ExamGecko
Search Search Login
Home Home / Amazon / ANS-C00

Amazon ANS-C00 Practice Test - Questions Answers, Page 5

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URLs, the instances should be able to access any Amazon S3 bucket in the same region via any URL. Which of the following solutions should you deploy? (Choose two.)
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Your website is under attack and a malicious party is stealing large amounts of data. You have default NACL rules. Stopping the attack is the ONLY priority in this case. Which two commands should you use? (Choose two.)
Which element of AWS Config can be used to help maintain internal and external compliance controls?
A bank built a new version of its banking application in AWS using containers that connect to an on-premises database over a VPN connection. This application version requires users to also update their client application. The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their onpremises version of the application to serve a small portion of the customers who haven't yet upgraded. What design will allow the company to serve both newer and earlier clients in the MOST efficient way?
A company is deploying a critical application on two Amazon EC2 instances in a VPC. Failed client connections to the EC2 instances must be logged according to company policy. What is the MOST cost-effective solution to meet these requirements?

Question 41

Report
Export
Collapse

A Network Engineer is designing a new system on AWS that will take advantage of Amazon CloudFront for both content caching and for protecting the underlying origin. There is concern that an external agency might be able to access the IP addresses for the application's origin and then attack the origin despite it being served by CloudFront. Which of the following solutions provides the strongest level of protection to the origin?

A.
Use an IP whitelist rule in AWS WAF within CloudFront to ensure that only known-client IPs are able to access the application.
A.
Use an IP whitelist rule in AWS WAF within CloudFront to ensure that only known-client IPs are able to access the application.
Answers
B.
Configure CloudFront to use a custom header and configure an AWS WAF rule on the origin's Application Load Balancer to accept only traffic that contains that header.
B.
Configure CloudFront to use a custom header and configure an AWS WAF rule on the origin's Application Load Balancer to accept only traffic that contains that header.
Answers
C.
Configure an AWS Lambda@Edge function to validate that the traffic to the Application Load Balancer originates from CloudFront.
C.
Configure an AWS Lambda@Edge function to validate that the traffic to the Application Load Balancer originates from CloudFront.
Answers
D.
Attach an origin access identity to the CloudFront origin that allows traffic to the origin that originates from only CloudFront.
D.
Attach an origin access identity to the CloudFront origin that allows traffic to the origin that originates from only CloudFront.
Answers
Suggested answer: A

Question 42

Report
Export
Collapse

Your hybrid networking environment consists of two application VPCs, a shared services VPC, and your corporate network.

The corporate network is connected to the shared services VPC via an IPsec VPN with dynamic (BGP) routing enabled.

The applications require access to a common authentication service in the shared services VPC. You need to enable native network access from the corporate network to both application VPCs. Which step should you take to meet the requirements?

A.
Use VPC peering to peer the application VPCs with the shared services VPC, and enable associated routing in the shared services VPC via the corporate VPN.
A.
Use VPC peering to peer the application VPCs with the shared services VPC, and enable associated routing in the shared services VPC via the corporate VPN.
Answers
B.
Configure an IPsec VPN between the virtual private gateway in each application VPC to the virtual private gateway in the shared services VPC.
B.
Configure an IPsec VPN between the virtual private gateway in each application VPC to the virtual private gateway in the shared services VPC.
Answers
C.
Configure additional IPsec VPNs for each application VPC back to the corporate network, and enable VPC peering to the shared services VPC.
C.
Configure additional IPsec VPNs for each application VPC back to the corporate network, and enable VPC peering to the shared services VPC.
Answers
D.
Enable CloudHub functionality to route traffic between the three VPCs and the corporate network using dynamic BGP routing.
D.
Enable CloudHub functionality to route traffic between the three VPCs and the corporate network using dynamic BGP routing.
Answers
Suggested answer: C

Question 43

Report
Export
Collapse

Your company's policy requires that all VPCs peer with a "common services: VPC. This VPC contains a fleet of layer 7 proxies and an Internet gateway. No other VPC is allowed to provision an Internet gateway. You configure a new VPC and peer with the common service VPC as required by policy. You launch an Amazon EC2. Windows instance configured to forward all traffic to the layer 7 proxies in the common services VPC. The application on this server should successfully interact with Amazon S3 using its properly configured AWS Identity and Access Management (IAM) role. However, Amazon S3 is returning 403 errors to the application. Which step should you take to enable access to Amazon S3?

A.
Update the S3 bucket policy with the private IP address of the instance.
A.
Update the S3 bucket policy with the private IP address of the instance.
Answers
B.
Exclude 169.254.169.0/24 from the instance's proxy configuration.
B.
Exclude 169.254.169.0/24 from the instance's proxy configuration.
Answers
C.
Configure a VPC endpoint for Amazon S3 in the same subnet as the instance.
C.
Configure a VPC endpoint for Amazon S3 in the same subnet as the instance.
Answers
D.
Update the CORS configuration for Amazon S3 to allow traffic from the proxy.
D.
Update the CORS configuration for Amazon S3 to allow traffic from the proxy.
Answers
Suggested answer: D

Question 44

Report
Export
Collapse

What is the maximum size of a response body that Amazon CloudFront will return to the viewer?

A.
Unlimited
A.
Unlimited
Answers
B.
5 GB
B.
5 GB
Answers
C.
100 MB
C.
100 MB
Answers
D.
20 GB
D.
20 GB
Answers
Suggested answer: D

Explanation:

Explanation:

The maximum size of a response body that CloudFront will return to the viewer is 20 GB.

Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorS3Origin.html#Resp onseBehaviorS3Origin

Question 45

Report
Export
Collapse

Which path will be chosen first?

A.
192.168.0.0/16 AS 65000 over Direct Connect
A.
192.168.0.0/16 AS 65000 over Direct Connect
Answers
B.
192.0.0.0/8 AS 65000 over Direct Connect
B.
192.0.0.0/8 AS 65000 over Direct Connect
Answers
C.
192.168.1.0/24 AS 65000 65000 65000 over a Dynamic VPN
C.
192.168.1.0/24 AS 65000 65000 65000 over a Dynamic VPN
Answers
D.
192.168.0.0/16 AS 65000 over a Static VPN
D.
192.168.0.0/16 AS 65000 over a Static VPN
Answers
Suggested answer: C

Explanation:

Explanation:

The path selection process always chooses the most specific prefix first.

Question 46

Report
Export
Collapse

You have just deployed a website that utilizes CloudFront, ELB, and S3 to serve content. When users access your site, they are seeing broken image links. What is most likely the problem?

A.
There is no record in Route 53 pointing cdn.yourdomain.com to the CloudFront ALIAS.
A.
There is no record in Route 53 pointing cdn.yourdomain.com to the CloudFront ALIAS.
Answers
B.
You need to create Origin Access Identity for CloudFront and add it to your bucket policy.
B.
You need to create Origin Access Identity for CloudFront and add it to your bucket policy.
Answers
C.
The images in S3 are saved as .png instead of .jpg.
C.
The images in S3 are saved as .png instead of .jpg.
Answers
D.
There is no rule in your bucket policy allowing public access.
D.
There is no rule in your bucket policy allowing public access.
Answers
Suggested answer: B

Explanation:

Explanation:

You must have an OAI if the bucket policy does not allow public access, which is bad practice.

Question 47

Report
Export
Collapse

A team implements a highly available solution using Amazon AppStream 2.0. The AppStream 2.0 fleet needs to communicate with resources both in an existing VPC and on-premises. The VPC is connected to the on-premises environment using an AWS Direct Connect private virtual interface.

What implementation enables on-premises users to connect to AppStream and existing VPC resources?

