Amazon ANS-C00 Practice Test - Questions Answers, Page 26

Use ___________ to get more visibility into the health of your AWS Elastic Beanstalk application and take appropriate actions in case of hardware failure or performance degradation.

You use a VPN to extend your corporate network into a VPC. Instances in the VPC are able to resolve resource records in an Amazon Route 53 private hosted zone. Your on-premises DNS server is configured with a forwarder to the VPC DNS server IP address. On-premises users are unable to resolve names in the private hosted zone, although instances in a peered VPC can. What should you do to provide on-premises users with access to the private hosted zone?

A company is delivering web content from an Amazon EC2 instance in a public subnet with address 2001:db8:1:100::1.

Users report they are unable to access the web content. The VPC Flow Logs for the subnet contain the following entries:

2 012345678912 eni-0596e500123456789 2001:db8:2:200::2 2001:db8:1:100::1 0 0 58 234 24336 1551299195 1551299434 ACCEPT OK 2 012345678912 eni-0596e500123456789 2001:db8:1:100::1 2001:db8:2:200::2 0 0 58 234 24336 1551299195 1551299434 REJECT OK Which action will restore network reachability to the EC2 instance?

A company hosts its application, example.com, behind Application Load Balancers in the us-east-1 and eu-west-1 Regions.

Users should be routed to the resources geographically nearest to them. Users must not be routed to the application when it is considered unhealthy. How should a network engineer configure Amazon Route 53 to route clients to example.com?

A Network Engineer needs to be automatically notified when a certain TCP port is accessed on a fleet of Amazon EC2 instances running in an Amazon VPC. Which of the following is the MOST reliable solution?

Which service parses large Flow Logs for consumption by other programs such as Kibana?

A company has 20 AWS accounts and has hundreds of VPCs within those accounts. Each account has several security groups. Most of the security groups share a common set of CIDR range rules.

The company wants to simplify the management of these CIDR ranges that the security groups use. The company's network team does not have full access to all the accounts. The common CIDR ranges are 10.10.0.0/16, 10.8.0.0/16, and 192.168.128.0/24.

Which solution should a network engineer recommend to meet these requirements?

An organization runs a consumer-facing website on AWS. The Amazon EC2-based web fleet is load balanced using the AWS Application Load Balancer; Amazon Route 53 is used to provide the public DNS services. The following URLs need to server content to end users: test.example.com web.example.com example.com Based on this information, what combination of services must be used to meet the requirement? (Choose two.)

Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution.

A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location. Which solution will meet this requirement, while minimizing downtime and costs?