ExamGecko
Login
Home / Amazon / ANS-C00 / List of questions
Ask Question

Amazon ANS-C00 Practice Test - Questions Answers, Page 21

List of questions

Question 201

Report
Export
Collapse

You are responsible for several EC2 instances deployed from Amazon AMIs that are required to upload information to an S3 bucket. This information must not traverse the public internet. You must also be able to update the instances. Which option is your best solution?

An S3 endpoint and a NAT
An S3 endpoint and a NAT
An S3 endpoint
An S3 endpoint
A VPN to the IP addresses specified in the AWS official S3 prefix list
A VPN to the IP addresses specified in the AWS official S3 prefix list
A NACL with the AWS prefix list added to it and a VPN.
A NACL with the AWS prefix list added to it and a VPN.
Suggested answer: B

Explanation:

Explanation:

A NAT is not required as an S3 endpoint will allow an instance to update. C and D are not possible.

asked 16/09/2024
Krishan Randitha
42 questions

Question 202

Report
Export
Collapse

Does Amazon VPC support multicast or broadcast?

Yes, both.
Yes, both.
It doesn't support any of them.
It doesn't support any of them.
Multicast yes, Broadcast no.
Multicast yes, Broadcast no.
Both, but only outside Amazon VPC.
Both, but only outside Amazon VPC.
Suggested answer: B

Explanation:

Explanation:

Amazon VPC does not support multicast nor broadcast

Reference: https://aws.amazon.com/vpc/faqs/

asked 16/09/2024
Hassene SAADI
30 questions

Question 203

Report
Export
Collapse

You manage a website that uses a load balancer. You are noticing one of the servers is receiving more traffic than the other. What is probably the cause of this?

An Elastic Load Balancer sends traffic based on server load. One server must be a larger instance.
An Elastic Load Balancer sends traffic based on server load. One server must be a larger instance.
You have DNS latency routing set, so it is diverting traffic to a different instance.
You have DNS latency routing set, so it is diverting traffic to a different instance.
You have sticky sessions configured and there are several power users that happen to be on the other server.
You have sticky sessions configured and there are several power users that happen to be on the other server.
The server has more connections available.
The server has more connections available.
Suggested answer: C

Explanation:

Explanation:

Sticky sessions can keep users on a particular server throughout their session. Latency routing would route to the load balancer, not the instances. Load balancers use a round-robin algorithm to balance.

asked 16/09/2024
Ellee Chen
40 questions

Question 204

Report
Export
Collapse

Your company just deployed a WAF to protect its resources. You need to create a baseline before you start blocking traffic. How will you achieve this?

Set the WAF to Monitor mode.
Set the WAF to Monitor mode.
Set the WAF to its defaults and let it do its job.
Set the WAF to its defaults and let it do its job.
Setup a Lambda function to monitor Flow Logs and analyze the traffic using Elasticsearch.
Setup a Lambda function to monitor Flow Logs and analyze the traffic using Elasticsearch.
A WAF is default deny and does not allow this. You need to use an IDS instead.
A WAF is default deny and does not allow this. You need to use an IDS instead.
Suggested answer: A

Explanation:

Explanation:

Monitor mode is the only good choice.

asked 16/09/2024
inigo abeledo
39 questions

Question 205

Report
Export
Collapse

A logistics company has deployed a hybrid environment that has multiple VPCs in both the us-east-1 Region and the afsouth- 1 Region. The on-premises data center is connected to us-east-1 through an AWS Direct Connect connection. The Direct Connect connection is connected to a Direct Connect gateway that is associated with a transit gateway. The transit gateway is attached to all the VPCs in useast-1. An application that is deployed in af-south-1 requires access to a database in the data center. The application also requires access to file storage in a VPC in us-east-1. Which solution will meet these requirements with the LOWEST latency?

Create a transit gateway in af-south-1, and attach the VPCs. Create a transit gateway peering connection between the transit gateways.
Create a transit gateway in af-south-1, and attach the VPCs. Create a transit gateway peering connection between the transit gateways.
Create a Direct Connect connection in af-south-1, and attach the VPCs with a Direct Connect gateway and a transit gateway. Create an AWS Site-to-Site VPN connection over the internet between the Direct Connect connections.
Create a Direct Connect connection in af-south-1, and attach the VPCs with a Direct Connect gateway and a transit gateway. Create an AWS Site-to-Site VPN connection over the internet between the Direct Connect connections.
Create a transit gateway in af-south-1, and attach the VPCs. Associate the transit gateway in af-south-1 with the Direct Connect gateway in us-east-1.
Create a transit gateway in af-south-1, and attach the VPCs. Associate the transit gateway in af-south-1 with the Direct Connect gateway in us-east-1.
Create inter-Region VPC peering connections between the VPCs in each Region. Use the transit gateway attachments in us-east-1 to access the database in the data center.
Create inter-Region VPC peering connections between the VPCs in each Region. Use the transit gateway attachments in us-east-1 to access the database in the data center.
Suggested answer: A
asked 16/09/2024
Rick James
43 questions

Question 206

Report
Export
Collapse

A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?

Configure an AWS Direct Connect private virtual interface to the company's AWS VPC in us-west-2. Create a VPC endpoint and configure the on-premises systems to leverage an HTTPS proxy in the VPC to access Amazon S3.
Configure an AWS Direct Connect private virtual interface to the company's AWS VPC in us-west-2. Create a VPC endpoint and configure the on-premises systems to leverage an HTTPS proxy in the VPC to access Amazon S3.
Configure a VPN connection to the company's AWS VPC in us-west-2 and use BGP to advertise routes for Amazon S3.
Configure a VPN connection to the company's AWS VPC in us-west-2 and use BGP to advertise routes for Amazon S3.
Configure a Direct Connect connection public virtual interface to us-west-2. Leverage an on-premises HTTPS proxy tosend traffic to Amazon S3 over a Direct Connect connection.
Configure a Direct Connect connection public virtual interface to us-west-2. Leverage an on-premises HTTPS proxy tosend traffic to Amazon S3 over a Direct Connect connection.
Configure a VPN connection to the company's AWS VPC in us-west-2. Create a NAT gateway and configure the onpremises systems to leverage an HTTPS proxy in the VPC to access Amazon S3.
Configure a VPN connection to the company's AWS VPC in us-west-2. Create a NAT gateway and configure the onpremises systems to leverage an HTTPS proxy in the VPC to access Amazon S3.
Suggested answer: C
asked 16/09/2024
John Bocachica
46 questions

Question 207

Report
Export
Collapse

A company hosts an application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company recently experienced a network security breach. A network engineer must collect and analyze logs that include the client IP address, target IP address, target port, and user agent of each user that accesses the application. What is the MOST operationally efficient solution that meets these requirements?

Configure the ALB to store logs in an Amazon S3 bucket. Download the files from Amazon S3, and use a spreadsheet application to analyze the logs.
Configure the ALB to store logs in an Amazon S3 bucket. Download the files from Amazon S3, and use a spreadsheet application to analyze the logs.
Configure the ALB to push logs to Amazon Kinesis Data Streams. Use Amazon Kinesis Data Analytics to analyze the logs.
Configure the ALB to push logs to Amazon Kinesis Data Streams. Use Amazon Kinesis Data Analytics to analyze the logs.
Configure Amazon Kinesis Data Streams to stream data from the ALB to Amazon Elasticsearch Service (Amazon ES).Use search operations in Amazon ES to analyze the data.
Configure Amazon Kinesis Data Streams to stream data from the ALB to Amazon Elasticsearch Service (Amazon ES).Use search operations in Amazon ES to analyze the data.
Configure the ALB to store logs in an Amazon S3 bucket. Use Amazon Athena to analyze the logs in Amazon S3.
Configure the ALB to store logs in an Amazon S3 bucket. Use Amazon Athena to analyze the logs in Amazon S3.
Suggested answer: B

Explanation:

Explanation:

Reference: https://aws.amazon.com/blogs/big-data/implement-serverless-log-analytics-using-amazon-kinesis-analytics/

asked 16/09/2024
L Zsolt
38 questions

Question 208

Report
Export
Collapse

A Systems Administrator is designing a hybrid DNS solution with spilt-view. The apex-domain "example.com" should be served through name servers across multiple top-level domains (TLDs). The name server for subdomain "dev.example.com" should reside on-premises. The administrator has decided to use Amazon Route 53 to achieve this scenario. What procedurals steps must be taken to implement the solution?

Use a Route 53 public hosted zone for example.com and a private hosted zone for dev.example.com
Use a Route 53 public hosted zone for example.com and a private hosted zone for dev.example.com
Use a Route 53 public and private hosted zone for example.com, and perform subdomain delegation for dev.example.com
Use a Route 53 public and private hosted zone for example.com, and perform subdomain delegation for dev.example.com
Use a Route 53 public hosted zone for example.com, and perform subdomain delegation for dev.example.com
Use a Route 53 public hosted zone for example.com, and perform subdomain delegation for dev.example.com
Use a Route 53 private hosted zone for example.com, and perform subdomain delegation for dev.example.com
Use a Route 53 private hosted zone for example.com, and perform subdomain delegation for dev.example.com
Suggested answer: A
asked 16/09/2024
Jialu Wang
36 questions

Question 209

Report
Export
Collapse

In AWS Direct Connect, to provide for failover, AWS recommends that you request and configure two dedicated connections to AWS. These connections can terminate on one or two routers in your network. You can do this while __________________ with AWS Direct Connect step.

creating a Virtual Interface
creating a Virtual Interface
configuring redundant connections
configuring redundant connections
completing the cross-connect
completing the cross-connect
verifying your Virtual Interface
verifying your Virtual Interface
Suggested answer: B

Explanation:

Explanation:

In AWS Direct Connect, to provide for failover, AWS recommends that you request and configure two dedicated connections to AWS.

These connections can terminate on one or two routers in your network. You can do this in Configure Redundant Connections with AWS Direct Connect step. Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.html#RedundantConnections

asked 16/09/2024
Reaper Gamer
43 questions

Question 210

Report
Export
Collapse

In Amazon CloudFront, you cannot configure CloudFront to process cookies for_________.

HTTPS web distributions
HTTPS web distributions
Web and RTMP distributions
Web and RTMP distributions
RTMP distributions
RTMP distributions
HTTP web distributions
HTTP web distributions
Suggested answer: C

Explanation:

Explanation:

You cannot configure Amazon CloudFront to log cookies for RTMP distributions. For web distributions, CloudFront by default doesn't consider cookies when caching your objects in edge locations. If your origin returns two objects and they differ only by the values in the Set-Cookie header, CloudFront caches only one version of the object. Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html

asked 16/09/2024
Joice Lira
30 questions
Total 414 questions
Go to page: of 42
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Which of these modes is not a configuration mode for a WAF?
Your organization runs a popular e-commerce application deployed on AWS that uses auto scaling in conjunction with an Elastic Load balancing (ELB) service with an HTTPS listener. Your security team reports that an exploitable vulnerability has been discovered in the encryption protocol and cipher that your site uses. Which step should you take to fix this problem?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)
You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
Which service would you use to see who changed your infrastructure?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution. A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location. Which solution will meet this requirement, while minimizing downtime and costs?