• Home
  • Articles
  • Released Amazon ANS-C00 Updated Questions PDF [Q81-Q99]

Released Amazon ANS-C00 Updated Questions PDF [Q81-Q99]

Share

Released Amazon ANS-C00 Updated Questions PDF

ANS-C00 Dumps and Practice Test (156 Exam Questions)

NEW QUESTION 81
An organization has ordered a new AWS Direct Connect connection. The AWS Management Console reports that the connection is available and BGP status is up. However, the networking team is not able to reach instances in the VPC using ping on the organization's private IP address What could cause this connectivity issue? (Choose two.)

  • A. The on-premises router is not advertising the correct CIDR range to AWS.
  • B. The instance security group does not allow ICMP traffic.
  • C. A public virtual interface must be configured for Amazon EC2 connectivity.
  • D. The VGW is not advertising the correct CIDR range back on-premises.
  • E. There is a misconfiguration of the bi-directional forwarding detection.

Answer: A,B

 

NEW QUESTION 82
You are preparing to launch Amazon WorkSpaces and need to configure the appropriate networking resources.
What must be configured to meet this requirement?

  • A. At least two subnets in different Availability Zones.
  • B. A dedicated VPC with Active Directory Services.
  • C. An IPsec VPN to on-premises Active Directory
  • D. Network address translation for outbound traffic.

Answer: A

Explanation:
Explanation
References: https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces-vpc.html

 

NEW QUESTION 83
An AWS CloudFormation template is being used to create a VPC peering connection between two existing operational VPCs, each belonging to a different AWS account. All necessary components in the `Remote' (receiving) account are already in place.
The template below creates the VPC peering connection in the Originating account. It contains these components:
AWSTemplateFormation Version: 2010-09-09
Parameters:
Originating VCId:
Type: String
RemoteVPCId:
Type: String
RemoteVPCAccountId:
Type: String
Resources:
newVPCPeeringConnection:
Type: `AWS::EC2::VPCPeeringConnection'
Properties:
VpcdId: !Ref OriginatingVPCId
PeerVpcId: !Ref RemoteVPCId
PeerOwnerId: !Ref RemoteVPCAccountId
Which additional AWS CloudFormation components are necessary in the Originating account to create an operational cross-account VPC peering connection with AWS CloudFormation? (Select two.)

  • A. Resources:
    NewEC2SecurityGroup:
    Type: AWS::EC2::SecurityGroup
  • B. Resources:
    newVPCPeeringConnection:
    Type: `AWS::EC2VPCPeeringConnection'
    PeerRoleArn: !Ref PeerRoleArn
  • C. Resources:
    VPCGatewayToRemoteVPC:
    Type: "AWS::EC2::VPCGatewayAttachment"
  • D. Resources:
    newEC2Route:
    Type: AWS::EC2::Route
  • E. Resources:
    NetworkInterfaceToRemoteVPC:
    Type: "AWS::EC2NetworkInterface"

Answer: B,C

 

NEW QUESTION 84
You have just peered two VPCs, and you need to improve performance for instances you plan on deploying. What are two steps you would take to do this? Choose the 2 correct answers:

  • A. Create two subnets in different AZs and create a placement group.
  • B. Create two subnets in the same AZ and create a placement group.
  • C. Set the MTU of your instances to 1500.
  • D. Ensure you choose instances that use enhanced networking.

Answer: B,D

Explanation:
A placement group can only be deployed in the same AZ and is only useful with enhanced networking instances.

 

NEW QUESTION 85
A legacy, on-premises web application cannot be load balances effectively. There are both planned and unplanned events that cause usage spikes to millions of concurrent users. The existing infrastructure cannot handle the usage spikes. The CIO has mandated that the application be moved to the cloud to avoid further disruptions, with the additional requirement that source IP addresses be unaltered to support network traffic-monitoring needs. Which of the following designs will meet these requirements?

  • A. Use an Auto Scaling group of Amazon EC2 instances behind a Classic Load Balancer.
  • B. Use an Auto Scaling group of EC2 instances in a target group behind an Application Load Balancer.
  • C. Use an Auto Scaling group of EC2 instances in a target group behind a Classic Load Balancer.
  • D. Use an Auto Scaling group of EC2 instances in a target group behind a Network Load Balancer.

