Amazon ANS-C00 Practice Test - Questions Answers, Page 31
List of questions
Question 301
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
An organization is deploying an application in a VPC that requires SSL mutual authentication with a client-side certificate, as that is the primary method of identifying clients. The Network Engineer has been tasked with defining the mechanism used within AWS to provide the SSL mutual authentication. Which of the following options meets the organization's requirements?
Explanation:
Explanation:
Reference: https://aws.amazon.com/about-aws/whats-new/2017/10/elastic-load-balancing-application-load-balancers-nowsupport-multiple-ssl-certificates-and-smart-certificate-selection-using-servername-indication-sni/
Question 302
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
An AWS CloudTrail log file provides the identity and source IP address of the API caller, and a time of the API call, request parameters, and ____.
Explanation:
Explanation:
An AWS CloudTrail log file provide the following details.
Identity of the API caller
Time of the API call
Source IP address of the API caller
Request parameters
Response elements
Reference: https://aws.amazon.com/cloudtrail/
Question 303
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A network architect is designing a website. It has web, application, and database tiers that will run in AWS. The website uses Amazon DynamoDB. Which architecture will minimize public exposure of the backend instances?
Question 304
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Which service would you use to see who changed your infrastructure?
Question 305
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Your company has installed an AWS Direct Connect connection in an ap-southeast-1 Direct Connect location. A public virtual interface is configured through a router to a dedicated firewall. You advertise your company's public /24 CIDR block to AWS with AS 65500. The company maintains a separate, corporate Internet firewall to map all outbound traffic to a single IP.
This firewall maintains a BGP relationship with an upstream Internet provider that has delegated the public IP block your company uses. When the BGP session for the public virtual interface is up, corporate network users cannot access Amazon S3 resources in the ap-southeast-1 region.
Which step should you take to provide concurrent AWS and Internet access?
Explanation:
Explanation:
When outgoing traffic is routed via the corporate firewall, its return path is via the Direct Connect public virtual interface and therefore through the dedicated firewall. This dedicated firewall does not track the original NAT session and subsequently drops the traffic. Answer A is incorrect because AWS will always prefer Direct Connect over Internet routing. Answer B is incorrect because return traffic is still processed by the dedicated firewall. Answer C is incorrect because it does not change the traffic flow.
Question 306
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Which of the following is true when you don't configure Amazon CloudFront to forward cookies to your origin?
Explanation:
Explanation:
If you don't configure CloudFront to forward cookies to your origin, CloudFront removes the Cookie header from requests that it forwards to your origin and removes the Set-Cookie header from responses that it returns to your clients.
Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html
Question 307
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
To connect to public AWS products such as Amazon EC2 and Amazon S3 through the AWS Direct Link, which step is NOT required?
Explanation:
Explanation:
To connect to public AWS products such as Amazon EC2 and Amazon S3 through the AWS Direct Connect, you need to provide the following:
A public Autonomous System Number (ASN) that you own (preferred) or a private ASN. Public IP addresses (/30) (that is, one for each end of the BGP session) for each BGP session. The public routes that you will advertise over BGP.
Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html
Question 308
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Your company currently has a LAG to AWS with two 1Gbps connections. What is the best way to increase throughput on this LAG?
Explanation:
Explanation:
Add two 1Gbps connections to the LAG. DX does not support jumbo frames, a LAG only supports 4 connections, and adding a 10Gbps connection will be limited to the lowest speed of 1Gbps.
Question 309
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Your company needs to directly update an S3 bucket that serves as a CloudFront origin with the most reliability possible.
Your company also has a set of private EC2 servers that it needs to access with the same reliability. Which combination will provide the best solution?
Explanation:
Explanation:
The Public VIF will allow access to the S3 bucket, and the Private VIF will allow access to the EC2 instances.
Question 310
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You have several VPCs that are peered. Each VPC has several routes to different subnets. Over the years, your company has acquired many companies. You find that traffic destined for one VPC ends up going to another. What is the best way to remedy this?
Question