ExamGecko
Search Search Login
Home Home / Amazon / ANS-C00

Amazon ANS-C00 Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URLs, the instances should be able to access any Amazon S3 bucket in the same region via any URL. Which of the following solutions should you deploy? (Choose two.)
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Your website is under attack and a malicious party is stealing large amounts of data. You have default NACL rules. Stopping the attack is the ONLY priority in this case. Which two commands should you use? (Choose two.)
Which element of AWS Config can be used to help maintain internal and external compliance controls?
A bank built a new version of its banking application in AWS using containers that connect to an on-premises database over a VPN connection. This application version requires users to also update their client application. The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their onpremises version of the application to serve a small portion of the customers who haven't yet upgraded. What design will allow the company to serve both newer and earlier clients in the MOST efficient way?
A company is deploying a critical application on two Amazon EC2 instances in a VPC. Failed client connections to the EC2 instances must be logged according to company policy. What is the MOST cost-effective solution to meet these requirements?

Question 31

Report
Export
Collapse

A Network Engineer is provisioning a subnet for a load balancer that will sit in front of a fleet of application servers in a private subnet. There is limited IP space left in the VPC CIDR. The application has few users now but is expected to grow quickly to millions of users.

What design will use the LEAST amount of IP space, while allowing for this growth?

A.
Use two /29 subnets for an Application Load Balancer in different Availability Zones.
A.
Use two /29 subnets for an Application Load Balancer in different Availability Zones.
Answers
B.
Use one /29 subnet for the Network Load Balancer. Add another VPC CIDR to the VPC to allow for future growth.
B.
Use one /29 subnet for the Network Load Balancer. Add another VPC CIDR to the VPC to allow for future growth.
Answers
C.
Use two /28 subnets for a Network Load Balancer in different Availability Zones.
C.
Use two /28 subnets for a Network Load Balancer in different Availability Zones.
Answers
D.
Use one /28 subnet for an Application Load Balancer. Add another VPC CIDR to the VPC to allow for future growth.
D.
Use one /28 subnet for an Application Load Balancer. Add another VPC CIDR to the VPC to allow for future growth.
Answers
Suggested answer: D

Question 32

Report
Export
Collapse

In Amazon CloudFront, if you need to quickly remove objects from a distribution, you can:

A.
delete the objects from cache.
A.
delete the objects from cache.
Answers
B.
invalidate the objects.
B.
invalidate the objects.
Answers
C.
remove your Amazon S3 bucket.
C.
remove your Amazon S3 bucket.
Answers
D.
delete your distribution and recreate it.
D.
delete your distribution and recreate it.
Answers
Suggested answer: B

Explanation:

Explanation:

In Amazon CloudFront, if you need to quickly remove objects from a distribution, you can invalidate them.

Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AddRemoveReplaceObjects.html

Question 33

Report
Export
Collapse

A company has a hybrid architecture with dual AWS Direct Connect connections and applications running in the AWS Cloud and on premises. The company uses its on-premises DNS servers to provide name resolution for is internal domain company.com. The company uses an Amazon Route 53 private hosted zone, aws.company.com, for resolution of AWS resource records.

A new application that runs on Amazon EC2 in the company's VPC needs to resolve records in the company.com domain and on other AWS resources. What should the company do to meet these requirements?

A.
Create a new DHCP options set. Configure the DHCP options set name servers to be the on-premises DNS servers, and configure the domain name to be company.com. Assign the DHCP options set to the VPC with the EC2 instances.
A.
Create a new DHCP options set. Configure the DHCP options set name servers to be the on-premises DNS servers, and configure the domain name to be company.com. Assign the DHCP options set to the VPC with the EC2 instances.
Answers
B.
Create Route 53 Resolver outbound endpoints in each subnet in the VP
B.
Create Route 53 Resolver outbound endpoints in each subnet in the VP
Answers
C.
Configure a Route 53 forwarding rule with a rule type of Forward for company.com that points to the on-premises DNS servers. Configure a Route 53 forwarding rule with a rule type of System for aws.company.com.
C.
Configure a Route 53 forwarding rule with a rule type of Forward for company.com that points to the on-premises DNS servers. Configure a Route 53 forwarding rule with a rule type of System for aws.company.com.
Answers
D.
Create Route 53 Resolver outbound endpoints in each subnet in the VPConfigure conditional forwarding rules on the onpremises DNS servers to forward queries for the domain aws.company.com to the Route 53 Resolver endpoints.Modify the DHCP options set to configure instances to resolve hostnames using the on-premises DNS servers.
D.
Create Route 53 Resolver outbound endpoints in each subnet in the VPConfigure conditional forwarding rules on the onpremises DNS servers to forward queries for the domain aws.company.com to the Route 53 Resolver endpoints.Modify the DHCP options set to configure instances to resolve hostnames using the on-premises DNS servers.
Answers
E.
Create a private hosted zone for company.com within the AWS account. Create Route 53 Resolver inbound endpoints in each subnet in the VPC. Configure the on-premises DNS servers to send outbound zone transfers forcompany.com to the Route 53 Resolver endpoints.
E.
Create a private hosted zone for company.com within the AWS account. Create Route 53 Resolver inbound endpoints in each subnet in the VPC. Configure the on-premises DNS servers to send outbound zone transfers forcompany.com to the Route 53 Resolver endpoints.
Answers
Suggested answer: D

Question 34

Report
Export
Collapse

Which of these addresses cannot be given to an EC2 instance in your VPC?

A.
10.0.0.157
A.
10.0.0.157
Answers
B.
10.0.0.3
B.
10.0.0.3
Answers
C.
10.0.0.4
C.
10.0.0.4
Answers
D.
10.0.0.253
D.
10.0.0.253
Answers
Suggested answer: B

Explanation:

Explanation:

10.0.0.3 is reserved by AWS for future use.

Question 35

Report
Export
Collapse

Which of the following statements does not describe Jumbo Frames in an AWS VPC environment?

A.
For instances that are collocated inside a placement group, jumbo frames help to achieve the maximum network throughput possible
A.
For instances that are collocated inside a placement group, jumbo frames help to achieve the maximum network throughput possible
Answers
B.
Jumbo Frames are not supported for traffic that exits the Virtual Private Gateway
B.
Jumbo Frames are not supported for traffic that exits the Virtual Private Gateway
Answers
C.
Jumbo Frames are not supported for traffic that exits the Internet Gateway
C.
Jumbo Frames are not supported for traffic that exits the Internet Gateway
Answers
D.
T2.micro instances do not support Jumbo Frames
D.
T2.micro instances do not support Jumbo Frames
Answers
Suggested answer: D

Explanation:

Explanation:

All answers except for Answer D are correct. Answer D is incorrect in that AWS does indeed support Jumbo Frames on all instance types within the T2 family class - including the T2.micro instance type.

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html

Question 36

Report
Export
Collapse

A computing team is evaluating whether to place a high performance computing (HPC) application in AWS. The team is concerned about application performance and wants to know what options are available to increase networking performance.

Which of the following changes would increase performance for this application? (Choose two.)

A.
Place the application across many smaller instances to achieve higher total throughput.
A.
Place the application across many smaller instances to achieve higher total throughput.
Answers
B.
Increase the MTU of the VPC to 9001.
B.
Increase the MTU of the VPC to 9001.
Answers
C.
Enable an MTU of 9001 in the application's operating system.
C.
Enable an MTU of 9001 in the application's operating system.
Answers
D.
Enable enhanced networking on the instances.
D.
Enable enhanced networking on the instances.
Answers
E.
Deploy the application in two Availability Zones and insert them in one placement group.
E.
Deploy the application in two Availability Zones and insert them in one placement group.
Answers
Suggested answer: B, D

Question 37

Report
Export
Collapse

Which is not a valid Route 53 record?

A.
SPF
A.
SPF
Answers
B.
NAPTR
B.
NAPTR
Answers
C.
AAAA
C.
AAAA
Answers
D.
BFD
D.
BFD
Answers
Suggested answer: D

Explanation:

Explanation:

BFD stands for Bi-directional Forwarding Detection and has nothing to do with Route 53.

Question 38

Report
Export
Collapse

A company uses a newly provisioned 1-Gbps AWS Direct Connect connection to configure a virtual interface for access to Amazon S3.

Which configuration values is the network engineer required to provide? (Choose two.)

A.
Connection speed
A.
Connection speed
Answers
B.
VLAN ID
B.
VLAN ID
Answers
C.
IP prefixes to advertise
C.
IP prefixes to advertise
Answers
D.
Direct Connect location
D.
Direct Connect location
Answers
E.
Virtual private gateway
E.
Virtual private gateway
Answers
Suggested answer: B, E

Question 39

Report
Export
Collapse

What are two ways to influence the direction of Dynamic VPN traffic over multiple links? (Choose two.)

A.
AS_PATH Prepending
A.
AS_PATH Prepending
Answers
B.
BFD
B.
BFD
Answers
C.
MED
C.
MED
Answers
D.
Shouting at it
D.
Shouting at it
Answers
Suggested answer: A, C

Explanation:

Explanation:

BFD detects failed links but does not create them. Shouting at it just isn't nice.

Question 40

Report
Export
Collapse

Your company has placement groups in two different availability zones. There is a large project coming up and, although resilience is important, cost and speed are the most important factors. The servers in each placement group need to be able to achieve the highest speed possible. How can this be achieved?

A.
Create AMIs from all of the instances, terminate them, and deploy them all into one placement group.
A.
Create AMIs from all of the instances, terminate them, and deploy them all into one placement group.
Answers
B.
In the CLI, run the command "aws ec2 set-placement-group 1 " for all of the instances.
B.
In the CLI, run the command "aws ec2 set-placement-group 1 " for all of the instances.
Answers
C.
Duplicate the VPC, peer the new VPC, create AMIs of the instances, terminate them, and redeploy them in two separate placement groups between the two VPCs.
C.
Duplicate the VPC, peer the new VPC, create AMIs of the instances, terminate them, and redeploy them in two separate placement groups between the two VPCs.
Answers
D.
Peer the two placement groups using AWS PG Peering.
D.
Peer the two placement groups using AWS PG Peering.
Answers
Suggested answer: A

Explanation:

Explanation:

There is no AWS PG Peering option, Duplicating the VPC does not align with the cost concern, there is no "aws ec2 setplacement- group" command.

Total 414 questions
Go to page: of 42
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms