ExamGecko
Login
Home / Amazon / ANS-C00 / List of questions
Ask Question

Amazon ANS-C00 Practice Test - Questions Answers, Page 25

List of questions

Question 241

Report
Export
Collapse

In AWS, which service provides a reliable and inexpensive way to backup and archive CloudTrail log files?

Amazon Archiver
Amazon Archiver
Amazon Glacier
Amazon Glacier
AWS Storage Gateway
AWS Storage Gateway
Amazon Elastic Block Store
Amazon Elastic Block Store
Suggested answer: B

Explanation:

Explanation:

You control the retention policies for your CloudTrail log files. By default, log files are stored indefinitely, but for cost efficiency, you may want to delete old log files or archive them to Amazon Glacier, a storage service optimized for data archiving and backup of infrequently used data. Reference: https://aws.amazon.com/cloudtrail/faqs/

asked 16/09/2024
Abigail Bormann
40 questions

Question 242

Report
Export
Collapse

You are building an application in AWS that requires Amazon Elastic MapReduce (Amazon EMR). The application needs to resolve hostnames in your internal, on-premises Active Directory domain. You update your DHCP Options Set in the VPC to point to a pair of Active Directory integrated DNS servers running in your VPC. Which action is required to support a successful Amazon EMR cluster launch?

Add a conditional forwarder to the Amazon-provided DNS server.
Add a conditional forwarder to the Amazon-provided DNS server.
Enable seamless domain join for the Amazon EMR cluster.
Enable seamless domain join for the Amazon EMR cluster.
Launch an AD connector for the internal domain.
Launch an AD connector for the internal domain.
Configure an Amazon Route 53 private zone for the EMR cluster.
Configure an Amazon Route 53 private zone for the EMR cluster.
Suggested answer: B

Explanation:

Explanation:

References: https://aws.amazon.com/blogs/security/how-to-connect-your-on-premises-active-directory-to-aws-using-adconnector/

asked 16/09/2024
Kushantha Gunawardana
49 questions

Question 243

Report
Export
Collapse

How many tunnels do you get with each VPN connection hosted by AWS?

4
4
1
1
2
2
Suggested answer: C

Explanation:

Explanation:

All AWS VPNs come with 2 tunnels for resiliency.

asked 16/09/2024
Arjen Vleugel
44 questions

Question 244

Report
Export
Collapse

An AWS account owner has setup multiple IAM users. One of these IAM users, named John, has CloudWatch access, but no access to EC2 services. John has setup an alarm action which stops EC2 instances when their CPU utilization is below the threshold limit. When an EC2 instance's CPU Utilization rate drops below the threshold John has set, what will happen and why?

Nothing will happen. John cannot set an alarm on EC2 since he does not have the permission.
Nothing will happen. John cannot set an alarm on EC2 since he does not have the permission.
CloudWatch will stop the instance when the action is executed
CloudWatch will stop the instance when the action is executed
Nothing will happen because it is not possible to stop the instance using the CloudWatch alarm
Nothing will happen because it is not possible to stop the instance using the CloudWatch alarm
Nothing will happen. John can setup the action, but it will not be executed because he does not have EC2 access through IAM policies.
Nothing will happen. John can setup the action, but it will not be executed because he does not have EC2 access through IAM policies.
Suggested answer: D

Explanation:

Explanation:

Amazon CloudWatch alarms watch a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The user can setup an action which stops the instances when their CPU utilization is below a certain threshold for a certain period of time. The EC2 action can either terminate or stop the instance as part of the EC2 action. If the IAM user has read/write permissions for Amazon CloudWatch but not for Amazon EC2, he can still create an alarm. However, the stop or terminate actions will not be performed on the Amazon EC2 instance. Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/UsingAlarmActions.html

asked 16/09/2024
Chris Bezuidenhout
39 questions

Question 245

Report
Export
Collapse

You are auditing an AWS infrastructure after you noticed some abnormal charges on the bill. You use AWS Config to monitor your changes. What else is required to find out who made the change?

There is no information to find this. You will need to sign up for Config Premium.
There is no information to find this. You will need to sign up for Config Premium.
Use the eventID of the change and reference it with your Flow Logs.
Use the eventID of the change and reference it with your Flow Logs.
Use the eventId of the change and reference it with CloudTrail to find the culprit.
Use the eventId of the change and reference it with CloudTrail to find the culprit.
Use the eventID of the change and reference it with CloudWatch to find the culprit.
Use the eventID of the change and reference it with CloudWatch to find the culprit.
Suggested answer: C

Explanation:

Explanation:

CloudTrail is for finding "who" performed an action.

asked 16/09/2024
Phillip Doman
34 questions

Question 246

Report
Export
Collapse

An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF.

What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?

Configure each application VPC with a static route entry pointing the on-premises CIDR block to the software VPN instances.
Configure each application VPC with a static route entry pointing the on-premises CIDR block to the software VPN instances.
Configure the central VPC with a static route entry pointing the on-premises CIDR block to local VGWs.
Configure the central VPC with a static route entry pointing the on-premises CIDR block to local VGWs.
Advertise all application VPC CIDR blocks to on-premises resources via the VGW in the central VPC.
Advertise all application VPC CIDR blocks to on-premises resources via the VGW in the central VPC.
Configure IPSec tunnels from the on-premises router into the software VPN instances with dynamic routing.
Configure IPSec tunnels from the on-premises router into the software VPN instances with dynamic routing.
Suggested answer: B
asked 16/09/2024
Tiago Silva
39 questions

Question 247

Report
Export
Collapse

In the "start using the AWS Direct Connect steps," when can you complete the Cross Connect step?

After verifying your virtual interface
After verifying your virtual interface
After you have received your Letter of Authorization and Connecting Facility Assignment (LOA-CFA) from AWS
After you have received your Letter of Authorization and Connecting Facility Assignment (LOA-CFA) from AWS
72 hours after submitting your request for AWS Direct Connect Connection
72 hours after submitting your request for AWS Direct Connect Connection
Immediately after submitting your request for AWS Direct Connect Connection
Immediately after submitting your request for AWS Direct Connect Connection
Suggested answer: B

Explanation:

Explanation:

To complete the steps of "start using the AWS Direct Connect," after submitting your request for AWS Direct Connect connection, AWS will send you an email within 72 hours with a Letter of Authorization and Connecting Facility Assignment (LOA-CFA). After you have received your LOA-CFA, you need to complete your cross-network connection, also known as a cross connect. Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/Colocation.html

asked 16/09/2024
Vipul Mehra
34 questions

Question 248

Report
Export
Collapse

You have an application that is processing confidential data. The data is currently stored in your data center. You are moving workloads to AWS, and you need to ensure confidentiality and integrity of the data in transit to your VPC. Your company has an existing AWS Direct Connect connection.

What combination of steps should you perform to set up the most cost-effective connection between your on-premises data center and AWS? (Choose three.)

Set up a VPC with a virtual private gateway.
Set up a VPC with a virtual private gateway.
Set up a VPC with an Internet gateway.
Set up a VPC with an Internet gateway.
Configure a public virtual interface on your Direct Connect connection.
Configure a public virtual interface on your Direct Connect connection.
Configure a private virtual interface to the virtual private gateway.
Configure a private virtual interface to the virtual private gateway.
Set up an IPsec tunnel between your customer gateway and a software VPN on Amazon EC2 in the VPC.
Set up an IPsec tunnel between your customer gateway and a software VPN on Amazon EC2 in the VPC.
Set up an IPsec tunnel between your customer gateway appliance and the virtual private gateway.
Set up an IPsec tunnel between your customer gateway appliance and the virtual private gateway.
Suggested answer: A, C, F

Explanation:

Explanation:

Setting up a VPN over your Direct Connect connection will secure the data in transit. The steps to do so are: adding a VGW to the VPC; setting up a public virtual interface; and creating the IPsec tunnel between your data center and the VGW via the public virtual interface. B would send traffic over the public Internet. D is not possible because a public virtual interface is needed to announce the VGW endpoint IPs. E would not take advantage of the already existing Direct Connect connection.

asked 16/09/2024
Jordi Nogués
37 questions

Question 249

Report
Export
Collapse

You can use the ____ command of the AWS Config service CLI to see the compliance state for each AWS resource of a specific type.

describe-compliance-by-resource
describe-compliance-by-resource
get-compliance-details-by-config-rule
get-compliance-details-by-config-rule
describe-compliance-by-config-rule
describe-compliance-by-config-rule
get-compliance-details-by-resource
get-compliance-details-by-resource
Suggested answer: A

Explanation:

Explanation:

You can use the AWS Config console, AWS CLI, or AWS Config API to view the compliance state of your rules and resources. The describe-compliance-by-resource command of the AWS Config CLI to see the compliance state for each AWS resource of a specific type. This is distinct from the describe-compliance-by-config-rule command, which gives the compliance state of each rule in AWS Config . Reference: http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_view-compliance.html

asked 16/09/2024
Letlhogonolo Phiri
35 questions

Question 250

Report
Export
Collapse

You are moving a two-tier application into an Amazon VPC. An Elastic Load Balancing (ELB) load balancer is configured in front of the application tier. The application tier is driven through RESTful interfaces. The data tier uses relational database service (RDS) MySQL. Company policy requires end-to-end encryption of all data in transit. What ELB configuration complies with the corporate encryption policy?

Configure the ELB load balancer protocol as HTTP. Configure the application instances for SSL termination. ConfigureAmazon RDS for SSL, and use REQUIRE SSL grants.
Configure the ELB load balancer protocol as HTTP. Configure the application instances for SSL termination. ConfigureAmazon RDS for SSL, and use REQUIRE SSL grants.
Configure the ELB protocols in TCP mode. Configure the application instances for SSL termination. Configure Amazon RDS for SSL, and use REQUIRE SSL grants.
Configure the ELB protocols in TCP mode. Configure the application instances for SSL termination. Configure Amazon RDS for SSL, and use REQUIRE SSL grants.
Configure the ELB load balancer protocol as HTTPS. Offload application instance encryption to the load balancer. Installyour SSL certificate on Amazon RDS, and configure SSL.
Configure the ELB load balancer protocol as HTTPS. Offload application instance encryption to the load balancer. Installyour SSL certificate on Amazon RDS, and configure SSL.
Configure the ELB protocols in SSL mode. Offload application instance encryption to the load balancer. Install your SSL/TLS certificate on Amazon RDS, and configure SSL.
Configure the ELB protocols in SSL mode. Offload application instance encryption to the load balancer. Install your SSL/TLS certificate on Amazon RDS, and configure SSL.
Suggested answer: C
asked 16/09/2024
Edgar Garcia Tobias
35 questions
Total 414 questions
Go to page: of 42
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Which of these modes is not a configuration mode for a WAF?
Your organization runs a popular e-commerce application deployed on AWS that uses auto scaling in conjunction with an Elastic Load balancing (ELB) service with an HTTPS listener. Your security team reports that an exploitable vulnerability has been discovered in the encryption protocol and cipher that your site uses. Which step should you take to fix this problem?
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement? (Choose two.)
You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
Which service would you use to see who changed your infrastructure?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution. A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location. Which solution will meet this requirement, while minimizing downtime and costs?