Answer: D

Explanation:
Explanation
NLBs are highly scalable AND also preserve the source IP address.
https://aws.amazon.com/elasticloadbalancing/features/

 

NEW QUESTION 86
A company provisions an AWS Direct Connect connection to permit access to Amazon EC2 resources in several Amazon VPCs and to data stored in private Amazon S3 buckets. The Network Engineer needs to configure the company's on-premises router for this Direct Connect connection.
Which of the following actions will require the LEAST amount of configuration overhead on the customer router?

  • A. Configure private virtual interfaces for the VPC resources and for Amazon S3.
  • B. Configure a private virtual interface to a Direct Connect gateway for the VPC resources and for Amazon S3.
  • C. Configure a private virtual interface to a Direct Connect gateway for the VPC resources and a public virtual interface for Amazon S3.
  • D. Configure private virtual interfaces for the VPC resources and a public virtual interface for Amazon S3.

Answer: A

 

NEW QUESTION 87
A company wants to migrate its production and development applications to the AWS Cloud across multiple VPCs in three AWS Regions us-east-1 (N Virginia), eu-west-1 (Ireland), and ap-southeast-1 (Singapore) The company needs a scalable solution that provides connectivity between all three Regions The solution also must provide private connectivity to the company's on-premises data center in Northern Virginia Data that is transferred from on premises and data that is transferred between Regions must be encrypted in transit The company requires predictable network performance and must minimize cost The company has initiated a solution by deploying a transit gateway with two route tables in each Region One route table is for the production environment, and one route table is for the development environment What else must the company do to meet its requirements with the LOWEST latency?

  • A. Deploy an AWS Direct Connect connection in us-east-1 and a public VIF to the on-premises data center. On each transit gateway, create a VPN attachment over the public VIF for the production and development route tables. Route traffic between Regions through the VPN connections.
  • B. Deploy an AWS Direct Connect connection in us-east-1 to the on-premises data center Create one transit VIF for each transit gateway route table, and associate each transit VIF with a Direct Connect gateway Associate all transit gateways with the Direct Connect gateway Create transit gateway peering connections to route traffic between Regions.
  • C. Deploy an AWS Direct Connect connection in us-east-1 and a public VIF to the on-premises data center On each transit gateway, create a VPN attachment over the public VIF for the production and development route tables Create transit gateway peenng connections to route traffic between Regions
  • D. Deploy an AWS Direct Connect connection in us-east-1 and a transit VIF to the on-premises data center Associate all transit gateways and the transit VIF with a different Direct Connect gateway. Create transit gateway peering connections to route traffic between Regions

Answer: C

Explanation:
Public VIF required for IP Sec connection - https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-aws-transit-gateway-vpn.html Transit Gateway Peering Encrypts Inter-region traffic - https://aws.amazon.com/about-aws/whats-new/2019/12/aws-transit-gateway-supports-inter-region-peering/

 

NEW QUESTION 88
A customer has set up multiple VPCs for Dev, Test, Prod, and Management. You need to set up AWS Direct Connect to enable data flow from on-premises to each VPC. The customer has monitoring software running in the Management VPC that collects metrics from the instances in all the other VPCs. Due to budget requirements, data transfer charges should be kept at minimum.
Which design should be recommended?

  • A. Create a private VIF to the Management VPC, and peer this VPC to all other VPCs, enable source/destination NAT in the Management VPC.
  • B. Create a total of four private VIFs, one for each VPC owned by the customer, and route traffic between VPCs using the Direct Connect link.
  • C. Create a private VIF to the Management VPC, and peer this VPC to all other VPCs.
  • D. Create a total of four private VIFs, and enable VPC peering between all VPCs.

Answer: B

Explanation:
https://d1.awsstatic.com/whitepapers/aws-amazon-vpc-connectivity-options.pdf AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to your Amazon VPC or among Amazon VPCs. This option can potentially reduce network costs, increase bandwidth throughput, and provide a more consistent network experience than the other VPC-to-VPC connectivity options. You can divide a physical AWS Direct Connect connection into multiple logical connections, one for each VPC. You can then use these logical connections for routing traffic between VPCs.

 

NEW QUESTION 89
You manage a web service that is used by client applications deployed in 300 offices worldwide.
The web service architecture is an Elastic Load balancer (ELB) distributing traffic across four application servers deployed in an autoscaling group across two availability zones.
The ELB is configured to use round robin, and sticky sessions are disabled. You have configured the NACLs and Security Groups to allow port 22 from your bastion host, and port 80 from
0.0.0.0/0. The client configuration is managed by each regional IT team.
Upon inspection you find that a large amount of requests from incorrectly configured sites are causing a single application server to degrade. The remainder of the requests are equally distributed across all servers with no negative effects.
What should you do to remedy the situation and prevent future occurrences?

