Amazon ANS-C00 Practice Test - Questions Answers, Page 37
Question list
List of questions
Related questions
A company's application runs in a VPC and stores sensitive data in Amazon S3. The application's Amazon EC2 instances are located in a private subnet with a NAT gateway deployed in a public subnet to provide access to Amazon S3. The S3 bucket is located in the same AWS Region as the EC2 instances. The company wants to ensure that this bucket can be accessed only from the VPC where the application resides. Which changes should a network engineer make to the architecture to meet these requirements?
A company runs a web application on an Amazon EC2 instance. The application experiences performance issues for a short period at the same time every day. To diagnose the issue, the application vendor needs a packet capture of the web application network interface. The company's network administrator does not have SSH access to the instance. Which solution will meet these requirements?
Your company has just deployed IPv6 in a VPC. All of the instances currently use a NAT, but once they configured the instances for IPv6 only, they were unable to access the resources on the instances via IPv6. What is the best option to fix this?
The IPsec protocol suite is made up of various components covering aspects such as confidentiality, encryption, and integrity. Select the correct statement below regarding the correct configuration options for ensure IPsec confidentiality:
In AWS, which tool records API calls for a specific AWS account and also delivers the log files for that account?
A company uses AWS Direct Connect to connect its corporate network to multiple VPCs in the same AWS account and the same AWS Region. Each VPC uses its own private VIF and its own virtual LAN on the Direct Connect connection. The company has grown and will soon surpass the limit of VPCs and private VIFs for each connection. What is the MOST scalable way to add VPCs with on-premises connectivity?
A customer has set up multiple VPCs for Dev, Test, Prod, and Management. You need to set up AWS Direct Connect to enable data flow from on-premises to each VPC. The customer has monitoring software running in the Management VPC that collects metrics from the instances in all the other VPCs. Due to budget requirements, data transfer charges should be kept at minimum. Which design should be recommended?
A network engineer is managing two AWS Direct Connect connections. Each connection has a public virtual interface configured with a private ASN. The engineer wants to configure active/passive routing between the Direct Connect connections to access Amazon public endpoints. What BGP configuration is required for the on-premises equipment?
(Choose two.)
A network engineer is deploying an application on an Amazon EC2 instance. The instance is reachable within the VPC through its private IP address and from the internet using an elastic IP address.
Clients are connecting to the instance over the Internet and within the VPC, and the application needs to be identified by a single custom Fully Qualified Domain Name that is publicly resolvable -'app.example.com'. Instances within the VPC should always connect to the private IP to minimize data transfer costs. How should the engineer configure DNS to support these requirements?
Select the VPC Peering statement below that is NOT true
Question