A.
Deploy two subnets into the existing VP
A.
Deploy two subnets into the existing VP
Answers
B.
Add a public virtual interface to the Direct Connect connection for users to access the AppStream endpoint
B.
Add a public virtual interface to the Direct Connect connection for users to access the AppStream endpoint
Answers
C.
Deploy two subnets into the existing VPC. Add a private virtual interface on the Direct Connect connection for users to access the AppStream endpoint.
C.
Deploy two subnets into the existing VPC. Add a private virtual interface on the Direct Connect connection for users to access the AppStream endpoint.
Answers
D.
Deploy a new VPC with two subnets. Create a VPC peering connection between the two VPCs for users to access the AppStream endpoint.
D.
Deploy a new VPC with two subnets. Create a VPC peering connection between the two VPCs for users to access the AppStream endpoint.
Answers
E.
Deploy one subnet into the existing VPC. Add a private virtual interface on the Direct Connect connection for users to access the AppStream endpoint.
E.
Deploy one subnet into the existing VPC. Add a private virtual interface on the Direct Connect connection for users to access the AppStream endpoint.
Answers
Suggested answer: A

Question 48

Report
Export
Collapse

What value in a packet dictates the priority of the packet in a QoS enabled network?

A.
BFD
A.
BFD
Answers
B.
IPv6
B.
IPv6
Answers
C.
NAT
C.
NAT
Answers
D.
DSCP
D.
DSCP
Answers
Suggested answer: D

Explanation:

Explanation:

The Differentiated Services Code Point value, or DSCP, is used to label packets on QoS enabled networks for prioritization.

Question 49

Report
Export
Collapse

You wish to have a sub-1G connection to AWS to save on costs. How can you achieve this?

A.
Just set your router to the speed you want and AWS will charge you based on the actual speed of the port.
A.
Just set your router to the speed you want and AWS will charge you based on the actual speed of the port.
Answers
B.
Contact AWS, they will put you in contact with a technical account manager who can help you get this setup.
B.
Contact AWS, they will put you in contact with a technical account manager who can help you get this setup.
Answers
C.
You can't. The only speeds available for Direct Connect are 1G and 10G.
C.
You can't. The only speeds available for Direct Connect are 1G and 10G.
Answers
D.
Contact an AWS partner, AWS does not provide sub-1G connection speeds.
D.
Contact an AWS partner, AWS does not provide sub-1G connection speeds.
Answers
Suggested answer: D

Explanation:

Explanation:

Sub-1G service is only available through AWS partners.

Question 50

Report
Export
Collapse

Your organization has a newly installed 1-Gbps AWS Direct Connect connection. You order the cross-connect from the Direct Connect location provider to the port on your router in the same facility. To enable the use of your first virtual interface, your router must be configured appropriately. What are the minimum requirements for your router?

A.
1-Gbps Multi Mode Fiber Interface, 802.1Q VLAN, Peer IP Address, BGP Session with MD5.
A.
1-Gbps Multi Mode Fiber Interface, 802.1Q VLAN, Peer IP Address, BGP Session with MD5.
Answers
B.
1-Gbps Single Mode Fiber Interface, 802.1Q VLAN, Peer IP Address, BGP Session with MD5.
B.
1-Gbps Single Mode Fiber Interface, 802.1Q VLAN, Peer IP Address, BGP Session with MD5.
Answers
C.
IPsec Parameters, Pre-Shared key, Peer IP Address, BGP Session with MD5
C.
IPsec Parameters, Pre-Shared key, Peer IP Address, BGP Session with MD5
Answers
D.
BGP Session with MD5, 802.1Q VLAN, Route-Map, Prefix List, IPsec encrypted GRE Tunnel
D.
BGP Session with MD5, 802.1Q VLAN, Route-Map, Prefix List, IPsec encrypted GRE Tunnel
Answers
Suggested answer: B
Total 414 questions
Go to page: of 42
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms