ExamGecko
Login
Home / Amazon / ANS-C00 / List of questions
Ask Question

Amazon ANS-C00 Practice Test - Questions Answers, Page 28

List of questions

Question 271

Report
Export
Collapse

An organization launched an IPv6-only web portal to support IPv6-native mobile clients. Front-end instances launch in an Amazon VPC associated with an appropriate IPv6 CIDR. The VPC IPv4 CIDR is fully utilized. A single subnet exists in each of two Availability Zones with appropriately configured IPv6 CIDR associations. Auto Scaling is properly configured, and no Elastic Load Balancing is used.

Customers say the service is unavailable during peak load times. The network engineer attempts to launch an instance manually and receives the following message: "There are not enough free addresses in subnet 'subnet-12345678' to satisfy the requested number of instances." What action will resolve the availability problem?

Create a new subnet using a VPC secondary IPv6 CIDR, and associate an IPv6 CIDR. Include the new subnet in the Auto Scaling group.
Create a new subnet using a VPC secondary IPv6 CIDR, and associate an IPv6 CIDR. Include the new subnet in the Auto Scaling group.
Create a new subnet using a VPC secondary IPv4 CIDR, and associate an IPv6 CIDR. Include the new subnet in the Auto Scaling group.
Create a new subnet using a VPC secondary IPv4 CIDR, and associate an IPv6 CIDR. Include the new subnet in the Auto Scaling group.
Resize the IPv6 CIDR on each of the existing subnets. Modify the Auto Scaling group maximum number of instances.
Resize the IPv6 CIDR on each of the existing subnets. Modify the Auto Scaling group maximum number of instances.
Add a secondary IPv4 CIDR to the Amazon VPC. Assign secondary IPv4 address space to each of the existing subnets.
Add a secondary IPv4 CIDR to the Amazon VPC. Assign secondary IPv4 address space to each of the existing subnets.
Suggested answer: B
asked 16/09/2024
Colin Mabe
41 questions

Question 272

Report
Export
Collapse

You have a data center with a 2 connection LAG. You wish to add 2 more connections, how many LOAs must you complete?

2
2
1
1
4
4
0
0
Suggested answer: A

Explanation:

Explanation:

You must complete a LOA for each new physical connection.

asked 16/09/2024
Filippo Panarella
24 questions

Question 273

Report
Export
Collapse

An unfortunate situation has just come to your attention. A business critical application with sensitive data running on-prem will run out of storage disk space in 24hrs. This business critical application is dependent a very large set of routes - required for integration with other system. You make a quick but well informed decision to migrate this application quickly to AWS. You are able to quickly launch a new VPC and within it equivalent infrastructure to re-home the application. In order to complete the replication of application data and ensure the application remains operational beyond the next 24hrs, select the best implementation.

Within the new VPC - establish a Direct Connect connection with max 10Gbps port speed for data replication. Establish a 802.1Q VLAN and configure a Virtual Private Gateway and Private Virtual Interface, and ensure Jumbo Frames isenabled.
Within the new VPC - establish a Direct Connect connection with max 10Gbps port speed for data replication. Establish a 802.1Q VLAN and configure a Virtual Private Gateway and Private Virtual Interface, and ensure Jumbo Frames isenabled.
Within the new VPC - deploy a Virtual Private Gateway, Customer Gateway, and establish a new IPsec VPN Connection with BGP dynamic routing
Within the new VPC - deploy a Virtual Private Gateway, Customer Gateway, and establish a new IPsec VPN Connection with BGP dynamic routing
Within the new VPC - deploy a Virtual Private Gateway, Customer Gateway, and establish a new IPsec VPN Connection with static routing, and ensure Jumbo Frames is enabled.
Within the new VPC - deploy a Virtual Private Gateway, Customer Gateway, and establish a new IPsec VPN Connection with static routing, and ensure Jumbo Frames is enabled.
Within the new VPC - deploy a software based virtual router (for example a Cisco CSR). Configure with dual ENIs (external and internal), create and attach an EIP to the external ENI, Configure and setup IPsec VPN tunnels, and ensureJumbo Frames is enabled.
Within the new VPC - deploy a software based virtual router (for example a Cisco CSR). Configure with dual ENIs (external and internal), create and attach an EIP to the external ENI, Configure and setup IPsec VPN tunnels, and ensureJumbo Frames is enabled.
Suggested answer: B

Explanation:

Explanation:

Answer A - Let's start by stating that all possible options are actually workable solutions. The key criteria of the question is to complete the data migration aspects as *quickly* as possible. With this in mind we can immediately rule out Answer A - due to the time it takes to provision and activate a fully functional Direct Connect connection, 72+ hrs. Answer C is the same as Answer D but lacks BGP - therefore we would need to setup the routes manually - more time and effort. Additionally Answer D uses Jumbo Frames - but AWS does not support Jumbo frames over the Virtual Private Gateway - therefore Answer D's use of Jumbo Frames is negated. Overall Answer B is considered the quickest option.

Reference: http://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/GenericConfig.html

asked 16/09/2024
Nathalie Yip
38 questions

Question 274

Report
Export
Collapse

A company has 225 mobile and desktop devices and 300 partner VPNs that need access to an AWS VPC. VPN users should not be able to reach one another. Which approach will meet the technical and security requirements while minimizing costs?

Use the AWS IPsec VPN for the mobile, desktop, and partner VPN connections. Use network access control lists (Network ACLs) and security groups to maintain routing separation.
Use the AWS IPsec VPN for the mobile, desktop, and partner VPN connections. Use network access control lists (Network ACLs) and security groups to maintain routing separation.
Use the AWS IPsec VPN for the partner VPN connections. Use an Amazon EC2 instance VPN for the mobile and desktop devices. Use Network ACLs and security groups to maintain routing separation.
Use the AWS IPsec VPN for the partner VPN connections. Use an Amazon EC2 instance VPN for the mobile and desktop devices. Use Network ACLs and security groups to maintain routing separation.
Create an AWS Direct Connect connection between on-premises and AWS Use a public virtual interface to connect to the AWS IPsec VPN for the mobile, desktop, and partner VPN connections.
Create an AWS Direct Connect connection between on-premises and AWS Use a public virtual interface to connect to the AWS IPsec VPN for the mobile, desktop, and partner VPN connections.
Use an Amazon EC2 instance VPN for the desktop, mobile, and partner VPN connections. Use features of the VPN instance to limit routing and connectivity.
Use an Amazon EC2 instance VPN for the desktop, mobile, and partner VPN connections. Use features of the VPN instance to limit routing and connectivity.
Suggested answer: B
asked 16/09/2024
Alexander Voronetsky
42 questions

Question 275

Report
Export
Collapse

You have to set up an AWS Direct Connect connection to connect your on-premises to an AWS VPC. Due to budget requirements, you can only provision a single Direct Connect port. You have two border gateway routers at your onpremises data center that can peer with the Direct Connect routers for redundancy.

Which two design methodologies, in combination, will achieve this connectivity? (Choose two.)

Terminate the Direct Connect circuit on a L2 border switch, which in turn has trunk connections to the two routers.
Terminate the Direct Connect circuit on a L2 border switch, which in turn has trunk connections to the two routers.
Create two Direct Connect private VIFs for the same VPC, each with a different peer IP.
Create two Direct Connect private VIFs for the same VPC, each with a different peer IP.
Terminate the Direct Connect circuit on any of the one routers, which in turn will have an IBGP session with the other router.
Terminate the Direct Connect circuit on any of the one routers, which in turn will have an IBGP session with the other router.
Create one Direct Connect private VIF for the VPC with two customer peer IPs.
Create one Direct Connect private VIF for the VPC with two customer peer IPs.
Provision two VGWs for the VPC and create one Direct Connect private VIF per VGW.
Provision two VGWs for the VPC and create one Direct Connect private VIF per VGW.
Suggested answer: A, D
asked 16/09/2024
Cesar Augusto Veliz Reyes
44 questions

Question 276

Report
Export
Collapse

A company is using AWS to host all of its applications. Each application is isolated in its own Amazon VPC. Different environments such as Development, Test, and Production are also isolated in their own VPCs. The network engineer needs to automate VPC creation to enforce the company's network and security standards. Additionally, the CIDR range used in each VPC needs to be unique. Which solution meets all of these requirements?

Use AWS CloudFormation to deploy the VPC infrastructure and a custom resource to request a CIDR range from an external IP address management (IPAM) service.
Use AWS CloudFormation to deploy the VPC infrastructure and a custom resource to request a CIDR range from an external IP address management (IPAM) service.
Use AWS OpsWorks to deploy the VPC infrastructure and a custom resource to request a CIDR range from an external IP address management (IPAM) service.
Use AWS OpsWorks to deploy the VPC infrastructure and a custom resource to request a CIDR range from an external IP address management (IPAM) service.
Use the VPC wizard in the AWS Management Console. Type in the CIDR blocks for the VPC and subnets.
Use the VPC wizard in the AWS Management Console. Type in the CIDR blocks for the VPC and subnets.
Create the VPCs using AWS CLI and use the dry-run flag to validate if the current CIDR range is in use.
Create the VPCs using AWS CLI and use the dry-run flag to validate if the current CIDR range is in use.
Suggested answer: A
asked 16/09/2024
Alan How
35 questions

Question 277

Report
Export
Collapse

A company runs a large-scale application on a fleet of Amazon EC2 instances that are distributed across several VPCs. A Network Load Balancer (NLB) in a separate VPC routes traffic to the EC2 instances. The NLB's VPC is peered to all the application VPCs.

The application must process millions of requests each minute during times of peak utilization. Users are reporting that the connections to the application are failing during peak times. Monitoring shows an increase in port allocation errors on the NLB.

Which action will solve this issue with the LEAST change to the architecture?

Increase the number of EC2 instances in the target group.
Increase the number of EC2 instances in the target group.
Create an Application Load Balancer for the target group.
Create an Application Load Balancer for the target group.
Add a new target group to the same NLB listener.
Add a new target group to the same NLB listener.
Change the target group type to "instance."
Change the target group type to "instance."
Suggested answer: C
asked 16/09/2024
cheitram patel
34 questions

Question 278

Report
Export
Collapse

You need to create a baseline of normal traffic flow in order to implement some security changes to your organization.

What two items would be best to use? (Choose two.)

Wireshark
Wireshark
CloudTrail
CloudTrail
An IDS
An IDS
CloudWatch
CloudWatch
Suggested answer: A, D
asked 16/09/2024
Donovan Rodriguez
31 questions

Question 279

Report
Export
Collapse

What are two routing methods used by Route 53? (Choose two.)

RIP
RIP
Failover
Failover
Latency
Latency
AS_PATH
AS_PATH
Suggested answer: B, C

Explanation:

Explanation:

RIP is used for network routing and AS_PATH is used for BGP path manipulation.

asked 16/09/2024
Khaled Fouad
33 questions

Question 280

Report
Export
Collapse

A company is running services in a VPC with a CIDR block of 10.5.0.0/22. End users report that they no longer can provision new resources because some of the subnets in the VPC have run out of IP addresses. How should a network engineer resolve this issue?

Add 10.5.2.0/23 as a second CIDR block to the VP
Add 10.5.2.0/23 as a second CIDR block to the VP
Create a new subnet with a new CIDR block, and provision new resources in the new subnet.
Create a new subnet with a new CIDR block, and provision new resources in the new subnet.
Add 10.5.4.0/21 as a second CIDR block to the VP
Add 10.5.4.0/21 as a second CIDR block to the VP
Assign a second network from this CIDR block to the existing subnets that have run out of IP addresses.
Assign a second network from this CIDR block to the existing subnets that have run out of IP addresses.
Add 10.5.4.0/22 as a second CIDR block to the VPAssign a second network from this CIDR block to the existing subnets that have run out of IP addresses.
Add 10.5.4.0/22 as a second CIDR block to the VPAssign a second network from this CIDR block to the existing subnets that have run out of IP addresses.
Add 10.5.4.0/22 as a second CIDR block to the VPC. Create a new subnet with a new CIDR block, and provision new resources in the new subnet.
Add 10.5.4.0/22 as a second CIDR block to the VPC. Create a new subnet with a new CIDR block, and provision new resources in the new subnet.
Suggested answer: D
asked 16/09/2024
Mohsin Raza
43 questions
Total 414 questions
Go to page: of 42
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Which of these modes is not a configuration mode for a WAF?
Your organization runs a popular e-commerce application deployed on AWS that uses auto scaling in conjunction with an Elastic Load balancing (ELB) service with an HTTPS listener. Your security team reports that an exploitable vulnerability has been discovered in the encryption protocol and cipher that your site uses. Which step should you take to fix this problem?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)
You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
Which service would you use to see who changed your infrastructure?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution. A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location. Which solution will meet this requirement, while minimizing downtime and costs?