ExamGecko
Login
Home / Amazon / ANS-C00 / List of questions
Ask Question

Amazon ANS-C00 Practice Test - Questions Answers, Page 6

List of questions

Question 51

Report
Export
Collapse

Your security team implements a host-based firewall on all of your Amazon Elastic Compute Cloud (EC2) instances to block all outgoing traffic. Exceptions must be requested for each specific requirement. Until you request a new rule, you cannot access the instance metadata service. Which firewall rule should you request to be added to your instances to allow instance metadata access?

Inbound; Protocol tcp; Source [Instance's EIP]; Destination 169.254.169.254
Inbound; Protocol tcp; Source [Instance's EIP]; Destination 169.254.169.254
Inbound; Protocol tcp; Destination 169.254.169.254; Destination port 80
Inbound; Protocol tcp; Destination 169.254.169.254; Destination port 80
Outbound; Protocol tcp; Destination 169.254.169.254; Destination port 80
Outbound; Protocol tcp; Destination 169.254.169.254; Destination port 80
Outbound; Protocol tcp; Destination 169 .254.169.254; Destination port 443
Outbound; Protocol tcp; Destination 169 .254.169.254; Destination port 443
Suggested answer: C
asked 16/09/2024
Ioana Mihaila
49 questions

Question 52

Report
Export
Collapse

A VPC is deployed with a 10.0.0.0/16 CIDR block. The engineering team is reviewing DHCP options, and there is disagreement about the valid DNS addresses available for the VPC.

Which addresses are valid IP addresses provided by Amazon for this subnet? (Choose two.)

8.8.8.8
8.8.8.8
10.0.0.2
10.0.0.2
10.1.0.2
10.1.0.2
169.254.169.253
169.254.169.253
169.254.169.254
169.254.169.254
Suggested answer: B, D

Explanation:

Explanation:

Reference: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html

asked 16/09/2024
John Doe
34 questions

Question 53

Report
Export
Collapse

Your company has decided to use AWS WorkSpaces for its hosted desktop solution. Your company has an existing AD of about 57,000 users, and you want to minimize authentication traffic from AWS to your datacenter. Your company has a lot of personnel changes, and it is crucial that these changes are reflected reliably. What two steps should you take? (Choose two.)

Deploy Hosted AD in AWS.
Deploy Hosted AD in AWS.
Deploy an AD Connector in AWS.
Deploy an AD Connector in AWS.
Create a DX connection between the datacenter and AWS.
Create a DX connection between the datacenter and AWS.
Create a VPN between the datacenter AWS.
Create a VPN between the datacenter AWS.
Suggested answer: A, C

Explanation:

Explanation:

A VPN is not reliable enough, and an AD connector will cause too much authentication traffic.

asked 16/09/2024
Vaibhav Somani
34 questions

Question 54

Report
Export
Collapse

You have a hybrid infrastructure and you have configured your own DNS server on an EC2 instance in your 10.1.3.0/24 subnet. This subnet resides on the VPC 10.1.0.0/16. You need your data center to be able to resolve Route 53 queries in your private hosted zone. What do you need to do to accomplish this?

Disable the source/destination check flag for the DNS instance.
Disable the source/destination check flag for the DNS instance.
Configure your DNS server to forward queries for the private hosted zone to 10.1.3.2.
Configure your DNS server to forward queries for the private hosted zone to 10.1.3.2.
Configure your DNS server to forward queries for the private hosted zone to 10.1.0.2.
Configure your DNS server to forward queries for the private hosted zone to 10.1.0.2.
Configure the VPC DHCP option set in the VPC to point to the EC2 DNS server.
Configure the VPC DHCP option set in the VPC to point to the EC2 DNS server.
Suggested answer: C

Explanation:

Explanation:

10.1.3.2 is not the DNS server. A DHCP option set is not needed since you are resolving AWS resources from on-premises not from a VPC and those instances are already configured to look to Route 53 DNS.

asked 16/09/2024
Dewi Fitriyani
52 questions

Question 55

Report
Export
Collapse

Which ports must you allow for HTTP and HTTPS traffic?

25/465
25/465
21/22
21/22
3389/3306
3389/3306
80/443
80/443
Suggested answer: D

Explanation:

Explanation:

80 and 443 are the ports for HTTP and HTTPS, respectively.

asked 16/09/2024
Gurdeep Girn
31 questions

Question 56

Report
Export
Collapse

Which element of AWS Config can be used to help maintain internal and external compliance controls?

