Amazon ANS-C00 Practice Test - Questions Answers, Page 15
List of questions
Question 141
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned services does not provide detailed monitoring with CloudWatch?
Explanation:
Explanation:
CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. Services, such as RDS, EC2, Auto Scaling, ELB, and Route 53 can provide the monitoring data every minute. Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/supported_services.html
Question 142
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You have 4 Direct Connect connections from your datacenter. Site A advertises 172.16.0.0/16 AS 65000, Site B advertises 172.16.0.128/25 AS 65000 65000 65000, Site C advertises 172.0.0.0/8 AS 65000 and Site D advertises 172.16.0.0/24 AS 65000. Which site will AWS choose to reach your network?
Explanation:
Explanation:
172.16.0.128/25 AS 65000 65000 65000. The most specific prefix is always the first choice for BGP routing. Also, AWS will not accept an advertisement of a network less than /16.
Question 143
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company is migrating a legacy storefront web application to the AWS Cloud. The application is complex and will take several months to refactor. A solutions architect recommended an interim solution of using Amazon CloudFront with a custom origin pointing to the SSL endpoint URL for the legacy web application until the replacement is ready and deployed.
The interim solution has worked for several weeks. However, all browser connections recently began showing an HTTP 502Bad Gateway error with the header "X-Cache: Error from cloudfront." Monitoring services show that the HTTPS port 443 onthe legacy web application is open and responding to requests. What is the likely cause of the error, and what is the solution?
Question 144
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You work for a company that has several instances running with automatically assigned public IPs. You performed an upgrade that required you to restart the instances from the console and your DNS records don't work anymore. What happened?
Explanation:
Explanation:
Automatically assigned public IPs change on stop or termination of an instance.
Question 145
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You have been tasked with migrating your company's proprietary massively large dataset sorting application to AWS. The application currently runs on 4 highly spec'd servers that are in a cluster arrangement and runs 24x7, with the average CPU utilisation across any 24hr period being approx 85% - the migration of this cluster once up and running on AWS is expected to run similarly. The servers shuffle data internally and between themselves. Your company's financial performance is entirely dependent on the speed at which it can sort your customers datasets, that is the faster a sorted result can be returned the better your company's bottom line. Of the choices presented below, select the optimal network configuration that will ensure the best financial results for your company.
Explanation:
Explanation:
Answer C does not meet the brief - the question states that the requirement is to run a cluster of 4 servers 24x7 - and that the average CPU utilisation across any 24hr period is 85% - therefore have an ASG with min 1 and max 4 provides no benefit, and if anything scaling down from 4 machines would impact the speed at which sorting results are returned - and therefore this would affect the company's bottom line. We know that of the Answers A and B we need to choose one - Answer B best supports our requirements - to move data faster between servers. Answer D is nonsensical - AWS doesn't support adding or removing CPUs to instances. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html
Question 146
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You have 3 VPCs that need to be able to pass traffic. In what two ways can you achieve this? (Choose two.)
Explanation:
Explanation:
VPN instances can be used to create transitive peering. Full mesh peering is the only way to use peering to allow all VPCs to communicate with all other VPCs. Transitive peering is not possible.
Question 147
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Your company runs an HTTPS application using an Elastic Load Balancing (ELB) load balancer/PHP on nginx server/RDS inmultiple Availability Zones. You need to apply Geographic Restriction and identify the client's IP address in your applicationto generate dynamic content.
How should you utilize AWS services in a scalable fashion to perform this task?
Question 148
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You have created a custom VPC. What are two things you may need to do in order to SSH directly into your instance?
(Choose two.)
Explanation:
Explanation:
Public IP addresses are not enabled by default in a custom VPC. An Internet Gateway is also required.
Question 149
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company installed an AWS Site-to-Site VPN and configured it to use two tunnels. The company has learned that the VPN connectivity is unstable. During a ping test from the on-premises data center to AWS, a network engineer notices that the first few ICMP replies time out but that subsequent requests are successful. The AWS Management Console shows that the status for both tunnels last changed at the same time the ping responses were successfully received.
Which steps should the network engineer take to resolve the instability? (Choose two.)
Question 150
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Your company decides to use Amazon S3 to augment its on-premises data store. Instead of using the company's highly controlled, on-premises Internet gateway, a Direct Connect connection is ordered to provide high bandwidth, low latency access to S3. Since the company does not own a publically routable IPv4 address block, a request was made to AWS for an AWS-owned address for a Public Virtual Interface (VIF).
The security team is calling this new connection a "backdoor", and you have been asked to clarify the risk to the company. Which concern from the security team is valid and should be addressed?
Question