Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Amazon ANS-C00

Amazon ANS-C00 Exam Practice Questions (P. 4)

  • Full Access (377 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #31
Your company has set up AWS Direct Connect to connect on-premises to an Amazon VPC instance. Two Direct Connect connections terminate at two different
Direct Connect locations. You are using two routers, R1 and R2, at your end (one of each Direct Connect connection). R1 and R2 do NOT have connectivity between them. Both routers advertise the same routers over BGP to the VGW. You have a stateful firewall on each router. The routers drop some of the traffic coming from the VPC.
Which two actions should you take to fix this problem? (Choose two.)
  1. A
    Use BGP AS prepend attribute to prepend additional AS numbers while advertising routers from R1 to VGW.
  2. B
    Use BGP local preference attribute to assign R1 to a lower local preference number than R2.
  3. C
    Use BGP local preference attribute to assign R1 a higher local preference number than R2.
  4. D
    Use BGP MED attribute to assign a higher MED value to the routes advertised R1 to VGW.
  5. E
    Use BGP MED attribute to assign a higher MED value to the routes advertised from R2 to VGW.

Correct Answer:
AC

Question #32
An organization will be expanding its current network design. When fully built out, there will be 99 VPCs spread across 11 AWS accounts (9 VPCs per account).
There is currently an AWS Direct Connect connection into one account with 9 VPCs, each with a virtual network interface (VIF) per VPC.
Which of the following designs will minimize cost while allowing the organization to expand?
  1. A
    Order 10 new Direct Connect connections, one from each of the accounts that will be provisioned. Create private VIFs in each account. Attach one private VIF per VPC.
  2. B
    Create a public VIF on the Direct Connect connection. Leverage the public VIF to create a VPN connection to each VPC.
  3. C
    Create hosted private VIFs in the existing account. Connect a private VIF to an AWS Direct Connect gateway in each account. Connect the gateway in each account to the VPCs.
  4. D
    Create a transit VPC in the existing account that consists of two routers in separate Availability Zones. Connect each VPC to the two routers in the transit VPC by using VPN.

Correct Answer:
D

Question #33
An organization with a growing ecommerce presence uses the AWS CloudHSM to offload the SSL/TLS processing of its web server fleet. The company leverages
Amazon EC2 Auto Scaling for web servers to handle the growth. What architectural approach is optimal to scale the encryption operation?
  1. A
    Use multiple CloudHSM instances, and load balance them using a Network Load Balancer.
  2. B
    Use multiple CloudHSM instances to the cluster; request to it will automatically load balance.
  3. C
    Enable Auto Scaling on the CloudHSM instance, with similar configuration to the web tier Auto Scaling group.
  4. D
    Use multiple CloudHSM instances, and load balance them using an Application Load Balancer.

Correct Answer:
A

Question #34
A company has 225 mobile and desktop devices and 300 partner VPNs that need access to an AWS VPC. VPN users should not be able to reach one another.
Which approach will meet the technical and security requirements while minimizing costs?
  1. A
    Use the AWS IPsec VPN for the mobile, desktop, and partner VPN connections. Use network access control lists (Network ACLs) and security groups to maintain routing separation.
  2. B
    Use the AWS IPsec VPN for the partner VPN connections. Use an Amazon EC2 instance VPN for the mobile and desktop devices. Use Network ACLs and security groups to maintain routing separation.
  3. C
    Create an AWS Direct Connect connection between on-premises and AWS Use a public virtual interface to connect to the AWS IPsec VPN for the mobile, desktop, and partner VPN connections.
  4. D
    Use an Amazon EC2 instance VPN for the desktop, mobile, and partner VPN connections. Use features of the VPN instance to limit routing and connectivity.

Correct Answer:
B

Question #35
Your company needs to leverage Amazon Simple Storage Solution (S3) for backup and archiving. According to company policy, data should not flow on the public
Internet even if data is encrypted. You have set up two S3 buckets in us-east-1 and us-west-2. Your company data center is located on the West Coast of the
United States. The design must be cost-effective and enable minimal latency.
Which design should you set up?
  1. A
    An AWS Direct Connect connection to us-east-1 and a Direct Connect connection to us-west-2.
  2. B
    An AWS Direct Connect connection to us-east-1.
  3. C
    An AWS Direct Connect connection to us-west-2.
  4. D
    An AWS Direct Connect connection to us-west-2 and a VPN connection to us-east-1.

Correct Answer:
A

Question #36
Your organization runs a popular e-commerce application deployed on AWS that uses auto scaling in conjunction with an Elastic Load balancing (ELB) service with an HTTPS listener. Your security team reports that an exploitable vulnerability has been discovered in the encryption protocol and cipher that your site uses.
Which step should you take to fix this problem?
  1. A
    Generate new SSL certificates for all web servers and replace current certificates.
  2. B
    Change the security policy on the ELB to disable vulnerable protocols and ciphers.
  3. C
    Generate new SSL certificates and use ELB to front-end the encrypted traffic for all web servers.
  4. D
    Leverage your current configuration management system to update SSL policy on all web servers.

Correct Answer:
D

Question #37
Your organization leverages an IP Address Management (IPAM) product to manage IP address distribution. The IPAM exposes an API. Development teams use
CloudFormation to provision approved reference architectures. At deployment time, IP addresses must be allocated to the VPC. When the VPC is deleted, the
IPAM must reclaim the VPC's IP allocation.
Which method allows for efficient, automated integration of the IPAM with CloudFormation?
  1. A
    AWS CloudFormation parameters using the ג€Ref::ג€ intrinsic function
  2. B
    AWS CloudFormation custom resource using an AWS Lambda invocation.
  3. C
    CloudFormation::OpsWorks::Stack with custom Chef configuration.
  4. D
    AWS CloudFormation parameters using the ג€Fn::FindInMapג€ intrinsic function.

Correct Answer:
A

Question #38
You need to set up an Amazon Elastic Compute Cloud (EC2) instance for an application that requires the lowest latency and the highest packet-per-second network performance. The application will talk to other servers in a peered VPC.
Which two of the following components should be part of the design? (Choose two.)
  1. A
    Select an instance with support for single root I/O virtualization.
  2. B
    Select an instance that has support for multiple ENAs.
  3. C
    Ensure that the instance supports jumbo frames and set 9001 MTU.
  4. D
    Select an instance with Amazon Elastic Block Store (EBS)-optimization.
  5. E
    Ensure that proper OS drivers are installed.

Correct Answer:
AB
References:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html

Question #39
You are configuring a virtual interface for access to your VPC on a newly provisioned 1-Gbps AWS Direct Connect connection. Which two configuration values do you need to provide? (Choose two.)
  1. A
    Public AS number
  2. B
    VLAN ID
  3. C
    IP prefixes to advertise
  4. D
    Direct Connect location
  5. E
    Virtual private gateway

Correct Answer:
AE
References:
https://aws.amazon.com/directconnect/faqs/

Question #40
A corporate network routing table contains 624 individual RFC 1918 and public IP prefixes. You have two AWS Direct Connect connectors. You configure a private virtual interface on both connections to a virtual private gateway. The virtual private gateway is not currently attached to a VPC. Neither BGP session will maintain the Established state on the customer router. The AWS Management Console reports the private virtual interfaces as Down.
What could you do to address the problem so that the AWS Management Console reports the private virtual interface as Available?
  1. A
    Attach the virtual private gateway to a VPC and enable route propagation.
  2. B
    Filter the public IP pre?xes on the corporate network from the private virtual interface.
  3. C
    Change the BGP advertisements from the corporate network to only be a default route.
  4. D
    Attach the second virtual interface to an alternative virtual private gateway.

Correct Answer:
D

Previous Questions Next Questions

All Pages