Home / Amazon / ANS-C00

Amazon ANS-C00 Practice Test - Questions Answers, Page 38

Question list

List of questions

Question 371

(0)

A company wants to migrate its workloads to the AWS Cloud. The company has two web applications and wants to run them in separate, isolated VPCs. The company needs to use Elastic Load Balancing to d

Question 372

(0)

An organization will be extending its existing on-premises infrastructure into the cloud. The design consists of a transit VPC that contains stateful firewalls that will be deployed in a highly avai

Question 373

(0)

You have just deployed a website that utilizes CloudFront, ELB, and S3 to serve content. When users access your site, they are seeing broken image links. You know you configured CloudFront to use cd

Question 374

(0)

You have many IAM users with the ability to create EC2 volumes. Most of the data your team works with is sensitive, so you would like to make sure all volumes are encrypted. How might you facilitate

Question 375

(0)

A company has a service that runs on TCP port 443 in VPC A within AWS account A network engineer is using AWS PrivateLink for the configuration. Which set of procedures should the network engineer f

Question 376

(0)

Non-compliant resources identified through the use of AWS Config Rules are automatically removed from operational service.

Question 377

(0)

Your company wishes to improve the performance of its EC2 instances. They require low latency and high throughput. They are currently deployed on T2.medium. It is imperative that you experience as l

Question 378

(0)

When an AWS Config rule is triggered a JSON object known as an AWS Config Event is created. This object contains another JSON string in its ____ parameter, which describes the event that triggered t

Question 379

(0)

Which of these modes is not a configuration mode for a WAF?

Question 380

(0)

Your company is connecting one data center with one router to several VPCs and needs to access them transitively. What should you do?

Related questions

You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?

An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?

A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?

You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?

You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URLs, the instances should be able to access any Amazon S3 bucket in the same region via any URL. Which of the following solutions should you deploy? (Choose two.)

In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.

Your website is under attack and a malicious party is stealing large amounts of data. You have default NACL rules. Stopping the attack is the ONLY priority in this case. Which two commands should you use? (Choose two.)

Which element of AWS Config can be used to help maintain internal and external compliance controls?

A bank built a new version of its banking application in AWS using containers that connect to an on-premises database over a VPN connection. This application version requires users to also update their client application. The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their onpremises version of the application to serve a small portion of the customers who haven't yet upgraded. What design will allow the company to serve both newer and earlier clients in the MOST efficient way?

A company is deploying a critical application on two Amazon EC2 instances in a VPC. Failed client connections to the EC2 instances must be logged according to company policy. What is the MOST cost-effective solution to meet these requirements?

Question 371

A company wants to migrate its workloads to the AWS Cloud. The company has two web applications and wants to run them in separate, isolated VPCs. The company needs to use Elastic Load Balancing to distribute requests between application instances.

For security reasons, internet gateways must not be attached to the application VPCs. Inbound HTTP requests to theapplication must be routed through a centralized VPC, and the application VPCs must not be exposed to any other inboundtraffic. The application VPCs cannot be allowed to initiate any outbound connections. What should a network engineer do to meet these requirements?

Run the applications behind private Application Load Balancers (ALBs) in separate VPCs. Create a public Network Load Balancer (NLB) in the centralized VPC. Create target groups for the private DNS names of the ALBs. Configurehost-based routing to route application traffic to the corresponding target group through the NLB.

Run the applications behind private Application Load Balancers (ALBs) in separate VPCs. Create a public Network Load Balancer (NLB) in the centralized VPC. Create target groups for the private IP addresses of the ALBs. Configurehost-based routing to route application traffic to the corresponding target group through the NLB.

Run the applications behind private Network Load Balancers (NLBs) in separate VPCs. Create VPC peering connections between the application VPCs and the centralized VPCreate a public Application Load Balancer (ALB) in thecentralized VPCreate target groups for the private DNS names of the NLBs. Configure host-based routing to route application traffic between individual applications though the ALB.

Run the applications behind private Network Load Balancers (NLBs) in separate VPCs. Configure each NLB as an AWS PrivateLink endpoint service with associated VPC endpoints in the centralized VPC. Create target groups thatinclude the private IP addresses of each endpoint. Create a public Application Load Balancer (ALB) in the centralized VPC. Configure host-based routing to route application traffic to the corresponding target group through the ALB.

Show Answer Comment (0)

Question 372

An organization will be extending its existing on-premises infrastructure into the cloud. The design consists of a transit VPC that contains stateful firewalls that will be deployed in a highly available configuration across two Availability Zones for automatic failover.

What MUST be configured for this design to work? (Choose two.)

A different Autonomous System Number (ASN) for each firewall

Border Gateway Protocol (BGP) routing

Autonomous system (AS) path prepending

Static routing

Equal-cost multi-path routing (ECMP)

Show Answer Comment (0)

Question 373

You have just deployed a website that utilizes CloudFront, ELB, and S3 to serve content. When users access your site, they are seeing broken image links. You know you configured CloudFront to use cdn.yourdomain.com. What is the most likely reason why your users not seeing the images?

There is no rule in your bucket policy allowing public access.

The images in S3 are saved as .png instead of .jpg.

There is no record in Route 53 pointing cdn.yourdomain.com to the ALIAS.

The users are using Internet Explorer.

Show Answer Comment (0)

Question 374

You have many IAM users with the ability to create EC2 volumes. Most of the data your team works with is sensitive, so you would like to make sure all volumes are encrypted. How might you facilitate this requirement?

Create an AWS KMS policy and attach it to all IAM users that can create EC2 volumes.

Use AWS Config and create a rule that requires all volumes, upon creation, be encrypted.

Use AWS Config to send out reminders to IAM users every time they create an EC2 volume.

Set EC2 to notify creators to encrypt their EC2 volumes.

Show Answer Comment (0)

Question 375

A company has a service that runs on TCP port 443 in VPC A within AWS account A network engineer is using AWS PrivateLink for the configuration. Which set of procedures should the network engineer follow to meet these requirements?

The company wants to expose the service to Amazon EC2 instances in VPC B within AWS account B. The service must not be made public, and all other services in VPC A must not be accessible from VPC In VPC A, create an Application Load Balancer (ALB) that has an HTTPS listener. Create an endpoint service in VPC A that points to the ALB. Add the principal ARN of account B to the service endpoints allow list.In VPC B, create an interface endpoint that points to the service identifier of the endpoint service in AWS account A.

In VPC A, create a Network Load Balancer (NLB) that has a TCP listener. Create an endpoint service in VPC A that points to the NLAdd the principal ARN of account B to the service endpoints allow list. In VPC B, create an interfaceendpoint that points to the service identifier of the endpoint service in AWS account A.

In VPC A, create a Network Load Balancer (NLB) that has a TCP listener. Create an endpoint service in VPC A that points to the NLB. Add the principal ARN of account B to the service endpoints allow list. In VPC B, create a gatewayendpoint that points to the service identifier of the endpoint service in AWS account A.

In VPC A, create an Application Load Balancer (ALB) that has a TCP listener. Create an endpoint service in VPC A that points to the ALB. Add the principal ARN of account B to the service endpoints allow list. In VPC B, create aGateway Load Balancer endpoint that points to the service identifier of the endpoint service in AWS account A.

Show Answer Comment (0)

Question 376

Non-compliant resources identified through the use of AWS Config Rules are automatically removed from operational service.

It depends on the Rule configuration

Only if it remains non-compliant for more than 6 hours

True

False

Show Answer Comment (0)

Question 377

Your company wishes to improve the performance of its EC2 instances. They require low latency and high throughput. They are currently deployed on T2.medium. It is imperative that you experience as little downtime as possible, but cost and performance are most important. How should you accomplish this?

Create AMIs from the instances, create new instances on t2.medium, and start those instances in a placement group.

Create AMIs from the instances, deploy the instances as i3.large, and start those instances in a placement group.

Stop the instances and restart them in a placement group.

Add an extra ENI to the instances and team them to provide greater throughput.

Show Answer Comment (0)

Question 378

When an AWS Config rule is triggered a JSON object known as an AWS Config Event is created. This object contains another JSON string in its ____ parameter, which describes the event that triggered the rule.

resultToken

eventLeftScope

invokingEvent

configRuleName

Show Answer Comment (0)