Amazon ANS-C00 Practice Test - Questions Answers, Page 7
List of questions
Question 61
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Your website utilizes EC2, S3, ELB-Classic, and CloudFront. Your manager has shifted focus to security and wants you to ensure the site is as secure as possible. What two items could you recommend?
(Choose two.)
Explanation:
Explanation:
A WAF on CloudFront and a restricted bucket policy to ensure the only access is from CloudFront. You cannot apply a WAF to a classic load balancer and an NACL that blocks all ports would block access to the load balancer.
Question 62
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A network engineer deploys an application in a private subnet in a VPC that connects to many external video feed providers using RTMP over the internet. A NAT gateway has been deployed in a public subnet and is working as expected. From the Amazon EC2 instance, the application is able to connect to all feed providers except one, which hangs when connecting.
Manually testing a connection from an Amazon EC2 instance in the public subnet to the problem feed indicates that the feed works as expected. What is causing this issue?
Question 63
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You are designing an AWS Direct Connect solution into your VPC. You need to consider requirements for the customer router to terminate the Direct Connect link at the Direct Connect location.
Which three factors that must be supported should you consider when choosing the customer router? (Choose three.)
Question 64
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
An organization has ordered a new AWS Direct Connect connection. The AWS Management Console reports that the connection is available and BGP status is up. However, the networking team is not able to reach instances in the VPC using ping on the organization's private IP address.
What could cause this connectivity issue? (Choose two.)
Question 65
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You are managing a VPC with 4 AZs. There is a load balancer managing the public accessibility to your servers. You have a secondary ENI with a private IPv4 address on an instance that is serving public web traffic. Your server communicates over private addresses to a database in another subnet. Security is a major concern for your company and whitelisting is in effect. You have to bring the web server down for maintenance, what two things should you do? (Choose two.)
Explanation:
Explanation:
You must configure a secondary ENI on the standby instance with an IP address that can access the data subnet. This may require modification of the security group for the database.
Question 66
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
What statement about LAGs is incorrect?
Explanation:
Explanation:
All links must be the same speed for a LAG to be operational.
Question 67
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You currently use a single security group assigned to all nodes in a clustered NoSQL database. Only your cluster members in one region must be able to connect to each other. This security group uses a self-referencing rule using the cluster security group's group-id to make it easier to add or remove nodes from the cluster.
You need to make this database comply with out-of-region disaster recovery requirements and ensure that the network traffic between the nodes is encrypted when travelling between regions. How should you enable secure cluster communication while deploying additional cluster members in another AWS region?
Question 68
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
By default, all AWS accounts are limited to ____ EIPs, because public (IPv4) Internet addresses are a scarce public resource.
Explanation:
Explanation:
An Elastic IP address (EIP) is a static IP address designed for dynamic cloud computing. With an EIP, you can mask the failure of an instance by rapidly remapping the address to another instance. By default, all AWS accounts are limited to 5 EIPs, because public (IPv4) Internet addresses are a scarce public resource.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html
Question 69
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Which of these is not specified on an ENI?
Explanation:
Explanation:
An A record is not specified on an ENI. This is created in Route 53.
Question 70
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You want to ensure you have the absolute best transmission rates inside and outside your VPC. You are concerned about the MTU settings. What is the best way to configure your T2 instances to ensure the best compatibility?
Explanation:
Explanation:
By using two ENIs, you ensure the right MTU goes to the proper destination.
Question