Amazon Amazon Certifications ANS-C00 Questions & Answers

• Question 121:

  Which of the following types of contents cannot serve over HTTP or HTTPS in Amazon CloudFront?

  A. Apple HTTP Live Streaming

  B. Static and dynamic download content

  C. Adobe Flash multimedia content

  D. CloudFront RTMP distribution

  Correct Answer: C

  Explanation:

  In Amazon CloudFront, you can use web distributions to serve the following content over HTTP or HTTPS:

  Static and dynamic download content, for example, .html, .css, .php, and image files, using HTTP or

  HTTPS.

  Multimedia content on demand using progressive download and Apple HTTP Live Streaming (HLS). A live

  event, such as a meeting, conference, or concert, in real time. You can't serve Adobe Flash multimedia

  content over HTTP or HTTPS.

  Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distributionoverview.html

• Question 122:

  In Amazon CloudFront, if you need to quickly remove objects from a distribution, you can:

  A. delete the objects from cache.

  B. invalidate the objects.

  C. remove your Amazon S3 bucket.

  D. delete your distribution and recreate it.

  Correct Answer: B

  Explanation:

  In Amazon CloudFront, if you need to quickly remove objects from a distribution, you can invalidate them.

  Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/

  AddRemoveReplaceObjects.html

• Question 123:

  A user has created a VPC with CIDR 20.0.0.0/16 with only a private subnet and VPN connection using the VPC wizard. The user wants to connect to the instance in a private subnet over SSH.

  How should the user define the security rule for SSH?

  A. The user can connect to a instance in a private subnet using the NAT instance

  B. The user has to create an instance in EC2 Classic with an elastic IP and configure the security group of a private subnet to allow SSH from that elastic IP

  C. Allow Inbound traffic on port 22 from the user's network

  D. Allow Inbound traffic on port 80 and 22 to allow the user to connect to a private subnet over the internet

  Correct Answer: C

  Explanation: The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, the user can setup a case with a VPN only subnet (private) which uses VPN access to connect with his data centre. When the user has configured this setup with Wizard, all network connections to the instances in the subnet will come from his data centre. The user has to configure the security group of the private subnet which allows the inbound traffic on SSH (port 22) from the data centre's network range.

  Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario4.html

• Question 124:

  By default, all AWS accounts are limited to ____ EIPs, because public (IPv4) Internet addresses are a scarce public resource.

  A. 5

  B. 8

  C. 6

  D. 2

  Correct Answer: A

  Explanation: An Elastic IP address (EIP) is a static IP address designed for dynamic cloud computing. With an EIP, you can mask the failure of an instance by rapidly remapping the address to another instance. By default, all AWS accounts are limited to 5 EIPs, because public (IPv4) Internet addresses are a scarce public resource.

  Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html

• Question 125:

  In the "start using the AWS Direct Connect steps," when can you complete the Cross Connect step?

  A. After verifying your virtual interface

  B. After you have received your Letter of Authorization and Connecting Facility Assignment (LOA-CFA) from AWS

  C. 72 hours after submitting your request for AWS Direct Connect Connection

  D. Immediately after submitting your request for AWS Direct Connect Connection

  Correct Answer: B

  Explanation: To complete the steps of "start using the AWS Direct Connect," after submitting your request for AWS Direct Connect connection, AWS will send you an email within 72 hours with a Letter of Authorization and Connecting Facility Assignment (LOA-CFA). After you have received your LOA-CFA, you need to complete your cross-network connection, also known as a cross connect.

  Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/Colocation.html

• Question 126:

  After setting an AWS Direct Connect, which of the following cannot be done with an AWS Direct Connect Virtual Interface?

  A. You can delete a virtual interface; if its connection has no other virtual interfaces, you can delete the connection.

  B. You can change the region of your virtual interface.

  C. You can create a hosted virtual interface.

  D. You can exchange traffic between the two ports in the same region connecting to different Virtual Private Gateways (VGWs) if you have more than one virtual interface.

  Correct Answer: D

  Explanation: You must create a virtual interface to begin using your AWS Direct Connect connection. You can create a public virtual interface to connect to public resources or a private virtual interface to connect to your VPC. Also, it is possible to configure multiple virtual interfaces on a single AWS Direct Connect connection, and you'll need one private virtual interface for each VPC to connect to. Each virtual interface needs a VLAN ID, interface IP address, ASN, and BGP key. To use your AWS Direct Connect connection with another AWS account, you can create a hosted virtual interface for that account. These hosted virtual interfaces work the same as standard virtual interfaces and can connect to public resources or a VPC.

  Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.html

• Question 127:

  You have a hybrid environment in which your VPC queries your on-premises DNS server for up resources in your environment. The EC2 instances in your VPC are unable to resolve on-premises resources.

  What are two possible reasons for this problem? (Choose two.)

  A. Your NACL is blocking UDP port 53 outbound

  B. Your security group is blocking port 53 inbound

  C. Your NACL is blocking TCP port 53 outbound.

  D. Your on-premises firewall is blocking port 443

  Correct Answer: AC

  Explanation:

  DNS requires TCP and UDP port 53.

• Question 128:

  Your VPC has a DX connection that is advertising 99 routes. You have two more prefixes to add: 10.223.1.0/24 and 10.223.2.0/24. You have several locations, so you need to be as exact as possible with your routing.

  How would you do this?

  A. Add the prefixes; AWS allows for as many BGP routes as you need but not static.

  B. Contact AWS to extend the number of prefixes you are allowed to advertise.

  C. Summarize the routes into a 10.223.0.0/22 and advertise that route instead.

  D. Summarize the routes into a 10.223.0.0/12 and advertise that route instead.

  Correct Answer: C

  Explanation:

  BGP has a strict 100 prefix limit. 10.223.0.0/12 includes both routes but is not very specific. 10.223.0.0/22

  is the proper summarization of both routes.

• Question 129:

  You have a data center with a 2 connection LAG. You wish to add 2 more connections, how many LOAs must you complete?

  A. 2

  B. 1

  C. 4

  D. 0

  Correct Answer: A

  Explanation:

  You must complete a LOA for each new physical connection.

• Question 130:

  Your boss decides to assign an Elastic IP to a production instance. Once he does this, access to the URL for that website fails. What happened?

  A. The original IP address was released back to AWS when the Elastic IP was assigned.

  B. Your boss only needs to restart the Apache service.

  C. Your boss should have turned off the server before assigning the IP address.

  D. Your boss needs to restart the server.

  Correct Answer: A

  Explanation:

  The original IP address was released back to AWS when the Elastic IP was assigned. If you attach an EIP,

  you lose the address originally assigned to the instance unless you add it to another interface.