.
Configure a private virtual interface to the virtual private gateway.
D.
Configure a private virtual interface to the virtual private gateway.
Answers
E.
Set up an IPsec tunnel between your customer gateway and a software VPN on Amazon EC2 in the VPC.
E.
Set up an IPsec tunnel between your customer gateway and a software VPN on Amazon EC2 in the VPC.
Answers
F.
Set up an IPsec tunnel between your customer gateway appliance and the virtual private gateway.
F.
Set up an IPsec tunnel between your customer gateway appliance and the virtual private gateway.
Answers
Suggested answer: A, C, F

Explanation:

Explanation:

Setting up a VPN over your Direct Connect connection will secure the data in transit. The steps to do so are: adding a VGW to the VPC; setting up a public virtual interface; and creating the IPsec tunnel between your data center and the VGW via the public virtual interface. B would send traffic over the public Internet. D is not possible because a public virtual interface is needed to announce the VGW endpoint IPs. E would not take advantage of the already existing Direct Connect connection.

Question 249

Report
Export
Collapse

You can use the ____ command of the AWS Config service CLI to see the compliance state for each AWS resource of a specific type.

A.
describe-compliance-by-resource
A.
describe-compliance-by-resource
Answers
B.
get-compliance-details-by-config-rule
B.
get-compliance-details-by-config-rule
Answers
C.
describe-compliance-by-config-rule
C.
describe-compliance-by-config-rule
Answers
D.
get-compliance-details-by-resource
D.
get-compliance-details-by-resource
Answers
Suggested answer: A

Explanation:

Explanation:

You can use the AWS Config console, AWS CLI, or AWS Config API to view the compliance state of your rules and resources. The describe-compliance-by-resource command of the AWS Config CLI to see the compliance state for each AWS resource of a specific type. This is distinct from the describe-compliance-by-config-rule command, which gives the compliance state of each rule in AWS Config . Reference: http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_view-compliance.html

Question 250

Report
Export
Collapse

You are moving a two-tier application into an Amazon VPC. An Elastic Load Balancing (ELB) load balancer is configured in front of the application tier. The application tier is driven through RESTful interfaces. The data tier uses relational database service (RDS) MySQL. Company policy requires end-to-end encryption of all data in transit. What ELB configuration complies with the corporate encryption policy?

A.
Configure the ELB load balancer protocol as HTTP. Configure the application instances for SSL termination. ConfigureAmazon RDS for SSL, and use REQUIRE SSL grants.
A.
Configure the ELB load balancer protocol as HTTP. Configure the application instances for SSL termination. ConfigureAmazon RDS for SSL, and use REQUIRE SSL grants.
Answers
B.
Configure the ELB protocols in TCP mode. Configure the application instances for SSL termination. Configure Amazon RDS for SSL, and use REQUIRE SSL grants.
B.
Configure the ELB protocols in TCP mode. Configure the application instances for SSL termination. Configure Amazon RDS for SSL, and use REQUIRE SSL grants.
Answers
C.
Configure the ELB load balancer protocol as HTTPS. Offload application instance encryption to the load balancer. Installyour SSL certificate on Amazon RDS, and configure SSL.
C.
Configure the ELB load balancer protocol as HTTPS. Offload application instance encryption to the load balancer. Installyour SSL certificate on Amazon RDS, and configure SSL.
Answers
D.
Configure the ELB protocols in SSL mode. Offload application instance encryption to the load balancer. Install your SSL/TLS certificate on Amazon RDS, and configure SSL.
D.
Configure the ELB protocols in SSL mode. Offload application instance encryption to the load balancer. Install your SSL/TLS certificate on Amazon RDS, and configure SSL.
Answers
Suggested answer: C
Total 414 questions
Go to page: of 42
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms