ExamGecko
Search Search Login
Home Home / Amazon / ANS-C00

Amazon ANS-C00 Practice Test - Questions Answers, Page 29

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URLs, the instances should be able to access any Amazon S3 bucket in the same region via any URL. Which of the following solutions should you deploy? (Choose two.)
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Your website is under attack and a malicious party is stealing large amounts of data. You have default NACL rules. Stopping the attack is the ONLY priority in this case. Which two commands should you use? (Choose two.)
Which element of AWS Config can be used to help maintain internal and external compliance controls?
A bank built a new version of its banking application in AWS using containers that connect to an on-premises database over a VPN connection. This application version requires users to also update their client application. The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their onpremises version of the application to serve a small portion of the customers who haven't yet upgraded. What design will allow the company to serve both newer and earlier clients in the MOST efficient way?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)

Question 281

Report
Export
Collapse

For web distributions in Amazon CloudFront, your origin can be either an Amazon S3 bucket or _______ .

A.
a DNS server
A.
a DNS server
Answers
B.
a proxy server
B.
a proxy server
Answers
C.
an FTP server
C.
an FTP server
Answers
D.
an HTTP server
D.
an HTTP server
Answers
Suggested answer: D

Explanation:

Explanation:

For web distributions in Amazon CloudFront, your origin can be either an Amazon S3 bucket or an HTTP server. Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-overview.html

Question 282

Report
Export
Collapse

Which of these metrics cannot help detect a DDoS?

A.
EC2 CPUUtilization
A.
EC2 CPUUtilization
Answers
B.
ELB SurgeQueueLength
B.
ELB SurgeQueueLength
Answers
C.
EMR EMRspersecond
C.
EMR EMRspersecond
Answers
D.
CloudFront Requests
D.
CloudFront Requests
Answers
Suggested answer: C

Explanation:

Explanation:

EMR EMRspersecond doesn't exist.

Question 283

Report
Export
Collapse

A network engineer has configured a private hosted zone using Amazon Route 53. The engineer needs to configure health checks for record sets within the zone that are associated with instances. How can the engineer meet the requirements?

A.
Configure a Route 53 health check to a private IP associated with the instances inside the VPC to be checked.
A.
Configure a Route 53 health check to a private IP associated with the instances inside the VPC to be checked.
Answers
B.
Configure a Route 53 health check pointing to an Amazon SNS topic that notifies an Amazon CloudWatch alarm when the Amazon EC2 StatusCheckFailed metric fails.
B.
Configure a Route 53 health check pointing to an Amazon SNS topic that notifies an Amazon CloudWatch alarm when the Amazon EC2 StatusCheckFailed metric fails.
Answers
C.
Create a CloudWatch metric that checks the status of the EC2 StatusCheckFailed metric, add an alarm to the metric, and then create a health check that is based on the state of the alarm.
C.
Create a CloudWatch metric that checks the status of the EC2 StatusCheckFailed metric, add an alarm to the metric, and then create a health check that is based on the state of the alarm.
Answers
D.
Create a CloudWatch alarm for the StatusCheckFailed metric and choose Recover this instance, selecting a threshold value of 1.
D.
Create a CloudWatch alarm for the StatusCheckFailed metric and choose Recover this instance, selecting a threshold value of 1.
Answers
Suggested answer: A

Question 284

Report
Export
Collapse

Your company just purchased a domain using another registrar and wants to use the same nameservers as your current domain hosted with AWS. How would this be achieved?

A.
Every domain must have different nameservers.
A.
Every domain must have different nameservers.
Answers
B.
In the API, create a Reusable Delegation Set.
B.
In the API, create a Reusable Delegation Set.
Answers
C.
Import the domain to your account and it will automatically set the same nameservers.
C.
Import the domain to your account and it will automatically set the same nameservers.
Answers
D.
In the console, create a Reusable Delegation Set.
D.
In the console, create a Reusable Delegation Set.
Answers
Suggested answer: B

Explanation:

Explanation:

You can't create a reusable delegation set in the console. AWS does not provide the same nameservers to new domains, but a reusable delegation set can be used with as many domains as you like.

Question 285

Report
Export
Collapse

A company is deploying a non-web application on an Elastic Load Balancing. All targets are servers located on-premises that can be accessed by using AWS Direct Connect. The company wants to ensure that the source IP addresses of clients connecting to the application are passed all the way to the end server. How can this requirement be achieved?

A.
Use a Network Load Balancer to automatically preserve the source IP address.
A.
Use a Network Load Balancer to automatically preserve the source IP address.
Answers
B.
Use a Network Load Balancer and enable the X-Forwarded-For attribute.
B.
Use a Network Load Balancer and enable the X-Forwarded-For attribute.
Answers
C.
Use a Network Load Balancer and enable the ProxyProtocol attribute.
C.
Use a Network Load Balancer and enable the ProxyProtocol attribute.
Answers
D.
Use an Application Load Balancer to automatically preserve the source IP address in the X-Forwarded-For header.
D.
Use an Application Load Balancer to automatically preserve the source IP address in the X-Forwarded-For header.
Answers
Suggested answer: D

Question 286

Report
Export
Collapse

Which statement about Elastic IP addresses is incorrect?

A.
Additional EIPs associated with one instance incur a charge.
A.
Additional EIPs associated with one instance incur a charge.
Answers
B.
Once an EIP is associated with an instance, you must manually change the hostname if you want it to match.
B.
Once an EIP is associated with an instance, you must manually change the hostname if you want it to match.
Answers
C.
Once you associate an EIP with an instance, the original public IP is released.
C.
Once you associate an EIP with an instance, the original public IP is released.
Answers
D.
Disassociated EIPs incur a charge.
D.
Disassociated EIPs incur a charge.
Answers
Suggested answer: B

Explanation:

Explanation:

The hostname automatically changes to match the new EIP.

Question 287

Report
Export
Collapse

A company has recently established an AWS Direct Connect connection from its on-premises data center to AWS. A Network Engineer has blocked all traffic destined for Amazon S3 over the company's gateway to the internet from its onpremises firewall. S3 traffic should only traverse the Direct Connect connection. Currently, no one in the on-premises data center can access Amazon S3. Which solution will resolve this connectivity issue?

A.
Configure a private virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop for traffic destined for Amazon S3.
A.
Configure a private virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop for traffic destined for Amazon S3.
Answers
B.
Establish an S3 VPC endpoint for the company's Amazon VP
B.
Establish an S3 VPC endpoint for the company's Amazon VP
Answers
C.
Configure a private virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop.
C.
Configure a private virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop.
Answers
D.
Configure a public virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop for traffic destined for Amazon S3.
D.
Configure a public virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop for traffic destined for Amazon S3.
Answers
E.
Configure a public virtual interface on the Direct Connect connection. Establish an AWS managed VPN over the connection. Update the on-premises routing tables to choose the VPN connection as the preferred next hop.
E.
Configure a public virtual interface on the Direct Connect connection. Establish an AWS managed VPN over the connection. Update the on-premises routing tables to choose the VPN connection as the preferred next hop.
Answers
Suggested answer: A

Question 288

Report
Export
Collapse

A Lambda function needs to access the private address of an Amazon ElastiCache cluster in a VPC. The Lambda function also needs to write messages to Amazon SQS. The Lambda function has been configured to run in a subnet in the VPC.

Which of the following actions meet the requirements? (Choose two.)

A.
The Lambda function needs an IAM role to access Amazon SQS
A.
The Lambda function needs an IAM role to access Amazon SQS
Answers
B.
The Lambda function must route through a NAT gateway or NAT instance in another subnet to access the public SQS API.
B.
The Lambda function must route through a NAT gateway or NAT instance in another subnet to access the public SQS API.
Answers
C.
The Lambda function must be assigned a public IP address to access the public Amazon SQS API.
C.
The Lambda function must be assigned a public IP address to access the public Amazon SQS API.
Answers
D.
The ElastiCache server outbound security group rules must be configured to permit the Lambda function's security group.
D.
The ElastiCache server outbound security group rules must be configured to permit the Lambda function's security group.
Answers
E.
The Lambda function must consume auto-assigned public IP addresses but not elastic IP addresses.
E.
The Lambda function must consume auto-assigned public IP addresses but not elastic IP addresses.
Answers
Suggested answer: A, C

Explanation:

Explanation:

References: https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/

Question 289

Report
Export
Collapse

Which of the following physical layer standards is required for connection to AWS Direct Connect over a standard 1 gigabit or 10 gigabit Ethernet fiber-optic cable?

A.
Single mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-ER for 10 gigabit Ethernet
A.
Single mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-ER for 10 gigabit Ethernet
Answers
B.
Multi mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-ER for 10 gigabit Ethernet
B.
Multi mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-ER for 10 gigabit Ethernet
Answers
C.
Single mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-LR for 10 gigabit Ethernet
C.
Single mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-LR for 10 gigabit Ethernet
Answers
D.
Multi mode fiber, 1000BASE-SX for 1 gigabit Ethernet, or 10GBASE-SR for 10 gigabit Ethernet
D.
Multi mode fiber, 1000BASE-SX for 1 gigabit Ethernet, or 10GBASE-SR for 10 gigabit Ethernet
Answers
Suggested answer: C

Explanation:

Explanation:

Connections to AWS Direct Connect require single mode fiber, 1000BASE-LX (1310nm) for 1 gigabit Ethernet, or 10GBASELR (1310nm) for 10 gigabit Ethernet. Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

Question 290

Report
Export
Collapse

A company uses a single connection to the internet when connecting its on-premises location to AWS. It has selected an AWS Partner Network (APN) Partner to provide a point-to-point circuit for its firstever 10 Gbps AWS Direct Connect connection.

What steps must be taken to order the cross-connect at the Direct Connect location?

A.
Obtain the LOA/CFA from the APN Partner when ordering connectivity. Upload it to the AWS Management Console when creating a new Direct Connect connection. AWS will ensure that the crossconnect is installed.
A.
Obtain the LOA/CFA from the APN Partner when ordering connectivity. Upload it to the AWS Management Console when creating a new Direct Connect connection. AWS will ensure that the crossconnect is installed.
Answers
B.
Obtain the LOA/CFA from the AWS Management Console when ordering the Direct Connect connection. Provide it to the APN Partner when ordering connectivity. The Direct Connect partner will ensure that the cross-connect is installed.
B.
Obtain the LOA/CFA from the AWS Management Console when ordering the Direct Connect connection. Provide it to the APN Partner when ordering connectivity. The Direct Connect partner will ensure that the cross-connect is installed.
Answers
C.
Obtain one LOA/CFA each from the AWS Management Console and the APN Partner. Provide both to the Facility Operator of the Direct Connect location. The facility operator will ensure that the crossconnect is installed.
C.
Obtain one LOA/CFA each from the AWS Management Console and the APN Partner. Provide both to the Facility Operator of the Direct Connect location. The facility operator will ensure that the crossconnect is installed.
Answers
D.
Identify the APN Partner in the AWS Management Console when creating the Direct Connect connection. Provide the resulting Connection ID to the APN Partner, who will ensure that the cross-connect is installed.
D.
Identify the APN Partner in the AWS Management Console when creating the Direct Connect connection. Provide the resulting Connection ID to the APN Partner, who will ensure that the cross-connect is installed.
Answers
Suggested answer: C
Total 414 questions
Go to page: of 42
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms