ExamGecko
Login
Home / Amazon / ANS-C00 / List of questions
Ask Question

Amazon ANS-C00 Practice Test - Questions Answers, Page 18

List of questions

Question 171

Report
Export
Collapse

A company is about to migrate an application from its on-premises data center to AWS. As part of the planning process, the following requirements involving DNS have been identified.

On-premises systems must be able to resolve the entries in an Amazon Route 53 private hosted zone.

Amazon EC2 instances running in the organization's VPC must be able to resolve the DNS names of on-premises systems The organization's VPC uses the CIDR block 172.16.0.0/16. Assuming that there is no DNS namespace overlap, how can these requirements be met?

Change the DHCP options set for the VPC to use both the Amazon-provided DNS server and the on-premises DNS systems. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 asauthoritative for the Route 53 private hosted zone.
Change the DHCP options set for the VPC to use both the Amazon-provided DNS server and the on-premises DNS systems. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 asauthoritative for the Route 53 private hosted zone.
Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to172.16.0.2.Change the DHCP options set for the VPC to use the new DNS proxies. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.
Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to172.16.0.2.Change the DHCP options set for the VPC to use the new DNS proxies. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.
Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to theAmazonprovided DNS server (172.16.0.2). Change the DHCP options set for the VPC to use the new DNS proxies. Configure the on-premises DNS systems with a stubzone, delegating the proxies as authoritative for the Route 53 private hosted zone.
Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to theAmazonprovided DNS server (172.16.0.2). Change the DHCP options set for the VPC to use the new DNS proxies. Configure the on-premises DNS systems with a stubzone, delegating the proxies as authoritative for the Route 53 private hosted zone.
Change the DHCP options set for the VPC to use both the on-premises DNS systems. Configure the on-premises DNS systems with a stub-zone, delegating the Route 53 private hosted zone's name servers as authoritative for the Route53 private hosted zone.
Change the DHCP options set for the VPC to use both the on-premises DNS systems. Configure the on-premises DNS systems with a stub-zone, delegating the Route 53 private hosted zone's name servers as authoritative for the Route53 private hosted zone.
Suggested answer: C
asked 16/09/2024
Rakesh Sharma
34 questions

Question 172

Report
Export
Collapse

An organization is replacing a tape backup system with a storage gateway. there is currently no connectivity to AWS. Initial testing is needed.

What connection option should the organization use to get up and running at minimal cost?

Use an internet connection.
Use an internet connection.
Set up an AWS VPN connection.
Set up an AWS VPN connection.
Provision an AWS Direct Connection private virtual interface.
Provision an AWS Direct Connection private virtual interface.
Provision a Direct Connect public virtual interface.
Provision a Direct Connect public virtual interface.
Suggested answer: A
asked 16/09/2024
Tsige Tessema
31 questions

Question 173

Report
Export
Collapse

Which of the following services is used to send an alert from CloudWatch?

AWS SNS
AWS SNS
AWS EBS
AWS EBS
AWS SES
AWS SES
AWS SQS
AWS SQS
Suggested answer: A

Explanation:

AWS Auto Scaling and Simple Notification Service (SNS) work in conjunction with CloudWatch. You use Amazon SNS with CloudWatch to send messages when an alarm threshold has been reached.

Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/related_services.html

asked 16/09/2024
Fabio Valenti
38 questions

Question 174

Report
Export
Collapse

A company that provides a RESTful API is designing a network architecture for deployment to the AWS Cloud. The company needs a scalable design that is cost-optimized and secure. The company is conducting pre-release testing with some of its customers, but the company expects to expand to several hundred customers when the final version is released.

The data that is exchanged through the API is confidential. All data must be exchanged on private IP addresses that are not accessible through the internet. All customers who use the API operate on AWS in VPCs. What should the company do with its architecture to meet these requirements?

Use a Network Load Balancer (NLB) as the front end to the API. Use a transit VPC with VPC peering to each customer's VPC.
Use a Network Load Balancer (NLB) as the front end to the API. Use a transit VPC with VPC peering to each customer's VPC.
Use AWS PrivateLink endpoints in customer VPCs as the front end for an AWS Fargate containers deployment with auto scaling enabled.
Use AWS PrivateLink endpoints in customer VPCs as the front end for an AWS Fargate containers deployment with auto scaling enabled.
Use an Amazon API Gateway API with a regional API endpoint as the front end for all API interactions that invoke AWS Lambda functions.
Use an Amazon API Gateway API with a regional API endpoint as the front end for all API interactions that invoke AWS Lambda functions.
Use an Amazon API Gateway API with an edge-optimized API endpoint as the front end for all API interactions that invoke AWS Lambda functions.
Use an Amazon API Gateway API with an edge-optimized API endpoint as the front end for all API interactions that invoke AWS Lambda functions.
Suggested answer: D

Explanation:

Explanation:

Reference: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-basic-concept.html

asked 16/09/2024
Junan Kuah
36 questions

Question 175

Report
Export
Collapse

An organization has created a web application inside a VPC and wants to make it available to 200 client VPCs. The client VPCs are in the same Region but are owned by other business units within the organization. What is the best way to meet this requirement, without making the application publicly available?

Configure the application as an AWS PrivateLink-powered service, and have the client VPCs connect to the endpoint service by using an interface VPC endpoint.
Configure the application as an AWS PrivateLink-powered service, and have the client VPCs connect to the endpoint service by using an interface VPC endpoint.
Enable VPC peering between the web application VPC and all client VPCs.
Enable VPC peering between the web application VPC and all client VPCs.
Deploy the web application behind an internet-facing Application Load Balancer and control which clients have access by using security groups.
Deploy the web application behind an internet-facing Application Load Balancer and control which clients have access by using security groups.
Deploy the web application behind an internal Application Load Balancer and control which clients have access by using security groups.
Deploy the web application behind an internal Application Load Balancer and control which clients have access by using security groups.
Suggested answer: C
asked 16/09/2024
henri victor BOGMIS
38 questions

Question 176

Report
Export
Collapse

Your company was recently acquired and a Direct Connection connection was extended from your new parent corporation to your AWS VPC using a hosted VIF. What data charges are billed to your account for that connection?

You are only responsible for the port hours of the VIF.
You are only responsible for the port hours of the VIF.
You are not charged anything.
You are not charged anything.
You are responsible for all data transfer out.
You are responsible for all data transfer out.
You are responsible for all data transfer in.
You are responsible for all data transfer in.
Suggested answer: C

Explanation:

Explanation:

You are only responsible for the data transfer out. The port hours are the responsibility of the owner of the connection.

asked 16/09/2024
Raza Todorovac
44 questions

Question 177

Report
Export
Collapse

Your company has set up AWS Direct Connect to connect on-premises to an Amazon VPC instance. Two Direct Connect connections terminate at two different Direct Connect locations. You are using two routers, R1 and R2, at your end (one of each Direct Connect connection). R1 and R2 do NOT have connectivity between them. Both routers advertise the same routers over BGP to the VGW. You have a stateful firewall on each router. The routers drop some of the traffic coming from the VPC.

Which two actions should you take to fix this problem? (Choose two.)

Use BGP AS prepend attribute to prepend additional AS numbers while advertising routers from R1 to VGW.
Use BGP AS prepend attribute to prepend additional AS numbers while advertising routers from R1 to VGW.
Use BGP local preference attribute to assign R1 to a lower local preference number than R2.
Use BGP local preference attribute to assign R1 to a lower local preference number than R2.
Use BGP local preference attribute to assign R1 a higher local preference number than R2.
Use BGP local preference attribute to assign R1 a higher local preference number than R2.
Use BGP MED attribute to assign a higher MED value to the routes advertised R1 to VGW.
Use BGP MED attribute to assign a higher MED value to the routes advertised R1 to VGW.
Use BGP MED attribute to assign a higher MED value to the routes advertised from R2 to VGW.
Use BGP MED attribute to assign a higher MED value to the routes advertised from R2 to VGW.
Suggested answer: A, C
asked 16/09/2024
Venkat Burri
43 questions

Question 178

Report
Export
Collapse

You would like to automate the monitoring of changes in the configurations of your AWS resources and respond programmatically to configurations of only a certain type. To do this, you could use Amazon ____ as the endpoint for the Amazon SNS topics that generate messages from AWS Config.

Kinesis
Kinesis
Simple Email Service (SES)
Simple Email Service (SES)
Simple Storage Service (S3)
Simple Storage Service (S3)
Simple Queue Service (SQS)
Simple Queue Service (SQS)
Suggested answer: D

Explanation:

Explanation:

AWS Config uses Amazon Simple Notification Service (SNS) to send you notifications every time a supported AWS resource is created, updated, or otherwise modified as a result of user API activity. However, you might be interested in only certain resource configuration changes. For example, you might consider it critical to know when someone modifies the configuration of a security group, but not need to know every time there is a change to tags on your Amazon EC2 instances.

Or, you might want to write a program that performs specific actions when specific resources are updated. For example, you might want to start a certain workflow when a security group configuration is changed. If you want to programmatically consume the data from AWS Config in these or other ways, use an Amazon Simple Queue Service queue as the notification endpoint for Amazon SNS. Reference: http://docs.aws.amazon.com/config/latest/developerguide/monitor-resource-changes.html

asked 16/09/2024
Frederik Pardon
36 questions

Question 179

Report
Export
Collapse

A user is trying to send custom metrics to CloudWatch using the PutMetricData APIs. Which of the below mentioned points should the user needs to take care while sending the data to CloudWatch?

The size of a request is limited to 128KB for HTTP GET requests and 64KB for HTTP POST requests
The size of a request is limited to 128KB for HTTP GET requests and 64KB for HTTP POST requests
The size of a request is limited to 40KB for HTTP GET requests and 8KB for HTTP POST requests
The size of a request is limited to 40KB for HTTP GET requests and 8KB for HTTP POST requests
The size of a request is limited to 16KB for HTTP GET requests and 80KB for HTTP POST requests
The size of a request is limited to 16KB for HTTP GET requests and 80KB for HTTP POST requests
The size of a request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests
The size of a request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests
Suggested answer: D

Explanation:

Explanation:

With AWS CloudWatch, the user can publish data points for a metric that share not only the same time stamp, but also the same namespace and dimensions. CloudWatch can accept multiple data points in the same PutMetricData call with the same time stamp. The only thing that the user needs to take care of is that the size of a PutMetricData request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests. Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html

asked 16/09/2024
Ben Ndlovu
37 questions

Question 180

Report
Export
Collapse

You have a hybrid infrastructure, and you need AWS resources to be able to resolve your on-premises DNS names. You have configured a DNS server on an EC2 instance in your 10.1.3.0/24 subnet. This subnet resides on the VPC 10.1.0.0/16.

What step should you take to accomplish this?

Configure your DNS server to forward queries for the private hosted zone to 10.1.3.2.
Configure your DNS server to forward queries for the private hosted zone to 10.1.3.2.
Configure the DHCP option set in the VPC to point to the EC2 DNS server.
Configure the DHCP option set in the VPC to point to the EC2 DNS server.
Configure your DNS server to forward queries for the private hosted zone to 10.1.0.2.
Configure your DNS server to forward queries for the private hosted zone to 10.1.0.2.
Disable the source/destination check flag for the DNS instance.
Disable the source/destination check flag for the DNS instance.
Suggested answer: B

Explanation:

Explanation:

Your DNS server will forward queries to your on-premises DNS. You must configure the DHCP option set so the instances will forward queries to your on-premises DNS instead of the VPC DNS.

asked 16/09/2024
Oliver Lüthi
40 questions
Total 414 questions
Go to page: of 42
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Which of these modes is not a configuration mode for a WAF?
Your organization runs a popular e-commerce application deployed on AWS that uses auto scaling in conjunction with an Elastic Load balancing (ELB) service with an HTTPS listener. Your security team reports that an exploitable vulnerability has been discovered in the encryption protocol and cipher that your site uses. Which step should you take to fix this problem?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)
You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
Which service would you use to see who changed your infrastructure?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution. A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location. Which solution will meet this requirement, while minimizing downtime and costs?