  • A. Terminate the affected instance and allow Auto Scaling to create a new instance.
  • B. Update the NACL to only allow port 80 to the application servers from the ELB servers.
  • C. Mark the affected instance as degraded in the ELB and raise it with the client application team.
  • D. Update the Security Groups to only allow port 80 to the application servers from the ELB.

Answer: D

Explanation:
This way we are preventing all access except from ALB to ec2 instances. nobody can directly hit as the ec2 instances without ELB as ibound security group set as per the rule mentioned C , only allow http traffic from ALB to the underneath ec2 instances.

 

NEW QUESTION 90
Which one of the following options is not true about WorkSpaces? Choose the correct answer:

  • A. WorkSpaces is great for running Linux applications.
  • B. WorkSpaces can query on-premises domains for authentication.
  • C. WorkSpaces is a fully managed, secure desktop computing service.
  • D. WorkSpaces allows integration with Microsoft AD.

Answer: B

 

NEW QUESTION 91
You run a well-architected, multi-AZ application in the eu-central-1 (Frankfurt) AWS region. The application is hosted in a VPC and is only accesses from the corporate network. To support large volumes of data transfer and administration of the application, you use a single 10-Gbps AWS Direct Connect connection with multiple private virtual interfaces. As part of a review, you decide to improve the resilience of your connection to AWS and make sure that any additional connectivity does not share the same Direct Connect routers at AWS. You need to provide the best levels of resilience to meet the application's needs.
Which two options should you consider? (Select two.)

  • A. Install a second 10-Gbps Direct Connect connection to the same Direct Connection location.
  • B. Install a second 10-Gbps Direct Connect connection to a second Direct Connect location for eu-central-1.
  • C. Deploy an IPsec VPN over the Internet to the eu-west-1 region for diversity.
  • D. Deploy an IPsec VPN over a public virtual interface on a new 10-Gbps Direct Connect connection.
  • E. Install a second 10-Gbps Direct Connect connection to a Direct Connect location in eu-west-1.

Answer: D,E

 

NEW QUESTION 92
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in us-west-2 To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses How should an engineer configure the network to meet these requirements?

  • A. Configure a VPN connection to the company's AWS VPC in us-west-2 Create a NAT gateway and configure the on-premises systems to leverage an HTTPS proxy in the VPC to access Amazon S3
  • B. Configure a VPN connection to the company's AWS VPC in us-west-2 and use BGP to advertise routes for Amazon S3
  • C. Configure a Direct Connect connection public virtual interface to us-west-2 Leverage an on-premises HTTPS proxy to send traffic to Amazon S3 over a Direct Connect connection
  • D. Configure an AWS Direct Connect private virtual interface to the company's AWS VPC in us-west-2 Create a VPC endpoint and configure the on-premises systems to leverage an HTTPS proxy in the VPC to access Amazon S3

Answer: D

Explanation:
S3 now can be provided by Private Link. The requirement is "without Public IPs"
-> only private IPs allowed to use
--> on-prems - DCX - Priv VIF - VGW - S3 IEP - S3
After routed from VGW, we need dns support to resolve S3, so a CNAME or a proxy can be used to send S3 traffic to S3 IEP.

 

NEW QUESTION 93
A bank built a new version of its banking application in AWS using containers that content to an on-premises database over VPN connection. This application version requires users to also update their client application.
The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their on-premises version of the application to serve a small portion of the customers who haven't yet upgraded.
What design will allow the company to serve both newer and earlier clients in the MOST efficient way?

  • A. Use an Amazon Route 53 multivalue answer routing policy to route older client traffic to the on-premises application version and the rest of the traffic to the new AWS based version.
  • B. Use a Classic Load Balancer for the new application. Route all traffic to the new application by using an Elastic Load Balancing (ELB) load balancer DNS. Define a user-agent-based rule on the backend servers to redirect earlier clients to the on-premises application.
  • C. Use an Application Load Balancer for the new application. Register both the new and earlier application backends as separate target groups. Use header-based routing to route traffic based on the application version.
  • D. Use an Application Load Balancer for the new application. Register both the new and earlier applications as separate target groups and use path-based routing to route traffic based on the application version.

Answer: B

 

NEW QUESTION 94
You use a VPN to extend your corporate network into a VPC. Instances in the VPC are able to resolve resource records in an Amazon Route 53 private hosted zone. Your on-premises DNS server is configured with a forwarder to the VPC DNS server IP address. On-premises users are unable to resolve names in the private hosted zone, although instances in a peered VPC can.
What should you do to provide on-premises users with access to the private hosted zone?

  • A. Update the on-premises forwarders with the four name servers assigned to the private hosted zone.
  • B. Configure the on-premises server as a secondary DNS for the private zone. Update the NS records.
  • C. Modify the network access control list on the VPC to allow DNS queries from on-premises systems.
  • D. Create a proxy resolver within the VPC. Point the on-premises forwarder to the proxy resolver.

Answer: D

Explanation:
Explanation
References:
https://aws.amazon.com/blogs/security/how-to-set-up-dns-resolution-between-on-premises-networks-and-aws-by

 

NEW QUESTION 95
You manage a webserver that serves a webpage on AWS infrastructure. You utilize an Application Load Balancer, CloudFront, S3, and some other AWS services for this site. You are only responsible for the server and you don't have access to the AWS console or API. You need to find out what IPs are accessing your website. What is the best way to achieve this? Choose the correct answer:

  • A. Add "X-Forwarded For" to the access logs and view the access logs.
  • B. Run "curl http://169.254.169.254/latest/meta-data/access_log
  • C. Ask someone with IAM permissions to view the Flow Logs to give you access.
  • D. View the access logs. They already show this information.

Answer: A

Explanation:
Add "X-Forwarded For" to the access logs and view the access logs is the best answer here. IAM permissions could work, but not necessary, the curl command queries metadata, not access logs.

 

NEW QUESTION 96
An AWS CloudFormation template is being used to create a VPC peering connection between two existing operational VPCs, each belonging to a different AWS account. All necessary components in the 'Remote' (receiving) account are already in place.
The template below creates the VPC peering connection in the Originating account. It contains these components:
AWSTemplateFormation Version: 2010-09-09
Parameters:
Originating VCId:
Type: String
RemoteVPCId:
Type: String
RemoteVPCAccountId:
Type: String
Resources:
newVPCPeeringConnection:
Type: 'AWS::EC2::VPCPeeringConnection'
Properties:
VpcdId: !Ref OriginatingVPCId
PeerVpcId: !Ref RemoteVPCId
PeerOwnerId: !Ref RemoteVPCAccountId
Which additional AWS CloudFormation components are necessary in the Originating account to create an operational cross-account VPC peering connection with AWS CloudFormation? (Select two.)

  • A. Resources:NetworkInterfaceToRemoteVPC:Type: "AWS::EC2NetworkInterface"
  • B. Resources:newEC2Route:Type: AWS::EC2::Route
  • C. Resources:VPCGatewayToRemoteVPC:Type: "AWS::EC2::VPCGatewayAttachment"
  • D. Resources:NewEC2SecurityGroup:Type: AWS::EC2::SecurityGroup
  • E. Resources:newVPCPeeringConnection:Type: 'AWS::EC2VPCPeeringConnection'PeerRoleArn: !Ref PeerRoleArn

Answer: C,E

 

NEW QUESTION 97
You are preparing to launch Amazon WorkSpaces and need to configure the appropriate networking resources. What must be configured to meet this requirement?

  • A. Network address translation for outbound traffic.
  • B. At least two subnets in different Availability Zones.
  • C. A dedicated VPC with Active Directory Services.
  • D. An IPsec VPN to on-premises Active Directory

Answer: A,B

 

NEW QUESTION 98
An organization delivers high-resolution, dynamic web content. Internet users access the content from a variety of platforms, including mobile, tablet and desktop. Each platform receives a customized experience to account for the differences in viewing modes. A dedicated, automatic-scaling fleet of Amazon EC2 instances is used for each platform to server content based on path-based headers.
Which combination of services will MINIMIZE cost and MAXIMIZE performance? (Select two.)

  • A. Amazon S3 static websites
  • B. Network Load Balancer
  • C. Application Load Balancer
  • D. Amazon Route 53 with traffic flow policies
  • E. Amazon CloudFront with Lambda@Edge

Answer: C,E

Explanation:
Explanation
References: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-at-the-edge.html

 

NEW QUESTION 99
......

ANS-C00 Exam Dumps Pass with Updated 2023 Certified Exam Questions: https://www.preppdf.com/Amazon/ANS-C00-prepaway-exam-dumps.html

Related Articles

more
Amazon ANS-C00 Certification Practice Exam