Amazon ANS-C00 Practice Test - Questions Answers, Page 5
List of questions
Question 41
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A Network Engineer is designing a new system on AWS that will take advantage of Amazon CloudFront for both content caching and for protecting the underlying origin. There is concern that an external agency might be able to access the IP addresses for the application's origin and then attack the origin despite it being served by CloudFront. Which of the following solutions provides the strongest level of protection to the origin?
Question 42
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Your hybrid networking environment consists of two application VPCs, a shared services VPC, and your corporate network.
The corporate network is connected to the shared services VPC via an IPsec VPN with dynamic (BGP) routing enabled.
The applications require access to a common authentication service in the shared services VPC. You need to enable native network access from the corporate network to both application VPCs. Which step should you take to meet the requirements?
Question 43
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Your company's policy requires that all VPCs peer with a "common services: VPC. This VPC contains a fleet of layer 7 proxies and an Internet gateway. No other VPC is allowed to provision an Internet gateway. You configure a new VPC and peer with the common service VPC as required by policy. You launch an Amazon EC2. Windows instance configured to forward all traffic to the layer 7 proxies in the common services VPC. The application on this server should successfully interact with Amazon S3 using its properly configured AWS Identity and Access Management (IAM) role. However, Amazon S3 is returning 403 errors to the application. Which step should you take to enable access to Amazon S3?
Question 44
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
What is the maximum size of a response body that Amazon CloudFront will return to the viewer?
Explanation:
Explanation:
The maximum size of a response body that CloudFront will return to the viewer is 20 GB.
Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorS3Origin.html#Resp onseBehaviorS3Origin
Question 45
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Which path will be chosen first?
Explanation:
Explanation:
The path selection process always chooses the most specific prefix first.
Question 46
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You have just deployed a website that utilizes CloudFront, ELB, and S3 to serve content. When users access your site, they are seeing broken image links. What is most likely the problem?
Explanation:
Explanation:
You must have an OAI if the bucket policy does not allow public access, which is bad practice.
Question 47
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A team implements a highly available solution using Amazon AppStream 2.0. The AppStream 2.0 fleet needs to communicate with resources both in an existing VPC and on-premises. The VPC is connected to the on-premises environment using an AWS Direct Connect private virtual interface.
What implementation enables on-premises users to connect to AppStream and existing VPC resources?
Question 48
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
What value in a packet dictates the priority of the packet in a QoS enabled network?
Explanation:
Explanation:
The Differentiated Services Code Point value, or DSCP, is used to label packets on QoS enabled networks for prioritization.
Question 49
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You wish to have a sub-1G connection to AWS to save on costs. How can you achieve this?
Explanation:
Explanation:
Sub-1G service is only available through AWS partners.
Question 50
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Your organization has a newly installed 1-Gbps AWS Direct Connect connection. You order the cross-connect from the Direct Connect location provider to the port on your router in the same facility. To enable the use of your first virtual interface, your router must be configured appropriately. What are the minimum requirements for your router?
Question