Configuration Item
Configuration Item
Configuration Recorder
Configuration Recorder
Configuration Streams
Configuration Streams
Config Rules
Config Rules
Suggested answer: D

Explanation:

Explanation:

AWS Config allows you to utilise Config Rules to help you manage and organise this compliance which acts as an automatic resource compliance checker. When a change is made to a resource, AWS Config will check to see if the resource matches a rule, and if so it will check the compliance of that resource against the rule following the changes made. Reference: https://aws.amazon.com/config/

asked 16/09/2024
Bruno Colussi
25 questions

Question 57

Report
Export
Collapse

A company has a message queue application that is based on Apache Kafka. The company runs the application across a fleet of Amazon EC2 instances in a VPC. The EC2 instances are deployed across multiple Availability Zones. A network engineer must ensure that the application is highly available and scalable. Additionally, the load on the EC2 instances must be automatically distributed. For security compliance, application clients must be able to create an allow list of the IP addresses for the application.

Which solution meets these requirements?

Add an Application Load Balancer (ALB) in front of the EC2 instances. Provide the ALB IP addresses to the application clients to create an allow list.
Add an Application Load Balancer (ALB) in front of the EC2 instances. Provide the ALB IP addresses to the application clients to create an allow list.
Add a Network Load Balancer (NLB) in front of the EC2 instances. Provide the NLB IP addresses to the application clients to create an allow list.
Add a Network Load Balancer (NLB) in front of the EC2 instances. Provide the NLB IP addresses to the application clients to create an allow list.
Add an Application Load Balancer in front of the EC2 instances. Provide the CNAME to the application clients to create an allow list.
Add an Application Load Balancer in front of the EC2 instances. Provide the CNAME to the application clients to create an allow list.
Add a Network Load Balancer (NLB) in front of the EC2 instances. Provide the NLB's default alias to the application clients to create an allow list.
Add a Network Load Balancer (NLB) in front of the EC2 instances. Provide the NLB's default alias to the application clients to create an allow list.
Suggested answer: D

Explanation:

Explanation:

Reference: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html

asked 16/09/2024
Anthony Agbale
46 questions

Question 58

Report
Export
Collapse

You have two placement groups in a VPC. What communication speed can be expected between the two placement groups?

5Gbps
5Gbps
10Gbps
10Gbps
20Gbps
20Gbps
You cannot communicate between two placement groups.
You cannot communicate between two placement groups.
Suggested answer: A

Explanation:

Explanation:

5Gbps is the maximum speed for traffic outside of a placement group.

asked 16/09/2024
Eli Thompson
33 questions

Question 59

Report
Export
Collapse

What are two features of an Application Load Balancer? (Choose two.)

Scales to handle any amount of traffic without interference
Scales to handle any amount of traffic without interference
Can distribute traffic over multiple Availability Zones
Can distribute traffic over multiple Availability Zones
Can receive a static IP address
Can receive a static IP address
Can support SSLs
Can support SSLs
Suggested answer: B, D

Explanation:

Explanation:

The network load balancer can scale larger and receive a static IP address, but not the Application load balancer.

asked 16/09/2024
Melissa Petrini
29 questions

Question 60

Report
Export
Collapse

An organization has three AWS accounts with each containing VPCs in Virginia, Canada and the Sydney regions. The organization wants to determine whether all available Elastic IP addresses (EIPs) in these accounts are attached to Amazon EC2 instances or in use elastic network interfaces (ENIs) in all of the specified regions for compliance and cost-optimization purposes. Which of the following meets the requirements with the LEAST management overhead?

Use an Amazon CloudWatch Events rule to schedule an AWS Lambda function in each account in all three regions to find the unattached and unused EIPs.
Use an Amazon CloudWatch Events rule to schedule an AWS Lambda function in each account in all three regions to find the unattached and unused EIPs.
Use a CloudWatch event bus to schedule Lambda functions in each account in all three regions to find the unattached and unused EIPs.
Use a CloudWatch event bus to schedule Lambda functions in each account in all three regions to find the unattached and unused EIPs.
Add an AWS managed, EIP-attached AWS Config rule in each region in all three accounts to find unattached and unused EIPs.
Add an AWS managed, EIP-attached AWS Config rule in each region in all three accounts to find unattached and unused EIPs.
Use AWS CloudFormation StackSets to deploy an AWS Config EIP-attached rule in all accounts and regions to find the unattached and unused EIPs.
Use AWS CloudFormation StackSets to deploy an AWS Config EIP-attached rule in all accounts and regions to find the unattached and unused EIPs.
Suggested answer: C
asked 16/09/2024
Borja Arranz Palenzuela
38 questions
Total 414 questions
Go to page: of 42
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Which of these modes is not a configuration mode for a WAF?
Your organization runs a popular e-commerce application deployed on AWS that uses auto scaling in conjunction with an Elastic Load balancing (ELB) service with an HTTPS listener. Your security team reports that an exploitable vulnerability has been discovered in the encryption protocol and cipher that your site uses. Which step should you take to fix this problem?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)
You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
Which service would you use to see who changed your infrastructure?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution. A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location. Which solution will meet this requirement, while minimizing downtime and costs?