Amazon ANS-C00 Practice Test - Questions Answers, Page 34

Your company is working on a transition from IPv4 to IPv6 but is concerned about the security of having public IPv6 addresses attached to instances in a public network. They currently use a NAT to allow outbound traffic for instances.

Outbound traffic is required for updates. What are two options to alleviate your company's concerns? (Choose two.)

A Network Engineer has enabled VPC Flow Logs to troubleshoot an ICMP reachability issue for an echo reply from an Amazon EC2 instance. The flow logs reveal an ACCEPT record for the request from the client to the EC2 instance, and a REJECT record for the response from the EC2 instance to the client. What is the MOST likely reason for there to be a REJECT record?

DNS name resolution must be provided for services in the following four zones: company.private. emea.company.private. apac.company.private. amer.company.private.

The contents of these zones is not considered sensitive, however, the zones only need to be used by services hosted in these VPCs, one per geographic region. Each VPC should resolve the names in all zones. How can you use Amazon route 53 to meet these requirements?

A publishing company recently merged with an ecommerce company. Each company uses a VPC to run compute resources.

The two VPCs have overlapping CIDR ranges. The publishing company needs to access an internal application that runs on Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones in the ecommerce company VPC.

Which set of actions will provide the needed interconnectivity between the VPCs?

Your company has two DX locations. You need to configure one link as passive. What should you configure in your router to set that link as the passive link.

You have a website hosted on EC2 that is not serving web pages. You have ensured that the server is running and the site is configured properly. What could be the problem?

A Network Engineer is troubleshooting a network connectivity issue for an instance within a public subnet that cannot connect to the internet. The first step the Engineer takes is to SSH to the instance via a local bastion within the VPC and runs an ifconfig command to inspect the IP addresses configured on the instance. The output is as follows:

The Engineer notices that the command output does not contain a public IP address. In the AWS Management Console, the public subnet has a route to the internet gateway. The instance also has a public IP address associated with it.

What should the Engineer do next to troubleshoot this situation?

An AWS CloudFormation template is being used to create a VPC peering connection between two existing operational VPCs, each belonging to a different AWS account. All necessary components in the Remote (receiving) account are already in place.

The template below creates the VPC peering connection in the Originating account. It contains these components:

Which additional AWS CloudFormation components are necessary in the Originating account to create an operational crossaccount VPC peering connection with AWS CloudFormation? (Choose two.)

A company has applications running in a single AWS Region and its on-premises data center in a hybrid mode. The company has a 1 Gbps AWS Direct Connect connection from the data center to AWS that is 65% utilized. The company has an AWS Enterprise Support plan.

The company is planning to deploy a new critical application on AWS that will connect with existing applications running in the data center. The application SLA requires a minimum of 99.9% network uptime between the data center and

AWS.

What is the MOST cost-effective way to meet this SLA requirement?