ExamGecko
Search Search Login
Home Home / Amazon / ANS-C00

Amazon ANS-C00 Practice Test - Questions Answers, Page 32

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URLs, the instances should be able to access any Amazon S3 bucket in the same region via any URL. Which of the following solutions should you deploy? (Choose two.)
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Your website is under attack and a malicious party is stealing large amounts of data. You have default NACL rules. Stopping the attack is the ONLY priority in this case. Which two commands should you use? (Choose two.)
Which element of AWS Config can be used to help maintain internal and external compliance controls?
A bank built a new version of its banking application in AWS using containers that connect to an on-premises database over a VPN connection. This application version requires users to also update their client application. The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their onpremises version of the application to serve a small portion of the customers who haven't yet upgraded. What design will allow the company to serve both newer and earlier clients in the MOST efficient way?
A company is deploying a critical application on two Amazon EC2 instances in a VPC. Failed client connections to the EC2 instances must be logged according to company policy. What is the MOST cost-effective solution to meet these requirements?

Question 311

Report
Export
Collapse

Which of the following statements is true of AWS Elastic Beanstalk?

A.
AWS Elastic Beanstalk uses CloudWatch for monitoring and alarms, meaning CloudWatch costs are applied to your AWS account for any alarms that you use.
A.
AWS Elastic Beanstalk uses CloudWatch for monitoring and alarms, meaning CloudWatch costs are applied to your AWS account for any alarms that you use.
Answers
B.
AWS Elastic Beanstalk uses CloudWatch for monitoring and alarms, and both are free of charge.
B.
AWS Elastic Beanstalk uses CloudWatch for monitoring and alarms, and both are free of charge.
Answers
C.
AWS Elastic Beanstalk doesn't use CloudWatch for monitoring and alarms, but you pay extra for any AWS Elastic Beanstalk Alarm you set in the monitoring tool.
C.
AWS Elastic Beanstalk doesn't use CloudWatch for monitoring and alarms, but you pay extra for any AWS Elastic Beanstalk Alarm you set in the monitoring tool.
Answers
D.
AWS Elastic Beanstalk has its own free-of-charge monitoring tool, and you are not charged for the alarm you set.
D.
AWS Elastic Beanstalk has its own free-of-charge monitoring tool, and you are not charged for the alarm you set.
Answers
Suggested answer: A

Explanation:

Explanation:

AWS Elastic Beanstalk uses CloudWatch for monitoring and alarms, meaning CloudWatch costs are applied to your AWS account for any alarms that you use. Reference: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.alarms.html

Question 312

Report
Export
Collapse

A company wants to migrate a proprietary application from on premises to the AWS Cloud. The application implements segregation of different types of network traffic.

The application uses services that listen to multiple ports on two different IP addresses. One IP address is used for customer-facing traffic, and the other IP address is used for management traffic. The application requires the IP addresses to belong to different subnets.

How can the company deploy the application with the LEAST management overhead?

A.
Deploy the application to Amazon Elastic Container Service (Amazon ECS). Configure two elastic network interfaces in the task definition.
A.
Deploy the application to Amazon Elastic Container Service (Amazon ECS). Configure two elastic network interfaces in the task definition.
Answers
B.
Deploy the application to Amazon Elastic Container Service (Amazon ECS). Create an AWS Lambda function to attach a second elastic network interface. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the function.
B.
Deploy the application to Amazon Elastic Container Service (Amazon ECS). Create an AWS Lambda function to attach a second elastic network interface. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the function.
Answers
C.
Deploy the application to an Amazon EC2 instances that has a secondary elastic network interface attached. Select different subnets for each network interface.
C.
Deploy the application to an Amazon EC2 instances that has a secondary elastic network interface attached. Select different subnets for each network interface.
Answers
D.
Deploy the application to Amazon Elastic Container Service (Amazon ECS). Create an AWS Lambda function to attach a second elastic network interface. Use an AWS Step Functions workflow to invoke the function.
D.
Deploy the application to Amazon Elastic Container Service (Amazon ECS). Create an AWS Lambda function to attach a second elastic network interface. Use an AWS Step Functions workflow to invoke the function.
Answers
Suggested answer: C

Explanation:

Explanation:

Reference: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/best-practices-for-configuring-networkinterfaces.html

Question 313

Report
Export
Collapse

You have two VPCs that you need to connect to an on-premises datacenter using VPNs. When you create the tunnels, you find that both tunnels use the same addresses. What two things can you do to overcome this? (Choose two.)

A.
Delete the VPN, create a "dummy VPN", recreate the VPN, then delete the "dummy" VPN.
A.
Delete the VPN, create a "dummy VPN", recreate the VPN, then delete the "dummy" VPN.
Answers
B.
Delete your AWS account and create a new one since the VPN tunnel addresses are created from a hash of your account number and a proprietary algorithm.
B.
Delete your AWS account and create a new one since the VPN tunnel addresses are created from a hash of your account number and a proprietary algorithm.
Answers
C.
Create a VHF within you router for each network.
C.
Create a VHF within you router for each network.
Answers
D.
Create a VRF within your router for each network.
D.
Create a VRF within your router for each network.
Answers
Suggested answer: A, D

Question 314

Report
Export
Collapse

A company wants to conduct a proof of concept for an SAP HANA application with a key objective to automate the provisioning of infrastructure and the application. The company operates a hybrid cloud infrastructure with AWS Direct Connect between its data center and VPC. Security policy dictates that all traffic from AWS be routed through on-premises data center firewalls. Security policy also prohibits the use of a VPC internet gateway for internet access. The company enforces use of a forward proxy server for all outbound network traffic. All resources inside the VPC are able to reach onpremises servers.

All Amazon EC2 Linux instances require package updates over the internet. However, the updates are falling and sending errors. What would cause these errors?

A.
Inbound security groups are configured incorrectly on the EC2 instances running in the VPC.
A.
Inbound security groups are configured incorrectly on the EC2 instances running in the VPC.
Answers
B.
The VPC route table does not have entries for the proxy server in the data center.
B.
The VPC route table does not have entries for the proxy server in the data center.
Answers
C.
The EC2 instances are not configured to use the proxy running in the data center for traffic on TCP port 80.
C.
The EC2 instances are not configured to use the proxy running in the data center for traffic on TCP port 80.
Answers
D.
The data center firewall is blocking all traffic sent from the VPC CIDR range destined for 0.0.0.0/0.
D.
The data center firewall is blocking all traffic sent from the VPC CIDR range destined for 0.0.0.0/0.
Answers
Suggested answer: C

Explanation:

Explanation:

Reference: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-troubleshoot-yum-errors-al1-al2/

Question 315

Report
Export
Collapse

A company with several VPCs in the us-east-1 Region wants to reduce the cost of its workloads. A network engineer has identified that all traffic bound to Amazon services is flowing through a NAT gateway. Additionally, all the VPCs are peered to a hub VPC for access to common services.

What should the network engineer do to reduce data transfer costs to Amazon Simple Queue Service (Amazon SQS)?

A.
Disable the private DNS name for the SQS endpoint. Create an Amazon Route 53 private hosted zone for the domain useast- 1.sqs.amazonaws.com. Create a CNAME record to the DNS name of the SQS endpoint. Share the privatehosted zone with all other VPCs.
A.
Disable the private DNS name for the SQS endpoint. Create an Amazon Route 53 private hosted zone for the domain useast- 1.sqs.amazonaws.com. Create a CNAME record to the DNS name of the SQS endpoint. Share the privatehosted zone with all other VPCs.
Answers
B.
Disable the private DNS name for the SQS endpoint. Create an Amazon Route 53 private hosted zone for the domain sqs.us-east-1.amazonaws.com. Create an alias record to the DNS name of the SQS endpoint. Share the privatehosted zone with all other VPCs.
B.
Disable the private DNS name for the SQS endpoint. Create an Amazon Route 53 private hosted zone for the domain sqs.us-east-1.amazonaws.com. Create an alias record to the DNS name of the SQS endpoint. Share the privatehosted zone with all other VPCs.
Answers
C.
Enable the private DNS name for the SQS endpoint. Create an Amazon Route 53 private hosted zone for the domain sqs.us-east-1.amazonaws.com. Create a CNAME record to the DNS name of the SQS endpoint. Share the privatehosted zone with all other VPCs.
C.
Enable the private DNS name for the SQS endpoint. Create an Amazon Route 53 private hosted zone for the domain sqs.us-east-1.amazonaws.com. Create a CNAME record to the DNS name of the SQS endpoint. Share the privatehosted zone with all other VPCs.
Answers
D.
Enable the private DNS name for the SQS endpoint. Create an Amazon Route 53 private hosted zone for the domain useast- 1.sqs.amazonaws.com. Create an alias record to the DNS name of the SQS endpoint. Share the private hosted zone with all other VPCs.
D.
Enable the private DNS name for the SQS endpoint. Create an Amazon Route 53 private hosted zone for the domain useast- 1.sqs.amazonaws.com. Create an alias record to the DNS name of the SQS endpoint. Share the private hosted zone with all other VPCs.
Answers
Suggested answer: A

Question 316

Report
Export
Collapse

To allow all traffic to access an instance in "Subnet 1" that uses "Security Group 1", what two options need to be configured?

(Choose two.)

A.
NACL rule allowing 0.0.0.0/0 to access "Subnet 1"
A.
NACL rule allowing 0.0.0.0/0 to access "Subnet 1"
Answers
B.
Security Group rule in "Security Group 1" that allows 0.0.0.0/0 inbound
B.
Security Group rule in "Security Group 1" that allows 0.0.0.0/0 inbound
Answers
C.
Security Group rule in "Security Group 1" that allows outbound traffic to 0.0.0.0/0
C.
Security Group rule in "Security Group 1" that allows outbound traffic to 0.0.0.0/0
Answers
D.
NACL rule allowing 0.0.0.0/0 to access "Security Group 1"
D.
NACL rule allowing 0.0.0.0/0 to access "Security Group 1"
Answers
Suggested answer: A, B

Explanation:

Explanation:

You must allow traffic through the NACL and through the Security Group to access the instance. If there is not an Outbound allow setup in the NACL, you may need to set that, but an outbound rule for Security Group 1 is not necessary as security groups are stateful.

Question 317

Report
Export
Collapse

You need to create a subnet in a VPC that supports 1000 hosts. You need to be as accurate as possible since you run a very large company. What CIDR should you use?

A.
/16
A.
/16
Answers
B.
/24
B.
/24
Answers
C.
/7
C.
/7
Answers
D.
/22
D.
/22
Answers
Suggested answer: D

Explanation:

Explanation:

/22 supports 1019 hosts since AWS reserves 5 addresses.

Question 318

Report
Export
Collapse

Your on-premises network has an IP address range of 11.11.0.0/16. Only IPs within this network range can be used for interserver communication. The IP address range 11.11.253.0/24 has been allocated for the cloud.

You need to design a VPC in AWS. The servers within the VPC should be able to communicate with hosts both on the Internet and on-premises through a VPN connection. What combination of configuration steps meets your needs?

(Choose two)

A.
Set up the VPC with an IP address range of 11.11.253.0/24.
A.
Set up the VPC with an IP address range of 11.11.253.0/24.
Answers
B.
Set up the VPC with an RFC 1918 private IP address range (e.g., 10.10.10.0/24), and set up a NAT gateway to do translation between 10.10.10.0/24 and 11.11.253.0/24 for all outbound traffic.
B.
Set up the VPC with an RFC 1918 private IP address range (e.g., 10.10.10.0/24), and set up a NAT gateway to do translation between 10.10.10.0/24 and 11.11.253.0/24 for all outbound traffic.
Answers
C.
Set up a VPN connection between a VGW and an on-premises router, set the VGW as the default gateway for all traffic, and configure the on-premises router to forward traffic to the Internet.
C.
Set up a VPN connection between a VGW and an on-premises router, set the VGW as the default gateway for all traffic, and configure the on-premises router to forward traffic to the Internet.
Answers
D.
Set up a VPN connection between a VGW and an on-premises router, set the VGW as the default gateway for traffic destined to 11.11.0.0/24, and add a VPC subnet route to point the default gateway to an Internet gateway for Internettraffic.
D.
Set up a VPN connection between a VGW and an on-premises router, set the VGW as the default gateway for traffic destined to 11.11.0.0/24, and add a VPC subnet route to point the default gateway to an Internet gateway for Internettraffic.
Answers
E.
Set up the VPC with an RFC 1918 private IP address range (e.g., 10.10.10.0/24), and set the VGW to do a source IP translation of all outbound packets to 11.11.0.0/16.
E.
Set up the VPC with an RFC 1918 private IP address range (e.g., 10.10.10.0/24), and set the VGW to do a source IP translation of all outbound packets to 11.11.0.0/16.
Answers
Suggested answer: A, C

Explanation:

Explanation:

The VPC needs to use a CIDR block in the assigned range (and be non-overlapping with the data center). All traffic not destined for the VPC is routed to the VGW (that route is assumed) and must then be forwarded to the Internet when it arrives on-premises. B and E are wrong because they are not in the assigned range (you can use non-RFC 1918 addresses in a VPC). D is wrong because it directs traffic to the Internet through the Internet gateway.

Question 319

Report
Export
Collapse

Your company uses an NTP server to synchronize time across systems. The company runs multiple versions of Linux and Windows systems. You discover that the NTP server has failed, and you need to add an alternate NTP server to your instances.

Where should you apply the NTP server update to propagate information without rebooting your running instances?

A.
DHCP Options Set
A.
DHCP Options Set
Answers
B.
instance user-data
B.
instance user-data
Answers
C.
cfn-init scripts
C.
cfn-init scripts
Answers
D.
instance meta-data
D.
instance meta-data
Answers
Suggested answer: C

Question 320

Report
Export
Collapse

In Amazon CloudFront, which of the following is true of Smooth Streaming?

A.
It is a Microsoft format for streaming of media files.
A.
It is a Microsoft format for streaming of media files.
Answers
B.
It is a CloudFront format for streaming of media files in RTMP distribution.
B.
It is a CloudFront format for streaming of media files in RTMP distribution.
Answers
C.
It is the Adobe format for streaming of media files.
C.
It is the Adobe format for streaming of media files.
Answers
D.
It is a CloudFront format for streaming of media files in web distribution.
D.
It is a CloudFront format for streaming of media files in web distribution.
Answers
Suggested answer: A

Explanation:

Explanation:

In the context of Amazon CloudFront, you can use CloudFront for on-demand streaming of media files that you've transcoded into the Microsoft Smooth Streaming format. To distribute Smooth Streaming content on demand, you have two options: As the origin for your distribution, specify a web server that can stream files that have been transcoded into Microsoft Smooth Streaming format. Enable Smooth Streaming in a CloudFront distribution. Smooth Streaming is a property of cache behaviors, which means that you can use one distribution to distribute Smooth Streaming media files as well as other content. Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/on-demand-streaming-smooth.html

Total 414 questions
Go to page: of 42
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms