Amazon ANS-C00 Online Practice Questions and Exam Preparation

Amazon ANS-C00 Online Questions & Answers

• Question 161:

  AWS CloudTrail can be configured to ____ log files across multiple accounts and regions so that log files are delivered to a single bucket.

  A. aggregate
  B. disperse
  C. replicate
  D. encrypt
  A. aggregate

• Question 162:

  You can use the ____ page of the AWS Config console to look up resources that AWS Config has discovered, including deleted resources and resources that are not currently being recorded.

  A. snapshot listing
  B. configuration history
  C. resource inventory
  D. resource database
  C. resource inventory

• Question 163:

  You have just deployed a website that utilizes CloudFront, ELB, and S3 to serve content. When users access your site, they are seeing broken image links. You know you configured CloudFront to use cdn.yourdomain.com. What is the most likely reason why your users not seeing the images?

  A. There is no rule in your bucket policy allowing public access.
  B. The images in S3 are saved as .png instead of .jpg.
  C. There is no record in Route 53 pointing cdn.yourdomain.com to the ALIAS.
  D. The users are using Internet Explorer.
  C. There is no record in Route 53 pointing cdn.yourdomain.com to the ALIAS.

• Question 164:

  A network engineer is using the AWS CLI to provision a VPC and Amazon EC2 instances that use IPv6 addresses. An application that runs on the instances requires access to the internet to pull updates from a software vendor. The VPC ID

  is vpc-3c02b675. The network engineer uses the following command to provision an egress-only internet gateway:

  aws ac2 create-egress-only-internet-gateway --vpc-id vpc-3c02b675

  What else must the network engineer do so that the EC2 instances can pull the updates?

  A. Replace the egress-only internet gateway with a NAT gateway. Create a route with destination 0.0.0.0/0 and the NAT gateway ID as the target.
  B. Replace the egress-only internet gateway with a NAT gateway. Create a route with destination ::/0 and the NAT gateway ID as the target.
  C. Create a route with destination 0.0.0.0/0 and the egress-only internet gateway ID as the target.
  D. Create a route with destination ::/0 and the egress-only internet gateway ID as the target.
  C. Create a route with destination 0.0.0.0/0 and the egress-only internet gateway ID as the target.

• Question 165:

  You have two VPCs that you need to connect to an on-premises datacenter using VPNs. When you create the tunnels, you find that both tunnels use the same addresses. What two things can you do to overcome this? (Choose two.)

  A. Delete the VPN, create a "dummy VPN", recreate the VPN, then delete the "dummy" VPN.
  B. Delete your AWS account and create a new one since the VPN tunnel addresses are created from a hash of your account number and a proprietary algorithm.
  C. Create a VHF within you router for each network.
  D. Create a VRF within your router for each network.
  A. Delete the VPN, create a "dummy VPN", recreate the VPN, then delete the "dummy" VPN.
  D. Create a VRF within your router for each network.

• Question 166:

  A company is migrating a legacy storefront web application to the AWS Cloud. The application is complex and will take several months to refactor. A solutions architect recommended an interim solution of using Amazon CloudFront with a custom origin pointing to the SSL endpoint URL for the legacy web application until the replacement is ready and deployed.

  The interim solution has worked for several weeks. However, all browser connections recently began showing an HTTP 502 Bad Gateway error with the header "X-Cache: Error from cloudfront." Monitoring services show that the HTTPS port 443 on the legacy web application is open and responding to requests.

  What is the likely cause of the error, and what is the solution?

  A. The origin access identity is not correct. Edit the CloudFront distribution and update the identity in the origins settings.
  B. The SSL certificate on the CloudFront distribution has expired. Use AWS Certificate Manager (ACM) in the us-east-1 Region to replace the SSL certificate in the CloudFront distribution with a new certificate.
  C. The SSL certificate on the legacy web application server has expired. Use AWS Certificate Manager (ACM) in the us-east-1 Region to create a new SSL certificate. Export the public and private keys, and install the certificate on the legacy web application.
  D. The SSL certificate on the legacy web application server has expired. Replace the SSL certificate on the web server with one signed by a globally recognized certificate authority (CA). Install the full certificate chain onto the legacy web application server.
  A. The origin access identity is not correct. Edit the CloudFront distribution and update the identity in the origins settings.

• Question 167:

  Which port range must be allowed through a NACL to ensure all return traffic is successful?

  A. 1024 - 65,535
  B. 22
  C. 65,000 - 65,535
  D. 80 - 443
  A. 1024 - 65,535

• Question 168:

  You have been tasked with migrating your company's proprietary massively large dataset sorting application to AWS. The application currently runs on 4 highly spec'd servers that are in a cluster arrangement and runs 24x7, with the average CPU utilisation across any 24hr period being approx 85% - the migration of this cluster once up and running on AWS is expected to run similarly. The servers shuffle data internally and between themselves. Your company's financial performance is entirely dependent on the speed at which it can sort your customers datasets, that is the faster a sorted result can be returned the better your company's bottom line.

  Of the choices presented below, select the optimal network configuration that will ensure the best financial results for your company.

  A. Disable Jumbo Frames to ensure better data throughput between instances
  B. Enable Jumbo Frames to ensure better data throughput between instances
  C. Create an autoscaled group of c4.8xlarge instances - with min 1 and max 4 - this will ensure your operational costs a minimal
  D. Configure a CloudWatch Alarm to add more CPUs to the instances when average cluster CPU utilisation breaches 85%
  B. Enable Jumbo Frames to ensure better data throughput between instances

• Question 169:

  In the "start using the AWS Direct Connect steps," when can you complete the Cross Connect step?

  A. After verifying your virtual interface
  B. After you have received your Letter of Authorization and Connecting Facility Assignment (LOA-CFA) from AWS
  C. 72 hours after submitting your request for AWS Direct Connect Connection
  D. Immediately after submitting your request for AWS Direct Connect Connection
  B. After you have received your Letter of Authorization and Connecting Facility Assignment (LOA-CFA) from AWS

• Question 170:

  A network engineer deploys an application in a private subnet in a VPC that connects to many external video feed providers using RTMP over the internet. A NAT gateway has been deployed in a public subnet and is working as expected. From the Amazon EC2 instance, the application is able to connect to all feed providers except one, which hangs when connecting. Manually testing a connection from an Amazon EC2 instance in the public subnet to the problem feed indicates that the feed works as expected.

  What is causing this issue?

  A. The NAT gateway does not support fragmented packets.
  B. The internet gateway only supports an MTU of 1500 bytes.
  C. An Amazon EC2 instance expects to communicate with an MTU of 9001.
  D. The security group on the instances does not allow PMTUD.
  D. The security group on the instances does not allow PMTUD.