Amazon Amazon Certifications ANS-C00 Questions & Answers

• Question 101:

  For web distributions in Amazon CloudFront, your origin can be either an Amazon S3 bucket or _______ .

  A. a DNS server

  B. a proxy server

  C. an FTP server

  D. an HTTP server

  Correct Answer: D

  Explanation:

  For web distributions in Amazon CloudFront, your origin can be either an Amazon S3 bucket or an HTTP

  server.

  Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distributionoverview.html

• Question 102:

  In AWS, which service provides a reliable and inexpensive way to backup and archive CloudTrail log files?

  A. Amazon Archiver

  B. Amazon Glacier

  C. AWS Storage Gateway

  D. Amazon Elastic Block Store

  Correct Answer: B

  Explanation:

  You control the retention policies for your CloudTrail log files. By default, log files are stored indefinitely, but for cost efficiency, you may want to delete old log files or archive them to Amazon Glacier, a storage service optimized for data archiving and backup of infrequently used data.

  Reference: https://aws.amazon.com/cloudtrail/faqs/

• Question 103:

  AWS CloudTrail can be configured to ____ log files across multiple accounts and regions so that log files are delivered to a single bucket.

  A. aggregate

  B. disperse

  C. replicate

  D. encrypt

  Correct Answer: A

  Explanation:

  You can configure CloudTrail to aggregate log files from multiple regions and deliver them to a single S3

  bucket for a single account.

  Reference: https://aws.amazon.com/cloudtrail/

• Question 104:

  Which CloudWatch attributes are used for the statistics generation?

  A. All the options are used

  B. Dimension

  C. Data point unit

  D. NameSpace

  Correct Answer: A

  Explanation:

  Statistics represents data aggregation of the metric data values over a specific period of time. These

  aggregations are made using the namespace, metric name, dimensions and the data point unit of measure

  within the time period that the user has specified.

  Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html

• Question 105:

  In AWS, which tool records API calls for a specific AWS account and also delivers the log files for that account?

  A. CloudTrail

  B. Redshift

  C. Beanstalk

  D. Cognito

  Correct Answer: A

  Explanation:

  The AWS CloudTrail is a web service that is used to record AWS API call for a specific AWS account. It

  also delivers log files, which provide the following details:

  1.

  Identity of the API caller

  2.

  Time of the API call

  3.

  Source IP address of API caller

  4.

  Request parameters

  5.

  Response elements

  Reference: https://aws.amazon.com/cloudtrail/

• Question 106:

  What service is used to store the log files generated by CloudTrail?

  A. EC2

  B. EBS

  C. S3

  D. VPC

  Correct Answer: C

  Explanation:

  The AWS CloudTrail uses Amazon's Simple Storage Service (S3) to store log files. It also supports the use

  of S3 life cycle configuration rules to reduce storage costs.

  Reference: https://aws.amazon.com/cloudtrail/

• Question 107:

  Which service parses large Flow Logs for consumption by other programs such as Kibana?

  A. S3

  B. ElasticSearch

  C. Elastic Beanstalk

  D. Kinesis

  Correct Answer: B

• Question 108:

  Which service would you use to see if your infrastructure has changed?

  A. Config

  B. Elastic Beanstalk

  C. CloudTrail

  D. CloudWatch

  Correct Answer: C

• Question 109:

  Which service would you use to see the DSCP value in a packet header?

  A. CloudTrail

  B. Config

  C. Flow Logs

  D. None of the above

  Correct Answer: D

  Explanation:

  To perform deep packet inspection, you would need a specialized tool such as Wireshark.

• Question 110:

  What are three services that help mitigate a DDoS? (Choose two.)

  A. AWS Shield

  B. DynamoDB

  C. Elastic Beanstalk

  D. CloudFront

  Correct Answer: AD

  Explanation:

  AWS Shield and CloudFront can help mitigate the effects of a DDoS