ExamGecko
Home / Amazon / ANS-C00 / List of questions
Ask Question

Amazon ANS-C00 Practice Test - Questions Answers, Page 15

List of questions

Question 141

Report
Export
Collapse

A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned services does not provide detailed monitoring with CloudWatch?

AWS Route53
AWS Route53
AWS EMR
AWS EMR
AWS ELB
AWS ELB
AWS RDS
AWS RDS
Suggested answer: B

Explanation:

Explanation:

CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. Services, such as RDS, EC2, Auto Scaling, ELB, and Route 53 can provide the monitoring data every minute. Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/supported_services.html

asked 16/09/2024
Tanner Blair
31 questions

Question 142

Report
Export
Collapse

You have 4 Direct Connect connections from your datacenter. Site A advertises 172.16.0.0/16 AS 65000, Site B advertises 172.16.0.128/25 AS 65000 65000 65000, Site C advertises 172.0.0.0/8 AS 65000 and Site D advertises 172.16.0.0/24 AS 65000. Which site will AWS choose to reach your network?

Site A: 172.16.0.0/16 AS 65000
Site A: 172.16.0.0/16 AS 65000
Site B: 172.16.0.128/25 AS 65000 65000 65000
Site B: 172.16.0.128/25 AS 65000 65000 65000
Site C: 172.0.0.0/8 AS 65000
Site C: 172.0.0.0/8 AS 65000
Site D: 172.16.0.0/24 AS 65000
Site D: 172.16.0.0/24 AS 65000
Suggested answer: B

Explanation:

Explanation:

172.16.0.128/25 AS 65000 65000 65000. The most specific prefix is always the first choice for BGP routing. Also, AWS will not accept an advertisement of a network less than /16.

asked 16/09/2024
Austine Ogheneruemu Onakpoma
42 questions

Question 143

Report
Export
Collapse

A company is migrating a legacy storefront web application to the AWS Cloud. The application is complex and will take several months to refactor. A solutions architect recommended an interim solution of using Amazon CloudFront with a custom origin pointing to the SSL endpoint URL for the legacy web application until the replacement is ready and deployed.

The interim solution has worked for several weeks. However, all browser connections recently began showing an HTTP 502Bad Gateway error with the header "X-Cache: Error from cloudfront." Monitoring services show that the HTTPS port 443 onthe legacy web application is open and responding to requests. What is the likely cause of the error, and what is the solution?

The origin access identity is not correct. Edit the CloudFront distribution and update the identity in the origins settings.
The origin access identity is not correct. Edit the CloudFront distribution and update the identity in the origins settings.
The SSL certificate on the CloudFront distribution has expired. Use AWS Certificate Manager (ACM) in the us-east-1 Region to replace the SSL certificate in the CloudFront distribution with a new certificate.
The SSL certificate on the CloudFront distribution has expired. Use AWS Certificate Manager (ACM) in the us-east-1 Region to replace the SSL certificate in the CloudFront distribution with a new certificate.
The SSL certificate on the legacy web application server has expired. Use AWS Certificate Manager (ACM) in the useast- 1 Region to create a new SSL certificate. Export the public and private keys, and install the certificate on thelegacy web application.
The SSL certificate on the legacy web application server has expired. Use AWS Certificate Manager (ACM) in the useast- 1 Region to create a new SSL certificate. Export the public and private keys, and install the certificate on thelegacy web application.
The SSL certificate on the legacy web application server has expired. Replace the SSL certificate on the web server with one signed by a globally recognized certificate authority (CA). Install the full certificate chain onto the legacy webapplication server.
The SSL certificate on the legacy web application server has expired. Replace the SSL certificate on the web server with one signed by a globally recognized certificate authority (CA). Install the full certificate chain onto the legacy webapplication server.
Suggested answer: A
asked 16/09/2024
Samy Mameri
28 questions

Question 144

Report
Export
Collapse

You work for a company that has several instances running with automatically assigned public IPs. You performed an upgrade that required you to restart the instances from the console and your DNS records don't work anymore. What happened?

Your network interfaces need to be reinitialized
Your network interfaces need to be reinitialized
You need to restart Route 53
You need to restart Route 53
Restarting too many instances at once overloads the system
Restarting too many instances at once overloads the system
The instances changed their public IP addresses on restart
The instances changed their public IP addresses on restart
Suggested answer: D

Explanation:

Explanation:

Automatically assigned public IPs change on stop or termination of an instance.

asked 16/09/2024
Mohammad Wahid
46 questions

Question 145

Report
Export
Collapse

You have been tasked with migrating your company's proprietary massively large dataset sorting application to AWS. The application currently runs on 4 highly spec'd servers that are in a cluster arrangement and runs 24x7, with the average CPU utilisation across any 24hr period being approx 85% - the migration of this cluster once up and running on AWS is expected to run similarly. The servers shuffle data internally and between themselves. Your company's financial performance is entirely dependent on the speed at which it can sort your customers datasets, that is the faster a sorted result can be returned the better your company's bottom line. Of the choices presented below, select the optimal network configuration that will ensure the best financial results for your company.

