ExamGecko
Search Search Login
Home Home / Amazon / ANS-C00

Amazon ANS-C00 Practice Test - Questions Answers, Page 39

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URLs, the instances should be able to access any Amazon S3 bucket in the same region via any URL. Which of the following solutions should you deploy? (Choose two.)
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Your website is under attack and a malicious party is stealing large amounts of data. You have default NACL rules. Stopping the attack is the ONLY priority in this case. Which two commands should you use? (Choose two.)
Which element of AWS Config can be used to help maintain internal and external compliance controls?
A bank built a new version of its banking application in AWS using containers that connect to an on-premises database over a VPN connection. This application version requires users to also update their client application. The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their onpremises version of the application to serve a small portion of the customers who haven't yet upgraded. What design will allow the company to serve both newer and earlier clients in the MOST efficient way?
A company is deploying a critical application on two Amazon EC2 instances in a VPC. Failed client connections to the EC2 instances must be logged according to company policy. What is the MOST cost-effective solution to meet these requirements?

Question 381

Report
Export
Collapse

You are architecting an HPC solution in AWS. The system consists of a cluster of EC2 instances that require low-latency communications between them. Which method should you use to set up a cluster to meet these requirements?

A.
Create a VPC with one subnet in a single Availability Zone. Keep the size of the subnet equal to the number of instances required in the cluster. Launch instances for the cluster in this small subnet to guarantee low-latency networkperformance.
A.
Create a VPC with one subnet in a single Availability Zone. Keep the size of the subnet equal to the number of instances required in the cluster. Launch instances for the cluster in this small subnet to guarantee low-latency networkperformance.
Answers
B.
Create a placement group. Choose an EC2 instance type compatible with placement groups for the cluster. Launch instances for the cluster in the placement group.
B.
Create a placement group. Choose an EC2 instance type compatible with placement groups for the cluster. Launch instances for the cluster in the placement group.
Answers
C.
Launch Amazon EC2 instances with the largest available number of cores and RAM. Attach all instances to an Amazon EBS PIOPS volume. Implement a shared memory system across all instances in the cluster, using this shared EBSvolume to minimize latency of communication.
C.
Launch Amazon EC2 instances with the largest available number of cores and RAM. Attach all instances to an Amazon EBS PIOPS volume. Implement a shared memory system across all instances in the cluster, using this shared EBSvolume to minimize latency of communication.
Answers
D.
Choose an EC2 instance type that offers enhanced networking. Attach a 10-Gbps non-blocking elastic network interface to the instances. Configure the elastic network interface to optimize network performance to reduce latency.
D.
Choose an EC2 instance type that offers enhanced networking. Attach a 10-Gbps non-blocking elastic network interface to the instances. Configure the elastic network interface to optimize network performance to reduce latency.
Answers
Suggested answer: B

Explanation:

Explanation:

Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both.

A is incorrect because the size of a subnet has no impact on network performance. C is incorrect because an EBS volume cannot be shared between EC2 instances. D is only half the solution because the enhanced networking affects the network behavior of an EC2 instance but not the network infrastructure between instances.

Question 382

Report
Export
Collapse

Your organization has placed a project on hold and has stopped 30 public EC2 instances. These instances use instance store volumes and do not have custom AMIs associated. You are still being charged every month. What is the charge probably for?

A.
AWS charges for dormant accounts.
A.
AWS charges for dormant accounts.
Answers
B.
You have Elastic IPs associated with those instances.
B.
You have Elastic IPs associated with those instances.
Answers
C.
There is a "stopped instance" fee that AWS charges every month.
C.
There is a "stopped instance" fee that AWS charges every month.
Answers
D.
You are being charged for the EBS volumes.
D.
You are being charged for the EBS volumes.
Answers
Suggested answer: B

Explanation:

Explanation:

You have Elastic IPs associated with those instances. AWS charges for any unused Elastic IPs in your account.

Question 383

Report
Export
Collapse

Each custom AWS Config rule you create must be associated with a(n) AWS ____, which contains the logic that evaluates whether your AWS resources comply with the rule.

A.
Lambda function
A.
Lambda function
Answers
B.
Configuration trigger
B.
Configuration trigger
Answers
C.
EC2 instance
C.
EC2 instance
Answers
D.
S3 bucket
D.
S3 bucket
Answers
Suggested answer: A

Explanation:

Explanation:

You can develop custom AWS Config rules to be evaluated by associating each of them with an AWS Lambda function, which contains the logic that evaluates whether your AWS resources comply with the rule. You associate this function with your rule, and the rule invokes the function either in response to configuration changes or periodically. The function then evaluates whether your resources comply with your rule, and sends its evaluation results to AWS Config.

Reference: http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html

Question 384

Report
Export
Collapse

A company offers a web-based service that uses Amazon EC2 instances behind an Application Load Balancer (ALB). One of the company's large customers reports slow bulk transfer throughput. The company's network engineer suspects that this problem is the result of the TCP window size setting in the customer's corporate laptop computers. How can the network engineer check the value of the TCP window size?

A.
Configure VPC Flow Logs on the ALB elastic network interface. Use custom flow logs to add the TCP window size parameter to the captured metadata.
A.
Configure VPC Flow Logs on the ALB elastic network interface. Use custom flow logs to add the TCP window size parameter to the captured metadata.
Answers
B.
Configure VPC Traffic Mirroring. Set the traffic mirror source to the ALB elastic network interface. Set the traffic mirror target to Amazon S3 for analysis with Amazon Athena.
B.
Configure VPC Traffic Mirroring. Set the traffic mirror source to the ALB elastic network interface. Set the traffic mirror target to Amazon S3 for analysis with Amazon Athena.
Answers
C.
Configure VPC Traffic Mirroring. Set the traffic mirror source to the ALB elastic network interface. Set the traffic mirror target to an EC2 instance with packet capture software.
C.
Configure VPC Traffic Mirroring. Set the traffic mirror source to the ALB elastic network interface. Set the traffic mirror target to an EC2 instance with packet capture software.
Answers
D.
Configure VPC Flow Logs on the ALB elastic network interface. Send the flow logs to Amazon S3 in the same AWS Region for analysis by AWS Network Manager.
D.
Configure VPC Flow Logs on the ALB elastic network interface. Send the flow logs to Amazon S3 in the same AWS Region for analysis by AWS Network Manager.
Answers
Suggested answer: D

Explanation:

Explanation:

Reference: https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html

Question 385

Report
Export
Collapse

Changes made to a security group attached to an Application Load Balancer resulted in connectivity issues for a company's production web application. The network engineer needs to lock down permissions for the company's AWS account, automate auditing for any changes, and set up notifications. What actions should accomplish this?

A.
Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify API calls from users. Use AWS Config to audit any changes, and configure Amazon SNS to send notifications.
A.
Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify API calls from users. Use AWS Config to audit any changes, and configure Amazon SNS to send notifications.
Answers
B.
Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify the API calls from users. Configure AWS CodeCommit to audit any changes in configurations, and configure Amazon SNS tosend notifications.
B.
Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify the API calls from users. Configure AWS CodeCommit to audit any changes in configurations, and configure Amazon SNS tosend notifications.
Answers
C.
Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify the API calls from users. Configure Amazon Macie to use machine learning to identify any configuration changes, and configureAmazon SNS to send notifications.
C.
Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify the API calls from users. Configure Amazon Macie to use machine learning to identify any configuration changes, and configureAmazon SNS to send notifications.
Answers
D.
Configure IAM role policies to lock down permissions for specific users. Configure Amazon GuardDuty to audit and monitor configuration changes, and configure Amazon SNS to send notifications.
D.
Configure IAM role policies to lock down permissions for specific users. Configure Amazon GuardDuty to audit and monitor configuration changes, and configure Amazon SNS to send notifications.
Answers
Suggested answer: D

Question 386

Report
Export
Collapse

A corporate network routing table contains 624 individual RFC 1918 and public IP prefixes. You have two AWS Direct Connect connectors. You configure a private virtual interface on both connections to a virtual private gateway. The virtual private gateway is not currently attached to a VPC. Neither BGP session will maintain the Established state on the customer router. The AWS Management Console reports the private virtual interfaces as Down.

What could you do to address the problem so that the AWS Management Console reports the private virtual interface as Available?

A.
Attach the virtual private gateway to a VPC and enable route propagation.
A.
Attach the virtual private gateway to a VPC and enable route propagation.
Answers
B.
Filter the public IP pre?xes on the corporate network from the private virtual interface.
B.
Filter the public IP pre?xes on the corporate network from the private virtual interface.
Answers
C.
Change the BGP advertisements from the corporate network to only be a default route.
C.
Change the BGP advertisements from the corporate network to only be a default route.
Answers
D.
Attach the second virtual interface to an alternative virtual private gateway.
D.
Attach the second virtual interface to an alternative virtual private gateway.
Answers
Suggested answer: D

Question 387

Report
Export
Collapse

You can use the ____ page of the AWS Config console to look up resources that AWS Config has discovered, including deleted resources and resources that are not currently being recorded.

A.
snapshot listing
A.
snapshot listing
Answers
B.
configuration history
B.
configuration history
Answers
C.
resource inventory
C.
resource inventory
Answers
D.
resource database
D.
resource database
Answers
Suggested answer: C

Explanation:

Explanation:

You can use the AWS Config console, AWS CLI, and AWS Config API to look up the resources that AWS Config has taken an inventory of, or discovered, including deleted resources and resources that AWS Config is not currently recording. AWS Config discovers supported resource types only. You can use the AWS Config console in the AWS Management console to look up these resources. The Resource Inventory page lets you perform this search.

Reference: http://docs.aws.amazon.com/config/latest/developerguide/looking-up-discovered-resources.html

Question 388

Report
Export
Collapse

Which two choices can serve as a directory service for WorkSpaces? (Choose two.)

A.
Simple AD
A.
Simple AD
Answers
B.
Enhanced AD
B.
Enhanced AD
Answers
C.
Direct Connection
C.
Direct Connection
Answers
D.
AWS Microsoft AD
D.
AWS Microsoft AD
Answers
Suggested answer: A, D

Explanation:

Explanation:

There is no such thing as "Enhanced AD" and DX is not a directory service.

Question 389

Report
Export
Collapse

Your network utilizes jumbo frames on its servers and your router. You are trying to access your AWS resources, and you are having issues with packet loss. What is the best solution?

A.
Remove the "Do not Fragment" flag on the packets.
A.
Remove the "Do not Fragment" flag on the packets.
Answers
B.
Lower the MTU for your network.
B.
Lower the MTU for your network.
Answers
C.
Call AWS support.
C.
Call AWS support.
Answers
D.
You will have to upgrade to Direct Connect.
D.
You will have to upgrade to Direct Connect.
Answers
Suggested answer: A

Explanation:

Explanation:

Remove the "Don't Fragment" Flag on your router. AWS will drop any data with an MTU of greater than 1500 if the "Do not Fragment" flag is set, so you need your router to indicate that data can be fragmented.

Question 390

Report
Export
Collapse

From the following options, select the answer that correctly describes the implementation of the HTTP protocol

A.
By definition, HTTP is a connection-less oriented protocol and therefore utilises TCP
A.
By definition, HTTP is a connection-less oriented protocol and therefore utilises TCP
Answers
B.
By definition, HTTP is a connection orientated protocol and therefore utilises TCP
B.
By definition, HTTP is a connection orientated protocol and therefore utilises TCP
Answers
C.
By definition, HTTP is a connection-less oriented protocol and therefore utilises UDP
C.
By definition, HTTP is a connection-less oriented protocol and therefore utilises UDP
Answers
D.
By definition, HTTP can be configured to be either connection or connection-less oriented - by specifying the appropriateHTTP header.
D.
By definition, HTTP can be configured to be either connection or connection-less oriented - by specifying the appropriateHTTP header.
Answers
Suggested answer: B

Explanation:

Explanation:

HTTP is a connection orientated protocol and therefore utilizes TCP

Reference: https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol

Total 414 questions
Go to page: of 42
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms