ExamGecko
Login
Home / Amazon / ANS-C00 / List of questions
Ask Question

Amazon ANS-C00 Practice Test - Questions Answers, Page 29

List of questions

Question 281

Report
Export
Collapse

For web distributions in Amazon CloudFront, your origin can be either an Amazon S3 bucket or _______ .

a DNS server
a DNS server
a proxy server
a proxy server
an FTP server
an FTP server
an HTTP server
an HTTP server
Suggested answer: D

Explanation:

Explanation:

For web distributions in Amazon CloudFront, your origin can be either an Amazon S3 bucket or an HTTP server. Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-overview.html

asked 16/09/2024
Emmanuel Aminu
35 questions

Question 282

Report
Export
Collapse

Which of these metrics cannot help detect a DDoS?

EC2 CPUUtilization
EC2 CPUUtilization
ELB SurgeQueueLength
ELB SurgeQueueLength
EMR EMRspersecond
EMR EMRspersecond
CloudFront Requests
CloudFront Requests
Suggested answer: C

Explanation:

Explanation:

EMR EMRspersecond doesn't exist.

asked 16/09/2024
daniel valdera carrasco
42 questions

Question 283

Report
Export
Collapse

A network engineer has configured a private hosted zone using Amazon Route 53. The engineer needs to configure health checks for record sets within the zone that are associated with instances. How can the engineer meet the requirements?

Configure a Route 53 health check to a private IP associated with the instances inside the VPC to be checked.
Configure a Route 53 health check to a private IP associated with the instances inside the VPC to be checked.
Configure a Route 53 health check pointing to an Amazon SNS topic that notifies an Amazon CloudWatch alarm when the Amazon EC2 StatusCheckFailed metric fails.
Configure a Route 53 health check pointing to an Amazon SNS topic that notifies an Amazon CloudWatch alarm when the Amazon EC2 StatusCheckFailed metric fails.
Create a CloudWatch metric that checks the status of the EC2 StatusCheckFailed metric, add an alarm to the metric, and then create a health check that is based on the state of the alarm.
Create a CloudWatch metric that checks the status of the EC2 StatusCheckFailed metric, add an alarm to the metric, and then create a health check that is based on the state of the alarm.
Create a CloudWatch alarm for the StatusCheckFailed metric and choose Recover this instance, selecting a threshold value of 1.
Create a CloudWatch alarm for the StatusCheckFailed metric and choose Recover this instance, selecting a threshold value of 1.
Suggested answer: A
asked 16/09/2024
Sergio Pena Ochoa
36 questions

Question 284

Report
Export
Collapse

Your company just purchased a domain using another registrar and wants to use the same nameservers as your current domain hosted with AWS. How would this be achieved?

Every domain must have different nameservers.
Every domain must have different nameservers.
In the API, create a Reusable Delegation Set.
In the API, create a Reusable Delegation Set.
Import the domain to your account and it will automatically set the same nameservers.
Import the domain to your account and it will automatically set the same nameservers.
In the console, create a Reusable Delegation Set.
In the console, create a Reusable Delegation Set.
Suggested answer: B

Explanation:

Explanation:

You can't create a reusable delegation set in the console. AWS does not provide the same nameservers to new domains, but a reusable delegation set can be used with as many domains as you like.

asked 16/09/2024
Vageesh Shanmukha
48 questions

Question 285

Report
Export
Collapse

A company is deploying a non-web application on an Elastic Load Balancing. All targets are servers located on-premises that can be accessed by using AWS Direct Connect. The company wants to ensure that the source IP addresses of clients connecting to the application are passed all the way to the end server. How can this requirement be achieved?

Use a Network Load Balancer to automatically preserve the source IP address.
Use a Network Load Balancer to automatically preserve the source IP address.
Use a Network Load Balancer and enable the X-Forwarded-For attribute.
Use a Network Load Balancer and enable the X-Forwarded-For attribute.
Use a Network Load Balancer and enable the ProxyProtocol attribute.
Use a Network Load Balancer and enable the ProxyProtocol attribute.
Use an Application Load Balancer to automatically preserve the source IP address in the X-Forwarded-For header.
Use an Application Load Balancer to automatically preserve the source IP address in the X-Forwarded-For header.
Suggested answer: D
asked 16/09/2024
xingrui li
36 questions

Question 286

Report
Export
Collapse

Which statement about Elastic IP addresses is incorrect?

Additional EIPs associated with one instance incur a charge.
Additional EIPs associated with one instance incur a charge.
Once an EIP is associated with an instance, you must manually change the hostname if you want it to match.
Once an EIP is associated with an instance, you must manually change the hostname if you want it to match.
Once you associate an EIP with an instance, the original public IP is released.
Once you associate an EIP with an instance, the original public IP is released.
Disassociated EIPs incur a charge.
Disassociated EIPs incur a charge.
Suggested answer: B

Explanation:

Explanation:

The hostname automatically changes to match the new EIP.

asked 16/09/2024
S Tharakanparampil
36 questions

Question 287

Report
Export
Collapse

A company has recently established an AWS Direct Connect connection from its on-premises data center to AWS. A Network Engineer has blocked all traffic destined for Amazon S3 over the company's gateway to the internet from its onpremises firewall. S3 traffic should only traverse the Direct Connect connection. Currently, no one in the on-premises data center can access Amazon S3. Which solution will resolve this connectivity issue?

Configure a private virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop for traffic destined for Amazon S3.
Configure a private virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop for traffic destined for Amazon S3.
Establish an S3 VPC endpoint for the company's Amazon VP
Establish an S3 VPC endpoint for the company's Amazon VP
Configure a private virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop.
Configure a private virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop.
Configure a public virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop for traffic destined for Amazon S3.
Configure a public virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop for traffic destined for Amazon S3.
Configure a public virtual interface on the Direct Connect connection. Establish an AWS managed VPN over the connection. Update the on-premises routing tables to choose the VPN connection as the preferred next hop.
Configure a public virtual interface on the Direct Connect connection. Establish an AWS managed VPN over the connection. Update the on-premises routing tables to choose the VPN connection as the preferred next hop.
Suggested answer: A
asked 16/09/2024
Kamal maru
41 questions

Question 288

Report
Export
Collapse

A Lambda function needs to access the private address of an Amazon ElastiCache cluster in a VPC. The Lambda function also needs to write messages to Amazon SQS. The Lambda function has been configured to run in a subnet in the VPC.

Which of the following actions meet the requirements? (Choose two.)

The Lambda function needs an IAM role to access Amazon SQS
The Lambda function needs an IAM role to access Amazon SQS
The Lambda function must route through a NAT gateway or NAT instance in another subnet to access the public SQS API.
The Lambda function must route through a NAT gateway or NAT instance in another subnet to access the public SQS API.
The Lambda function must be assigned a public IP address to access the public Amazon SQS API.
The Lambda function must be assigned a public IP address to access the public Amazon SQS API.
The ElastiCache server outbound security group rules must be configured to permit the Lambda function's security group.
The ElastiCache server outbound security group rules must be configured to permit the Lambda function's security group.
The Lambda function must consume auto-assigned public IP addresses but not elastic IP addresses.
The Lambda function must consume auto-assigned public IP addresses but not elastic IP addresses.
Suggested answer: A, C

Explanation:

Explanation:

References: https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/

asked 16/09/2024
Stelios Mantas
27 questions

Question 289

Report
Export
Collapse

Which of the following physical layer standards is required for connection to AWS Direct Connect over a standard 1 gigabit or 10 gigabit Ethernet fiber-optic cable?

Single mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-ER for 10 gigabit Ethernet
Single mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-ER for 10 gigabit Ethernet
Multi mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-ER for 10 gigabit Ethernet
Multi mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-ER for 10 gigabit Ethernet
Single mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-LR for 10 gigabit Ethernet
Single mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-LR for 10 gigabit Ethernet
Multi mode fiber, 1000BASE-SX for 1 gigabit Ethernet, or 10GBASE-SR for 10 gigabit Ethernet
Multi mode fiber, 1000BASE-SX for 1 gigabit Ethernet, or 10GBASE-SR for 10 gigabit Ethernet
Suggested answer: C

Explanation:

Explanation:

Connections to AWS Direct Connect require single mode fiber, 1000BASE-LX (1310nm) for 1 gigabit Ethernet, or 10GBASELR (1310nm) for 10 gigabit Ethernet. Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

asked 16/09/2024
Nicholas Stoner
41 questions

Question 290

Report
Export
Collapse

A company uses a single connection to the internet when connecting its on-premises location to AWS. It has selected an AWS Partner Network (APN) Partner to provide a point-to-point circuit for its firstever 10 Gbps AWS Direct Connect connection.

What steps must be taken to order the cross-connect at the Direct Connect location?

Obtain the LOA/CFA from the APN Partner when ordering connectivity. Upload it to the AWS Management Console when creating a new Direct Connect connection. AWS will ensure that the crossconnect is installed.
Obtain the LOA/CFA from the APN Partner when ordering connectivity. Upload it to the AWS Management Console when creating a new Direct Connect connection. AWS will ensure that the crossconnect is installed.
Obtain the LOA/CFA from the AWS Management Console when ordering the Direct Connect connection. Provide it to the APN Partner when ordering connectivity. The Direct Connect partner will ensure that the cross-connect is installed.
Obtain the LOA/CFA from the AWS Management Console when ordering the Direct Connect connection. Provide it to the APN Partner when ordering connectivity. The Direct Connect partner will ensure that the cross-connect is installed.
Obtain one LOA/CFA each from the AWS Management Console and the APN Partner. Provide both to the Facility Operator of the Direct Connect location. The facility operator will ensure that the crossconnect is installed.
Obtain one LOA/CFA each from the AWS Management Console and the APN Partner. Provide both to the Facility Operator of the Direct Connect location. The facility operator will ensure that the crossconnect is installed.
Identify the APN Partner in the AWS Management Console when creating the Direct Connect connection. Provide the resulting Connection ID to the APN Partner, who will ensure that the cross-connect is installed.
Identify the APN Partner in the AWS Management Console when creating the Direct Connect connection. Provide the resulting Connection ID to the APN Partner, who will ensure that the cross-connect is installed.
Suggested answer: C
asked 16/09/2024
Saeed Awwad
46 questions
Total 414 questions
Go to page: of 42
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Which of these modes is not a configuration mode for a WAF?
Your organization runs a popular e-commerce application deployed on AWS that uses auto scaling in conjunction with an Elastic Load balancing (ELB) service with an HTTPS listener. Your security team reports that an exploitable vulnerability has been discovered in the encryption protocol and cipher that your site uses. Which step should you take to fix this problem?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)
You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
Which service would you use to see who changed your infrastructure?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution. A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location. Which solution will meet this requirement, while minimizing downtime and costs?