ExamGecko
Home / Amazon / ANS-C00 / List of questions
Ask Question

Amazon ANS-C00 Practice Test - Questions Answers, Page 26

List of questions

Question 251

Report
Export
Collapse

A company has an application running on Amazon EC2 instances in a VPC. The application must publish custom metrics to Amazon CloudWatch in the same AWS Region. The metrics include proprietary information. All connectivity must be over private IP addresses.

Which solution will meet these requirements?

Connect to CloudWatch through a NAT gateway.
Connect to CloudWatch through a NAT gateway.
Connect to CloudWatch through a gateway endpoint.
Connect to CloudWatch through a gateway endpoint.
Connect to CloudWatch through an internet gateway.
Connect to CloudWatch through an internet gateway.
Connect to CloudWatch through an interface endpoint.
Connect to CloudWatch through an interface endpoint.
Suggested answer: D
asked 16/09/2024
Helania Stevenson
51 questions

Question 252

Report
Export
Collapse

Use ___________ to get more visibility into the health of your AWS Elastic Beanstalk application and take appropriate actions in case of hardware failure or performance degradation.

Amazon Elastic Beanstalk command line
Amazon Elastic Beanstalk command line
Amazon EC2 log files
Amazon EC2 log files
Amazon CloudWatch
Amazon CloudWatch
Amazon Load balancing
Amazon Load balancing
Suggested answer: C

Explanation:

Explanation:

In AWS Elastic Beanstalk, you can use Amazon CloudWatch to get more visibility into the health of your AWS Elastic Beanstalk application and take appropriate actions in case of hardware failure or performance degradation.

Reference: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.concepts.design.html

asked 16/09/2024
Maurice Melgert
38 questions

Question 253

Report
Export
Collapse

You use a VPN to extend your corporate network into a VPC. Instances in the VPC are able to resolve resource records in an Amazon Route 53 private hosted zone. Your on-premises DNS server is configured with a forwarder to the VPC DNS server IP address. On-premises users are unable to resolve names in the private hosted zone, although instances in a peered VPC can. What should you do to provide on-premises users with access to the private hosted zone?

Create a proxy resolver within the VP
Create a proxy resolver within the VP
Point the on-premises forwarder to the proxy resolver.
Point the on-premises forwarder to the proxy resolver.
Modify the network access control list on the VPC to allow DNS queries from on-premises systems.
Modify the network access control list on the VPC to allow DNS queries from on-premises systems.
Configure the on-premises server as a secondary DNS for the private zone. Update the NS records.
Configure the on-premises server as a secondary DNS for the private zone. Update the NS records.
Update the on-premises forwarders with the four name servers assigned to the private hosted zone.
Update the on-premises forwarders with the four name servers assigned to the private hosted zone.
Suggested answer: D

Explanation:

Explanation:

References: https://aws.amazon.com/blogs/security/how-to-set-up-dns-resolution-between-on-premises-networks-and-awsby-using-unbound/

asked 16/09/2024
Amidou Florian TOURE
33 questions

Question 254

Report
Export
Collapse

A company is delivering web content from an Amazon EC2 instance in a public subnet with address 2001:db8:1:100::1.

Users report they are unable to access the web content. The VPC Flow Logs for the subnet contain the following entries:

2 012345678912 eni-0596e500123456789 2001:db8:2:200::2 2001:db8:1:100::1 0 0 58 234 24336 1551299195 1551299434 ACCEPT OK 2 012345678912 eni-0596e500123456789 2001:db8:1:100::1 2001:db8:2:200::2 0 0 58 234 24336 1551299195 1551299434 REJECT OK Which action will restore network reachability to the EC2 instance?

Update the security group associated with eni-0596e500123456789 to permit inbound traffic.
Update the security group associated with eni-0596e500123456789 to permit inbound traffic.
Update the security group associated with eni-0596e500123456789 to permit outbound traffic.
Update the security group associated with eni-0596e500123456789 to permit outbound traffic.
Update the network ACL associated with the subnet to permit inbound traffic.
Update the network ACL associated with the subnet to permit inbound traffic.
Update the network ACL associated with the subnet to permit outbound traffic.
Update the network ACL associated with the subnet to permit outbound traffic.
Suggested answer: C
asked 16/09/2024
shvoal gerama
32 questions

Question 255

Report
Export
Collapse

A company hosts its application, example.com, behind Application Load Balancers in the us-east-1 and eu-west-1 Regions.

Users should be routed to the resources geographically nearest to them. Users must not be routed to the application when it is considered unhealthy. How should a network engineer configure Amazon Route 53 to route clients to example.com?

Configure latency.example.com to use a weighted routing policy that points to the load balancers, and associate an HTTPhealth check. Configure failover records for example.com. Point the primary alias record to latency.example.com,and enablethe evaluate target health setting. Point the secondary record to a static HTML maintenance page hosted in Amazon S3.
Configure latency.example.com to use a weighted routing policy that points to the load balancers, and associate an HTTPhealth check. Configure failover records for example.com. Point the primary alias record to latency.example.com,and enablethe evaluate target health setting. Point the secondary record to a static HTML maintenance page hosted in Amazon S3.
Configure latency.example.com CNAME latency-based records that point to the load balancers, and associate an HTTPhealth check. Configure failover records for example.com. Point the primary alias record to latency.example.com,and enablethe setting used to evaluate target health. Point the secondary record to a static HTML maintenance page hosted in AmazonS3.
Configure latency.example.com CNAME latency-based records that point to the load balancers, and associate an HTTPhealth check. Configure failover records for example.com. Point the primary alias record to latency.example.com,and enablethe setting used to evaluate target health. Point the secondary record to a static HTML maintenance page hosted in AmazonS3.
Configure latency.example.com to use a geoproximity routing policy that points to the load balancers, and associate an HTTP health check. Configure failover records for example com. Point the primary alias record tolatency.example.com, and enable the evaluate target health setting. Point the secondary record to a static HTML maintenance page hosted in Amazon S3.
Configure latency.example.com to use a geoproximity routing policy that points to the load balancers, and associate an HTTP health check. Configure failover records for example com. Point the primary alias record tolatency.example.com, and enable the evaluate target health setting. Point the secondary record to a static HTML maintenance page hosted in Amazon S3.
Configure latency.example.com alias latency-based records that point to the load balancers, enable the setting used to evaluate target health, and associate an HTTP health check. Configure failover records for example.com. Point theprimary CNAME record to latency.example.com, and associate an HTTP health check. Point the secondary record to a static HTML maintenance page hosted in Amazon S3.
Configure latency.example.com alias latency-based records that point to the load balancers, enable the setting used to evaluate target health, and associate an HTTP health check. Configure failover records for example.com. Point theprimary CNAME record to latency.example.com, and associate an HTTP health check. Point the secondary record to a static HTML maintenance page hosted in Amazon S3.
Suggested answer: D
asked 16/09/2024
Leandro Franklin Franklin
43 questions

Question 256

Report
Export
Collapse

A Network Engineer needs to be automatically notified when a certain TCP port is accessed on a fleet of Amazon EC2 instances running in an Amazon VPC. Which of the following is the MOST reliable solution?

Create an inbound rule in the VPC's network ACL that matches the TCP port. Create an Amazon CloudWatch alarm on the NetworkPackets metric for the ACL that uses Amazon SNS to notify the Administrator when the metric is greaterthan zero.
Create an inbound rule in the VPC's network ACL that matches the TCP port. Create an Amazon CloudWatch alarm on the NetworkPackets metric for the ACL that uses Amazon SNS to notify the Administrator when the metric is greaterthan zero.
Install intrusion detection software on each Amazon EC2 instance and configure it to use the AWS CLI to notify the Administrator with Amazon SNS each time the TCP port is accessed.
Install intrusion detection software on each Amazon EC2 instance and configure it to use the AWS CLI to notify the Administrator with Amazon SNS each time the TCP port is accessed.
Create VPC Flow Logs that write to Amazon CloudWatch Logs, with a metric filter matching connections on the required port. Create a CloudWatch alarm on the resulting metric that uses Amazon SNS to notify the Administrator whenthe metric is greater than zero.
Create VPC Flow Logs that write to Amazon CloudWatch Logs, with a metric filter matching connections on the required port. Create a CloudWatch alarm on the resulting metric that uses Amazon SNS to notify the Administrator whenthe metric is greater than zero.
Install intrusion detection software on each Amazon EC2 instance and configure it to use the AWS CLI to publish to a custom Amazon CloudWatch metric each time the TCP port is accessed. Create a CloudWatch alarm on the resultingmetric that uses Amazon SNS to notify the Administrator when the metric is greater than zero.
Install intrusion detection software on each Amazon EC2 instance and configure it to use the AWS CLI to publish to a custom Amazon CloudWatch metric each time the TCP port is accessed. Create a CloudWatch alarm on the resultingmetric that uses Amazon SNS to notify the Administrator when the metric is greater than zero.
Suggested answer: A
asked 16/09/2024
fritz villanueva
48 questions

Question 257

Report
Export
Collapse

Which service parses large Flow Logs for consumption by other programs such as Kibana?

S3
S3
ElasticSearch
ElasticSearch
Elastic Beanstalk
Elastic Beanstalk
Kinesis
Kinesis
Suggested answer: B
asked 16/09/2024
Carlos Periterra
40 questions

Question 258

Report
Export
Collapse

A company has 20 AWS accounts and has hundreds of VPCs within those accounts. Each account has several security groups. Most of the security groups share a common set of CIDR range rules.

The company wants to simplify the management of these CIDR ranges that the security groups use. The company's network team does not have full access to all the accounts. The common CIDR ranges are 10.10.0.0/16, 10.8.0.0/16, and 192.168.128.0/24.

Which solution should a network engineer recommend to meet these requirements?

Use AWS CloudFormation and AWS CloudFormation StackSets to configure all the accounts and VPCs with the same security groups.
Use AWS CloudFormation and AWS CloudFormation StackSets to configure all the accounts and VPCs with the same security groups.
Use a CLI and a shell script to configure all the accounts and VPCs with the same security groups.
Use a CLI and a shell script to configure all the accounts and VPCs with the same security groups.
Use AWS CloudFormation to configure a VPC prefix list, and share the prefix list with all the accounts in AWS Resource Access Manager.
Use AWS CloudFormation to configure a VPC prefix list, and share the prefix list with all the accounts in AWS Resource Access Manager.
Use a CLI and a shell script to configure all the accounts and VPCs with the same network ACLs.
Use a CLI and a shell script to configure all the accounts and VPCs with the same network ACLs.
Suggested answer: C

Explanation:

Explanation:

Reference: https://docs.aws.amazon.com/vpc/latest/userguide/sharing-managed-prefix-lists.html

asked 16/09/2024
Kiswendsida ZONGO
35 questions

Question 259

Report
Export
Collapse

An organization runs a consumer-facing website on AWS. The Amazon EC2-based web fleet is load balanced using the AWS Application Load Balancer; Amazon Route 53 is used to provide the public DNS services. The following URLs need to server content to end users: test.example.com web.example.com example.com Based on this information, what combination of services must be used to meet the requirement? (Choose two.)

Path condition in ALB listener to route example.com to appropriate target groups.
Path condition in ALB listener to route example.com to appropriate target groups.
Host condition in ALB listener to route *.example.com to appropriate target groups.
Host condition in ALB listener to route *.example.com to appropriate target groups.
Host condition in ALB listener to route example.com to appropriate target groups.
Host condition in ALB listener to route example.com to appropriate target groups.
Path condition in ALB listener to route *.example.com to appropriate target groups.
Path condition in ALB listener to route *.example.com to appropriate target groups.
Host condition in ALB listener to route $$$$.example.com to appropriate target groups.
Host condition in ALB listener to route $$$$.example.com to appropriate target groups.
Suggested answer: A, C
asked 16/09/2024
Archana Pingily
34 questions

Question 260

Report
Export
Collapse

Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution.

A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location. Which solution will meet this requirement, while minimizing downtime and costs?

Deploy a third-party vendor solution to perform deep packet inspection in a transit VPC.
Deploy a third-party vendor solution to perform deep packet inspection in a transit VPC.
Enable VPC Flow Logs on each VP
Enable VPC Flow Logs on each VP
Set up a stream of the flow logs to a central Amazon Elasticsearch cluster.
Set up a stream of the flow logs to a central Amazon Elasticsearch cluster.
Enable Amazon Macie on each AWS account and configure central reporting.
Enable Amazon Macie on each AWS account and configure central reporting.
Enable Amazon GuardDuty on each account as members of a central account.
Enable Amazon GuardDuty on each account as members of a central account.
Suggested answer: D

Explanation:

Explanation:

References: https://aws.amazon.com/blogs/security/how-to-manage-amazon-guardduty-security-findings-across-multipleaccounts/

asked 16/09/2024
Fthcx Fgghn
33 questions
Total 414 questions
Go to page: of 42
Search

Related questions