Disable Jumbo Frames to ensure better data throughput between instances
Disable Jumbo Frames to ensure better data throughput between instances
Enable Jumbo Frames to ensure better data throughput between instances
Enable Jumbo Frames to ensure better data throughput between instances
Create an autoscaled group of c4.8xlarge instances - with min 1 and max 4 - this will ensure your operational costs a minimal
Create an autoscaled group of c4.8xlarge instances - with min 1 and max 4 - this will ensure your operational costs a minimal
Configure a CloudWatch Alarm to add more CPUs to the instances when average cluster CPU utilisation breaches 85%
Configure a CloudWatch Alarm to add more CPUs to the instances when average cluster CPU utilisation breaches 85%
Suggested answer: B

Explanation:

Explanation:

Answer C does not meet the brief - the question states that the requirement is to run a cluster of 4 servers 24x7 - and that the average CPU utilisation across any 24hr period is 85% - therefore have an ASG with min 1 and max 4 provides no benefit, and if anything scaling down from 4 machines would impact the speed at which sorting results are returned - and therefore this would affect the company's bottom line. We know that of the Answers A and B we need to choose one - Answer B best supports our requirements - to move data faster between servers. Answer D is nonsensical - AWS doesn't support adding or removing CPUs to instances. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html

asked 16/09/2024
Trevore Agee
25 questions

Question 146

Report
Export
Collapse

You have 3 VPCs that need to be able to pass traffic. In what two ways can you achieve this? (Choose two.)

Peer each VPC to every other VPC to create a full mesh peering.
Peer each VPC to every other VPC to create a full mesh peering.
Peer them, VPC peering allows transitive peering as of December 2017.
Peer them, VPC peering allows transitive peering as of December 2017.
Call AWS to enable transitive peering.
Call AWS to enable transitive peering.
Create VPNs between them and adjust the routing tables accordingly.
Create VPNs between them and adjust the routing tables accordingly.
Suggested answer: A, D

Explanation:

Explanation:

VPN instances can be used to create transitive peering. Full mesh peering is the only way to use peering to allow all VPCs to communicate with all other VPCs. Transitive peering is not possible.

asked 16/09/2024
Romain PAILLAS
32 questions

Question 147

Report
Export
Collapse

Your company runs an HTTPS application using an Elastic Load Balancing (ELB) load balancer/PHP on nginx server/RDS inmultiple Availability Zones. You need to apply Geographic Restriction and identify the client's IP address in your applicationto generate dynamic content.

How should you utilize AWS services in a scalable fashion to perform this task?

Modify the nginx log configuration to record value in X-Forwarded-For and use CloudFront to apply the Geographic Restriction.
Modify the nginx log configuration to record value in X-Forwarded-For and use CloudFront to apply the Geographic Restriction.
Enable ELB access logs to store the client IP address and parse these to dynamically modify a blacklist.
Enable ELB access logs to store the client IP address and parse these to dynamically modify a blacklist.
Use X-Forwarded-For with security groups to apply the Geographic Restriction.
Use X-Forwarded-For with security groups to apply the Geographic Restriction.
Modify the application code to use value of X-Forwarded-For and CloudFront to apply the Geographic Restriction.
Modify the application code to use value of X-Forwarded-For and CloudFront to apply the Geographic Restriction.
Suggested answer: A
asked 16/09/2024
Nosh Shah
37 questions

Question 148

Report
Export
Collapse

You have created a custom VPC. What are two things you may need to do in order to SSH directly into your instance?

(Choose two.)

Enable SSH on the instance
Enable SSH on the instance
Attach a NAT Gateway
Attach a NAT Gateway
Enable Public IP addresses
Enable Public IP addresses
Attach an Internet Gateway
Attach an Internet Gateway
Suggested answer: C, D

Explanation:

Explanation:

Public IP addresses are not enabled by default in a custom VPC. An Internet Gateway is also required.

asked 16/09/2024
Souf Maatoug
40 questions

Question 149

Report
Export
Collapse

A company installed an AWS Site-to-Site VPN and configured it to use two tunnels. The company has learned that the VPN connectivity is unstable. During a ping test from the on-premises data center to AWS, a network engineer notices that the first few ICMP replies time out but that subsequent requests are successful. The AWS Management Console shows that the status for both tunnels last changed at the same time the ping responses were successfully received.

Which steps should the network engineer take to resolve the instability? (Choose two.)

Enable dead peer detection (DPD) on the customer gateway device.
Enable dead peer detection (DPD) on the customer gateway device.
Change the tunnel configuration to active/standby on the virtual private gateway.
Change the tunnel configuration to active/standby on the virtual private gateway.
Use AS PATH prepending on one path to cause all traffic to prefer that tunnel.
Use AS PATH prepending on one path to cause all traffic to prefer that tunnel.
Send ICMP requests to an instance in the VPC every 5 seconds from the on-premises network.
Send ICMP requests to an instance in the VPC every 5 seconds from the on-premises network.
Use a higher multi-exit discriminator (MED) value on the preferred path to prefer that tunnel.
Use a higher multi-exit discriminator (MED) value on the preferred path to prefer that tunnel.
Suggested answer: C, E
asked 16/09/2024
Nikolay Yankov
35 questions

Question 150

Report
Export
Collapse

Your company decides to use Amazon S3 to augment its on-premises data store. Instead of using the company's highly controlled, on-premises Internet gateway, a Direct Connect connection is ordered to provide high bandwidth, low latency access to S3. Since the company does not own a publically routable IPv4 address block, a request was made to AWS for an AWS-owned address for a Public Virtual Interface (VIF).

The security team is calling this new connection a "backdoor", and you have been asked to clarify the risk to the company. Which concern from the security team is valid and should be addressed?

AWS advertises its aggregate routes to the Internet allowing anyone on the Internet to reach the router.
AWS advertises its aggregate routes to the Internet allowing anyone on the Internet to reach the router.
Direct Connect customers with a Public VIF in the same region could directly reach the router.
Direct Connect customers with a Public VIF in the same region could directly reach the router.
EC2 instances in the same region with access to the Internet could directly reach the router.
EC2 instances in the same region with access to the Internet could directly reach the router.
The S3 service could reach the router through a pre-configured VPC Endpoint.
The S3 service could reach the router through a pre-configured VPC Endpoint.
Suggested answer: A
asked 16/09/2024
David Looby
37 questions
Total 414 questions
Go to page: of 42
Search

Related questions