Amazon ANS-C00 Online Practice Questions and Exam Preparation

Amazon ANS-C00 Online Questions & Answers

• Question 151:

  A user has enabled detailed CloudWatch monitoring with the AWS Simple Notification Service. Which of the below mentioned statements helps the user understand detailed monitoring better?

  A. SNS cannot provide data every minute
  B. There is no need to enable since SNS provides data every minute
  C. SNS will send data every minute after configuration
  D. AWS CloudWatch does not support monitoring for SNS
  A. SNS cannot provide data every minute

• Question 152:

  A company is deploying a network security product that is based on virtual appliances that run on Amazon EC2 instances. The appliances are stateful and inspect request traffic and return traffic. The appliances require visibility to a network flow's bidirectional transaction.

  The central appliance VPC is connected to a transit gateway.

  A network administrator notices that connections to the appliances are dropped when the traffic crosses Availability Zones. The appliances run behind a Gateway Load Balancer. The appliances are deployed across multiple Availability zones

  in a central VPC.

  What is MOST likely causing the connections to drop?

  A. The transit gateway VPC attachment of the central appliance VPC is configured only for a subnet in a single Availability Zone
  B. The transit gateway VPC attachment of the appliance is not configured for appliance mode
  C. The route table that is attached to the subnet in one of the Availability Zones is missing a return route to the originating VPC
  D. The security group that is attached to one of the appliance instances is blocking traffic to port 6081
  B. The transit gateway VPC attachment of the appliance is not configured for appliance mode

• Question 153:

  A company uses a newly provisioned 1-Gbps AWS Direct Connect connection to configure a virtual interface for access to Amazon S3. Which configuration values is the network engineer required to provide? (Choose two.)

  A. Connection speed
  B. VLAN ID
  C. IP prefixes to advertise
  D. Direct Connect location
  E. Virtual private gateway
  B. VLAN ID
  E. Virtual private gateway

• Question 154:

  A company is about to migrate an application from its on-premises data center to AWS. As part of the planning process, the following requirements involving DNS have been identified.

  1.

  On-premises systems must be able to resolve the entries in an Amazon Route 53 private hosted zone.

  2.

  Amazon EC2 instances running in the organization's VPC must be able to resolve the DNS names of on-premises systems

  The organization's VPC uses the CIDR block 172.16.0.0/16.

  Assuming that there is no DNS namespace overlap, how can these requirements be met?

  A. Change the DHCP options set for the VPC to use both the Amazon-provided DNS server and the on-premises DNS systems. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.
  B. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to 172.16.0.2. Change the DHCP options set for the VPC to use the new DNS proxies. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.
  C. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to the Amazon-provided DNS server (172.16.0.2). Change the DHCP options set for the VPC to use the new DNS proxies. Configure the on-premises DNS systems with a stub-zone, delegating the proxies as authoritative for the Route 53 private hosted zone.
  D. Change the DHCP options set for the VPC to use both the on-premises DNS systems. Configure the on-premises DNS systems with a stub-zone, delegating the Route 53 private hosted zone's name servers as authoritative for the Route 53 private hosted zone.
  C. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to the Amazon-provided DNS server (172.16.0.2). Change the DHCP options set for the VPC to use the new DNS proxies. Configure the on-premises DNS systems with a stub-zone, delegating the proxies as authoritative for the Route 53 private hosted zone.

• Question 155:

  Your company is building a new data center. You currently have an on-premises data center that accesses your single VPC via VPN. You need to provide access to your single VPC to your new data center. Since your new data center build is already over budget, you need to keep costs low.

  How should you accomplish this?

  A. Add a Private VIF and create a Direct Connect connection.
  B. Create a new Customer Gateway and add it to your VPN using a CloudHub infrastructure model.
  C. Add a Public VIF and create a Direct Connect connection.
  D. Create a new Virtual Gateway and add it to your VPN using a CloudHub infrastructure model.
  B. Create a new Customer Gateway and add it to your VPN using a CloudHub infrastructure model.

• Question 156:

  You would like to ensure that all Amazon S3 buckets going forward, current and newly created ones, have logging enabled. What type of trigger(s) should you use?

  A. only a periodic trigger
  B. only a configuration change trigger
  C. both configuration change and periodic triggers
  D. only a transitioning trigger
  B. only a configuration change trigger

• Question 157:

  In AWS Direct Connect, which of the following is true of configuring your router to connect to the AWS Direct Connect router?

  A. After creating a virtual interface for your AWS Direct Connect connection, you can download the router configuration file from the available link
  B. After Completing the Cross Connect step, the download link for router configuration will be available
  C. After submitting your AWS Direct Connect connection request, you will receive the router configuration details by email within 72 hours D. In Create a Virtual Interface step, the general configuration of your router would be available for downloading.
  A. After creating a virtual interface for your AWS Direct Connect connection, you can download the router configuration file from the available link

• Question 158:

  A company is deploying a critical application on two Amazon EC2 instances in a VPC. Failed client connections to the EC2 instances must be logged according to company policy. What is the MOST cost-effective solution to meet these requirements?

  A. Move the EC2 instances to a dedicated VPC. Enable VPC Flow Logs with a filter on the deny action. Publish the flow logs to Amazon CloudWatch Logs.
  B. Move the EC2 instances to a dedicated VPC subnet. Enable VPC Flow Logs for the subnet with a filter on the reject action. Publish the flow logs to an Amazon Kinesis Data Firehose stream with a data delivery to an Amazon S3 bucket.
  C. Enable VPC Flow Logs, filtered for rejected traffic, for the elastic network interfaces associated with the instances. Publish the flow logs to an Amazon Kinesis Data Firehose stream with a data delivery to an Amazon S3 bucket.
  D. Enable VPC Flow Logs, filtered for rejected traffic, for the elastic network interfaces associated with the instances. Publish the flow logs to Amazon CloudWatch Logs.
  A. Move the EC2 instances to a dedicated VPC. Enable VPC Flow Logs with a filter on the deny action. Publish the flow logs to Amazon CloudWatch Logs.

• Question 159:

  A financial services company that has on-premises infrastructure has acquired a startup company that has an API that is deployed in the AWS Cloud. As part of the acquisition, the financial services company has deployed an AWS Direct Connect private VIF to establish IP connectivity between the on-premises data center and the AWS environment.

  Initial IP connectivity testing and bidirectional DNS resolution testing are successful. However, when business users attempt to connect to the API. a network administrator discovers IP subnet overlap between the financial services company's existing network and the startup company's AWS deployment.

  A network architect receives the following diagram that summarizes the situation:

  

  What is the MOST operationally efficient solution to enable the connectivity?

  A. Provision additional subnets with a non-overlapping IP range in the VPC. Deploy NAT gateways. Configure the virtual private gateway's next hop to be the NAT gateway. Advertise the new subnet IP address ranges through Direct Connect. Configure the on-premises hosts to target the API endpoint through the API servers.
  B. Provision additional subnets with a non-overlapping IP range in the VPC. Deploy a Network Load Balancer (NLB) across the subnets. Configure the API endpoints in a target group that is associated with the NLB. Advertise the new subnet IP address ranges through Direct Connect. Configure the on-premises hosts to target the API endpoint through the NLB.
  C. Provision additional subnets with a non-overlapping IP range in a new VPC. Deploy a Network Load Balancer (NLB) across the subnets. Configure the API endpoints as targets by IP address in a target group that is associated with the NLB. Peer the two VPCs together, and relocate the virtual private gateway into the new VPC. Advertise the new subnet IP address ranges through Direct Connect. Configure the on-premises hosts to target the API endpoint through the NLB.
  D. Provision additional subnets with a non-overlapping IP range in the VPC. Deploy a Network Load Balancer (NLB) across the existing subnets. Configure the API endpoints in a target group that is associated with the NLB. Configure a VPC endpoint service that targets the newly created NLB, and deploy VPC endpoints into the new subnet. Advertise the new subnet IP address ranges through Direct Connect. Configure the on-premises hosts to target the API endpoint through the VPC endpoints.
  D. Provision additional subnets with a non-overlapping IP range in the VPC. Deploy a Network Load Balancer (NLB) across the existing subnets. Configure the API endpoints in a target group that is associated with the NLB. Configure a VPC endpoint service that targets the newly created NLB, and deploy VPC endpoints into the new subnet. Advertise the new subnet IP address ranges through Direct Connect. Configure the on-premises hosts to target the API endpoint through the VPC endpoints.

• Question 160:

  Your company operates a single AWS account. A common services VPC is deployed to provide shared services, such as network scanning and compliance tools. Each AWS workload uses its own VPC, and each VPC must peer with the common services VPC. You must choose the most efficient and cost effective approach.

  Which approach should be used to automate the required VPC peering?

  A. AWS CloudTrail integration with Amazon CloudWatch Logs to trigger a Lambda function.
  B. An OpsWorks Chef recipe to execute a command-line peering request.
  C. Cfn-init with AWS CloudFormation to execute a command-line peering request.
  D. An AWS CloudFormation template that includes a peering request.
  A. AWS CloudTrail integration with Amazon CloudWatch Logs to trigger a Lambda function.