ExamGecko
Login
Home / Amazon / ANS-C00 / List of questions
Ask Question

Amazon ANS-C00 Practice Test - Questions Answers, Page 30

List of questions

Question 291

Report
Export
Collapse

Your company has a high-availability hybrid solution that utilizes a two Direct Connect connections and a backup VPN connection. For some reason, traffic is preferring the VPN connection instead of the direct connection. You have prepended a longer AS_PATH on the VPN connection, but AWS still prefers it over the Direct Connect connections.

What might you be able to do to fix this issue?

Advertise a less specific prefix on the VPN.
Advertise a less specific prefix on the VPN.
Remove the prepended AS_PATH.
Remove the prepended AS_PATH.
Reconfigure the VPN as a static VPN instead of dynamic.
Reconfigure the VPN as a static VPN instead of dynamic.
Increase the MED on the VPN.
Increase the MED on the VPN.
Suggested answer: A

Explanation:

Explanation:

The only reason a VPN would be preferred over Direct Connect is if it has a more specific prefix. This was not discussed in the question but is assumed since it is the only criteria in the path selection process that supersedes Direct Connect.

asked 16/09/2024
Alexis Chacon
31 questions

Question 292

Report
Export
Collapse

You have set up an S3 endpoint, and you want to restrict some instances from being able to access it. These instances are all in the same subnet, so you cannot simply remove the prefix list from the route table.

What two approaches can you take to solve this? (Choose two.)

Remove any access to the PL in the security group attached to the instances.
Remove any access to the PL in the security group attached to the instances.
Add A rule in the NACL to block the prefix list ID outbound.
Add A rule in the NACL to block the prefix list ID outbound.
This is not possible.
This is not possible.
Modify the endpoint policy.
Modify the endpoint policy.
Suggested answer: A, D

Explanation:

Explanation:

You cannot add a prefix list ID to a NACL.

asked 16/09/2024
Raja Tarazi
39 questions

Question 293

Report
Export
Collapse

You have 99 routes in your dynamic BGP propagated route table and you wish to add 2 more: 10.1.0.0 and 10.3.0.0. You cannot modify or remove routes that have already been announced. What should you do?

Summarize the two routes to combine them into one and advertise it.
Summarize the two routes to combine them into one and advertise it.
Just advertise them, the 100 route limit is a "soft limit" and will be expanded automatically.
Just advertise them, the 100 route limit is a "soft limit" and will be expanded automatically.
You cannot add these routes.
You cannot add these routes.
Call AWS support to increase your route limit.
Call AWS support to increase your route limit.
Suggested answer: A

Explanation:

Explanation:

You cannot add these routes. If you try to summarize them, that would create a 10.0.0.0/14, which is too low of a CIDR to advertise to AWS. AWS has a minimum of /16. You cannot have the 100 route limit modified in any way. It is a hard 100 route limit.

asked 16/09/2024
Francisco Jesús Cano Hinarejos
53 questions

Question 294

Report
Export
Collapse

A company needs to allow its remote users to access company resources in the AWS Cloud. The company has two VPCs that are connected through VPC peering. The remote users must be able to access resources in both VPCs by using secure connections from their laptop computers. The company does not want to implement an access management solution that requires additional costs or effort. Which solution meets these requirements?

Deploy an AWS Client VPN endpoint in one VPC, associate a subnet, and define a target network. Add a rule to authorize client access to the target VPC, and add a rule to authorize client access to the peered VP
Deploy an AWS Client VPN endpoint in one VPC, associate a subnet, and define a target network. Add a rule to authorize client access to the target VPC, and add a rule to authorize client access to the peered VP
Update resourcesecurity groups in both VPCs to allow traffic from the security group for the subnet association. Instruct the users to sign in to the AWS Management Console and navigate to Client VPN to connect to the Client VPN endpoint.
Update resourcesecurity groups in both VPCs to allow traffic from the security group for the subnet association. Instruct the users to sign in to the AWS Management Console and navigate to Client VPN to connect to the Client VPN endpoint.
Deploy an AWS Client VPN endpoint in both VPCs, associate subnets, and define a target network. Add a rule to authorize client access to each target VP
Deploy an AWS Client VPN endpoint in both VPCs, associate subnets, and define a target network. Add a rule to authorize client access to each target VP
Update resource security groups in both VPCs to allow traffic from the securitygroups of each VPC for the subnet associations. Securely send the users the configuration options, and instruct the users to install Client VPN on their laptops. Instruct the users to connect to both Client VPN endpoints at the same time to gain access to the resources.
Update resource security groups in both VPCs to allow traffic from the securitygroups of each VPC for the subnet associations. Securely send the users the configuration options, and instruct the users to install Client VPN on their laptops. Instruct the users to connect to both Client VPN endpoints at the same time to gain access to the resources.
Deploy a Network Load Balancer in front of the company resources. Set up security groups that contain the IP addresses of each of the user laptops. Instruct the users to connect to the application securely over TCP.
Deploy a Network Load Balancer in front of the company resources. Set up security groups that contain the IP addresses of each of the user laptops. Instruct the users to connect to the application securely over TCP.
Deploy an AWS Client VPN endpoint in one VPC, associate a subnet, and define a target network. Add a rule to authorize client access to the target VPC, and add a rule to authorize client access to the peered VPC. Update resourcesecurity groups in both VPCs to allow traffic from the security group for the subnet association. Securely send the users the configuration options, and instruct the users to install Client VPN on their laptops. Instruct the users to connect to the Client VPN endpoint to gain access to the resources.
Deploy an AWS Client VPN endpoint in one VPC, associate a subnet, and define a target network. Add a rule to authorize client access to the target VPC, and add a rule to authorize client access to the peered VPC. Update resourcesecurity groups in both VPCs to allow traffic from the security group for the subnet association. Securely send the users the configuration options, and instruct the users to install Client VPN on their laptops. Instruct the users to connect to the Client VPN endpoint to gain access to the resources.
Suggested answer: B
asked 16/09/2024
AN KANGWOOK
46 questions

Question 295

Report
Export
Collapse

What is the name of the label applied to packets to allow routers to know where to forward in an MPLS network?

BFD
BFD
BGP
BGP
FEC
FEC
ABC
ABC
Suggested answer: C

Explanation:

Explanation:

Forward Equivalency Class is how routers know where to send packets.

asked 16/09/2024
Paramdeep Saini
39 questions

Question 296

Report
Export
Collapse

What number does the binary number 10101000 correspond to?

168
168
128 C. 192
128 C. 192
160
160
Suggested answer: A

Explanation:

Explanation:

128 + 0 + 32 + 0 + 8 + 0 + 0 + 0 = 168

asked 16/09/2024
Igor van der Burgh
38 questions

Question 297

Report
Export
Collapse

Which other AWS service is used to track `Related Events' within the Configuration Item?

AWS WAF
AWS WAF
SQS
SQS
AWS CloudTrail
AWS CloudTrail
S3
S3
Suggested answer: C

Explanation:

Explanation:

`Related Events' displays the AWS CloudTrail event ID that is related to the change that triggered the creation of the CI.

There is a new CI made for every change made against a resource. As a result a different CloudTrail event IDs will be created. This allows you you to deep-dive into who or what and when made the change that triggered this CI. A great feature allowing for some great analysis to be taken, specifically when this affects security resources.

Reference: http://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#config-item-table

asked 16/09/2024
Diego Beltran
39 questions

Question 298

Report
Export
Collapse

With respect to Amazon CloudFront, which one of the following statements is correct?

For HTTPS web distributions, you cannot forward cookies to your origin.
For HTTPS web distributions, you cannot forward cookies to your origin.
For both HTTP and HTTPS web distributions, you can choose to forward cookies to your origin.
For both HTTP and HTTPS web distributions, you can choose to forward cookies to your origin.
For HTTP web distributions, you cannot forward cookies to your origin.
For HTTP web distributions, you cannot forward cookies to your origin.
For Real Time Messaging Protocol (RTMP) distributions, you can configure CloudFront to process cookies.
For Real Time Messaging Protocol (RTMP) distributions, you can configure CloudFront to process cookies.
Suggested answer: B

Explanation:

Explanation:

With respect to Amazon CloudFront, for HTTP and HTTPS web distributions, you can choose whether you want CloudFrontto forward cookies to your origin. For RTMP distributions, you cannot configure CloudFront to process cookies.

Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html

asked 16/09/2024
ACHILLE CARROLL
43 questions

Question 299

Report
Export
Collapse

You have multiple Amazon Elastic Compute Cloud (EC2) instances running a web server in a VPC configured with security groups and NACL. You need to ensure layer 7 protocol level logging of all network traffic (ACCEPT/REJECT) on the instances. What should be enabled to complete this task?

CloudWatch Logs at the VPC level
CloudWatch Logs at the VPC level
Packet sniffing at the instance level
Packet sniffing at the instance level
VPC flow logs at the subnet level
VPC flow logs at the subnet level
Packet sniffing at the VPC level
Packet sniffing at the VPC level
Suggested answer: A
asked 16/09/2024
Syed Hasan Rizvi
29 questions

Question 300

Report
Export
Collapse

A company's network engineering team is solely responsible for deploying VPC infrastructure using AWS CloudFormation.

The company wants to give its developers the ability to launch applications using CloudFormation templates so that subnets can be created using available CIDR ranges. What should be done to meet these requirements?

Create a CloudFormation template with Amazon EC2 resources that rely on cfn-init and cfn-signals to inform the stack of available CIDR ranges.
Create a CloudFormation template with Amazon EC2 resources that rely on cfn-init and cfn-signals to inform the stack of available CIDR ranges.
Create a CloudFormation template with a custom resource that analyzes traffic activity in VPC Flow Logs and reports on available CIDR ranges.
Create a CloudFormation template with a custom resource that analyzes traffic activity in VPC Flow Logs and reports on available CIDR ranges.
Create a CloudFormation template that references the Fn::Cidr intrinsic function within a subnet resource to select an available CIDR range.
Create a CloudFormation template that references the Fn::Cidr intrinsic function within a subnet resource to select an available CIDR range.
Create a CloudFormation template with a custom resource that uses AWS Lambda and Amazon DynamoDB to manage available CIDR ranges.
Create a CloudFormation template with a custom resource that uses AWS Lambda and Amazon DynamoDB to manage available CIDR ranges.
Suggested answer: C
asked 16/09/2024
Lizbeth Perea Joseph
34 questions
Total 414 questions
Go to page: of 42
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Which of these modes is not a configuration mode for a WAF?
Your organization runs a popular e-commerce application deployed on AWS that uses auto scaling in conjunction with an Elastic Load balancing (ELB) service with an HTTPS listener. Your security team reports that an exploitable vulnerability has been discovered in the encryption protocol and cipher that your site uses. Which step should you take to fix this problem?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)
You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
Which service would you use to see who changed your infrastructure?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution. A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location. Which solution will meet this requirement, while minimizing downtime and costs?