ExamGecko
Search Search Login
Home Home / Amazon / ANS-C00

Amazon ANS-C00 Practice Test - Questions Answers, Page 27

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URLs, the instances should be able to access any Amazon S3 bucket in the same region via any URL. Which of the following solutions should you deploy? (Choose two.)
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Your website is under attack and a malicious party is stealing large amounts of data. You have default NACL rules. Stopping the attack is the ONLY priority in this case. Which two commands should you use? (Choose two.)
Which element of AWS Config can be used to help maintain internal and external compliance controls?
A bank built a new version of its banking application in AWS using containers that connect to an on-premises database over a VPN connection. This application version requires users to also update their client application. The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their onpremises version of the application to serve a small portion of the customers who haven't yet upgraded. What design will allow the company to serve both newer and earlier clients in the MOST efficient way?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)

Question 261

Report
Export
Collapse

You have two public applications on different domains that use two front-end servers and two back-end servers each. You wish to achieve high availability for both applications. What two options should you configure? (Choose two.)

A.
Route 53: 2 public zones and 2 private zones.
A.
Route 53: 2 public zones and 2 private zones.
Answers
B.
Route 53: 2 public zones and 1 private zone.
B.
Route 53: 2 public zones and 1 private zone.
Answers
C.
3 load balancers: 2 public and 1 internal.
C.
3 load balancers: 2 public and 1 internal.
Answers
D.
4 load balancers: 2 public and 2 internal.
D.
4 load balancers: 2 public and 2 internal.
Answers
Suggested answer: A, D

Explanation:

Explanation:

Route 53: 2 public zones and 2 private zones and 4 load balancers: 2 public and 2 internal. This will allow one domain to be balanced over two application servers which will then have traffic balanced to the two backend servers.

Question 262

Report
Export
Collapse

A company has a VPC in the us-west-1 Region and another VPC in the ap-southeast-2 Region. Network engineers set up an AWS Direct Connect connection from their data center to the us-east-1 Region. They create a private virtual interface (VIF) that references a Direct Connect gateway, which is then connected to virtual private gateways in both VPCs. When the setup is complete, the engineers cannot access resources in us-west-1 from ap-southeast-2. What should the network engineers do to resolve this issue?

A.
Add the subnet range for the VPCs in us-west-1 and ap-southeast-2 to the route tables for both VPCs. Add the Direct Connect gateway as a target.
A.
Add the subnet range for the VPCs in us-west-1 and ap-southeast-2 to the route tables for both VPCs. Add the Direct Connect gateway as a target.
Answers
B.
Configure the Direct Connect gateway to route traffic between the VPCs in ap-southeast-2 and us-west-2.
B.
Configure the Direct Connect gateway to route traffic between the VPCs in ap-southeast-2 and us-west-2.
Answers
C.
Establish a VPC peering connection between the VPCs in ap-southeast-2 and us-west-2. Add the subnet ranges to the routing tables.
C.
Establish a VPC peering connection between the VPCs in ap-southeast-2 and us-west-2. Add the subnet ranges to the routing tables.
Answers
D.
Create static routes in each VPC that point to the destination VPC with the virtual private gateway as the route target.
D.
Create static routes in each VPC that point to the destination VPC with the virtual private gateway as the route target.
Answers
Suggested answer: B

Question 263

Report
Export
Collapse

An architecture is being designed to support an Amazon WorkSpaces deployment of 1,000 desktops. Which architecture will support this deployment while allowing for future expansion?

A.
A VPC with a /16 CIDR and one /21 subnet
A.
A VPC with a /16 CIDR and one /21 subnet
Answers
B.
A VPC with a /20 CIDR and two /21 subnets
B.
A VPC with a /20 CIDR and two /21 subnets
Answers
C.
A VPC with a /16 CIDR and one /22 subnet
C.
A VPC with a /16 CIDR and one /22 subnet
Answers
D.
A VPC with a /20 CIDR and two /23 subnets
D.
A VPC with a /20 CIDR and two /23 subnets
Answers
Suggested answer: C

Question 264

Report
Export
Collapse

You are the network engineer at your company, and you are noticing issues with QoS in you're the traffic to your instances hosting a VOIP program. You need to inspect the network packets to determine if it is a programming error or a networking error. How should you do this?

A.
Configure a network monitoring program on every instance and stream the logs to an S3 bucket to be parsed.
A.
Configure a network monitoring program on every instance and stream the logs to an S3 bucket to be parsed.
Answers
B.
Use CloudWatch
B.
Use CloudWatch
Answers
C.
Set up another instance with an ENI added to act as a monitoring interface. Set the port to "promiscuous mode" and sniff the traffic to analyze the packets. Then output this single stream to an S3 bucket to be parsed.
C.
Set up another instance with an ENI added to act as a monitoring interface. Set the port to "promiscuous mode" and sniff the traffic to analyze the packets. Then output this single stream to an S3 bucket to be parsed.
Answers
D.
Inspect Flow Logs
D.
Inspect Flow Logs
Answers
Suggested answer: A

Explanation:

Explanation:

Flow Logs and CloudWatch do not display packet contents. You cannot sniff traffic destined for other instances.

Question 265

Report
Export
Collapse

You are a network admin of a US company called Webby Widgets that is expanding to Europe. The company has a website that serves dynamic and static content.

You have been instructed to ensure the European clients receive the least latency possible, no matter where in Europe they live, while still allowing the US clients to receive the same user experience and performance they have been accustomed to.

You have also been instructed to ensure both countries use the same URL to access the site and keep costs low.

What two things should you do? (Choose two.)

A.
Deploy three VPCs; one for the US, one for the EU, and one as a central VPC that hosts an Elastic Load Balancer that will distribute traffic between the US and EU VPCs.
A.
Deploy three VPCs; one for the US, one for the EU, and one as a central VPC that hosts an Elastic Load Balancer that will distribute traffic between the US and EU VPCs.
Answers
B.
Create two A records: eu.webbywidgets.com that points to the EU resources and us.webbywidgets.com that points to the US resources.
B.
Create two A records: eu.webbywidgets.com that points to the EU resources and us.webbywidgets.com that points to the US resources.
Answers
C.
Use the Traffic Flow policy creator to create the perfect routing policy.
C.
Use the Traffic Flow policy creator to create the perfect routing policy.
Answers
D.
Create a CloudFront distribution to serve the static content from an S3 bucket.
D.
Create a CloudFront distribution to serve the static content from an S3 bucket.
Answers
Suggested answer: C, D

Explanation:

Explanation:

The Traffic Flow policy creator costs $50/mo. per policy and Elastic Load Balancers cannot distribute traffic between VPCs.

Question 266

Report
Export
Collapse

Your VPC has a DX connection that is advertising 99 routes. You have two more prefixes to add: 10.223.1.0/24 and 10.223.2.0/24. You have several locations, so you need to be as exact as possible with your routing. How would you do this?

A.
Add the prefixes; AWS allows for as many BGP routes as you need but not static.
A.
Add the prefixes; AWS allows for as many BGP routes as you need but not static.
Answers
B.
Contact AWS to extend the number of prefixes you are allowed to advertise.
B.
Contact AWS to extend the number of prefixes you are allowed to advertise.
Answers
C.
Summarize the routes into a 10.223.0.0/22 and advertise that route instead.
C.
Summarize the routes into a 10.223.0.0/22 and advertise that route instead.
Answers
D.
Summarize the routes into a 10.223.0.0/12 and advertise that route instead.
D.
Summarize the routes into a 10.223.0.0/12 and advertise that route instead.
Answers
Suggested answer: C

Explanation:

Explanation:

BGP has a strict 100 prefix limit. 10.223.0.0/12 includes both routes but is not very specific. 10.223.0.0/22 is the proper summarization of both routes.

Question 267

Report
Export
Collapse

Your customer's internal security teams receive requests to allow Amazon S3 access from inside the corporate network. All external traffic must be explicitly whitelisted through your corporate firewalls. How can your security team grant this access?

A.
Obtain the list of IP prefixes from AWS Forum announcements, and use those prefixes in firewall rules.
A.
Obtain the list of IP prefixes from AWS Forum announcements, and use those prefixes in firewall rules.
Answers
B.
Obtain the list of IP prefixes from ip-ranges.json, and use those prefixes in firewall rules.
B.
Obtain the list of IP prefixes from ip-ranges.json, and use those prefixes in firewall rules.
Answers
C.
Obtain the list of IP prefixes by performing a DNS lookup on Amazon S3 endpoints, and use those prefixes in firewall rules.
C.
Obtain the list of IP prefixes by performing a DNS lookup on Amazon S3 endpoints, and use those prefixes in firewall rules.
Answers
D.
Connect your data center to a VPC via Direct Connect. Create routes that forward traffic from your data center to an S3 private endpoint.
D.
Connect your data center to a VPC via Direct Connect. Create routes that forward traffic from your data center to an S3 private endpoint.
Answers
Suggested answer: B

Explanation:

Explanation: ip-ranges.json contains the latest list of IP addresses used by AWS. AWS no longer posts IP prefixes in Forum announcements. DNS lookups would not provide an exhaustive list of possible IP prefixes. D would require transitive routing, which is not possible.

Question 268

Report
Export
Collapse

In the context of Amazon CloudFront, when you configure the media player, the path you specify to the media file must contain the characters _____________.

A.
flv/std just before the domain name
A.
flv/std just before the domain name
Answers
B.
flv/std immediately after the domain name
B.
flv/std immediately after the domain name
Answers
C.
cfx/st just before the domain name
C.
cfx/st just before the domain name
Answers
D.
cfx/st immediately after the domain name
D.
cfx/st immediately after the domain name
Answers
Suggested answer: D

Explanation:

Explanation:

In Amazon CloudFront, when you configure the media player, the path you specify to the media file must contain the characters cfx/st immediately after the domain name. For example: rtmp://s5c39gqb8ow64r.cloudfront.net/cfx/st/ mediafile.flv

Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Streaming_URLs.html

Question 269

Report
Export
Collapse

Your company needs an inexpensive solution to host their AD data in the cloud. They do not need all of the features of AD but do need to be able to use it with WorkSpaces. What is the best solution?

A.
AD Connector
A.
AD Connector
Answers
B.
Hosted Microsoft AD
B.
Hosted Microsoft AD
Answers
C.
Simple AD
C.
Simple AD
Answers
D.
Deploy an AD server on an M3.large instance
D.
Deploy an AD server on an M3.large instance
Answers
Suggested answer: C

Explanation:

Explanation:

Simple AD is the best choice here. If authentication is all you need, it is the most inexpensive option for in-cloud directory.

Question 270

Report
Export
Collapse

A company is deploying a network security product that is based on virtual appliances that run on Amazon EC2 instances.

The appliances are stateful and inspect request traffic and return traffic. The appliances require visibility to a network flow's bidirectional transaction.

The central appliance VPC is connected to a transit gateway.

A network administrator notices that connections to the appliances are dropped when the traffic crosses Availability Zones.

The appliances run behind a Gateway Load Balancer. The appliances are deployed across multiple Availability zones in a central VPC. What is MOST likely causing the connections to drop?

A.
The transit gateway VPC attachment of the central appliance VPC is configured only for a subnet in a single Availability Zone
A.
The transit gateway VPC attachment of the central appliance VPC is configured only for a subnet in a single Availability Zone
Answers
B.
The transit gateway VPC attachment of the appliance is not configured for appliance mode
B.
The transit gateway VPC attachment of the appliance is not configured for appliance mode
Answers
C.
The route table that is attached to the subnet in one of the Availability Zones is missing a return route to the originating VPC
C.
The route table that is attached to the subnet in one of the Availability Zones is missing a return route to the originating VPC
Answers
D.
The security group that is attached to one of the appliance instances is blocking traffic to port 6081
D.
The security group that is attached to one of the appliance instances is blocking traffic to port 6081
Answers
Suggested answer: B

Explanation:

Explanation:

Reference: https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-aws-gateway-load-balancersupported-architecture-patterns/

Total 414 questions
Go to page: of 42
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms