Your company was recently acquired and a Direct Connection connection was extended from your new parent corporation to your AWS VPC using a hosted VIF. What data charges are billed to your account for that connection?
A. You are only responsible for the port hours of the VIF.
B. You are not charged anything.
C. You are responsible for all data transfer out.
D. You are responsible for all data transfer in.
You have two public applications on different domains that use two front-end servers and two back-end servers each. You wish to achieve high availability for both applications. What two options should you configure? (Choose two.)
A. Route 53: 2 public zones and 2 private zones.
B. Route 53: 2 public zones and 1 private zone.
C. 3 load balancers: 2 public and 1 internal.
D. 4 load balancers: 2 public and 2 internal.
Your website utilizes EC2, S3, ELB-Classic, and CloudFront. Your manager has shifted focus to security and wants you to ensure the site is as secure as possible. What two items could you recommend? (Choose two.)
A. An NACL that blocks all ports to your subnets.
B. A restricted bucket policy.
C. A WAF on the load balancer.
D. A WAF on your CloudFront distribution.
Your company just deployed a WAF to protect its resources. You need to create a baseline before you start blocking traffic. How will you achieve this?
A. Set the WAF to Monitor mode.
B. Set the WAF to its defaults and let it do its job.
C. Setup a Lambda function to monitor Flow Logs and analyze the traffic using Elasticsearch.
D. A WAF is default deny and does not allow this. You need to use an IDS instead.
You have configured a dynamic VPN between your datacenter and your VPC. Your router says the tunnel is up and BGP is active, but for some reason, you are not seeing your routes propagate.
What is most likely the issue?
A. You need to configure the firewall for BGP.
B. Your router does not support BFD.
C. You need to obtain a new BGP MD5 key.
D. You forgot to set route propagation to "yes" in the route table.
You are a network engineer at a company that just purchased a DX connection. You ensured your equipment met all of the technical requirements, you have verified with your AWS account manager and your colocation provider that everything is connected, and all of your information is correct. For some reason, the link does not operate correctly.
What could be the problem?
A. The CAT6 cable is frayed.
B. Autonegotiation is enabled.
C. You are using 802.1q VLANs instead of 802.1w.
D. BFD is disabled.
You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning.
What is most likely the problem?
A. There is no rule in your bucket policy allowing public access.
B. You have applied your SSL to your Elastic Loadbalancer but not your CDN.
C. Your S3 Bucket permissions are incorrect.
D. You are using an SSL from an external CA.
Due to security requirements, all traffic must be encrypted between your VPC and your on-premises data center. You also want to maintain reliability.
What two options will allow you to achieve this? (Choose two.)
A. A Direct Connect connection with a Private VIF
B. A VPN connection
C. A Direct Connect connection with a Hosted VIF
D. A Direct Connect connection with a Public VIF
Your company just acquired a new company. You have two VPCs ?one is 172.31.0.0/16 and one is 10.111.0.0/16. The acquired company uses 10.111.0.0/16 for their VPC. Your VPC "A" has a group of 12 servers in the range 10.111.2.101 ?10.111.2.112. Their VPC "B" has 20 servers from 10.111.2.171 ?
10.111.2.190. You need to access both VPCs from the 172.31.0.0/16 VPC "C".
What is the best way to approach this problem?
A. From VPC C, create a peering connection and add a route to VPC A's peering connection for 10.111.2.96/27 and a route to VPC B's peering connection for 10.111.2.0/24.
B. From VPC C, create a peering connection and add a route to VPC A's peering connection for 10.111.2.96/28 and a route to VPC B's peering connection for 10.111.2.0/24.
C. From VPC C, create a peering connection and adjust the route tables to direct traffic to the individual servers by exact IP address of the servers.
D. Invest the money and change the CIDR of one of the VPCs since one VPC cannot be peered to two VPCs with the same CIDR block.
Your company has just deployed IPv6 in a VPC. All of the instances currently use a NAT, but once they configured the instances for IPv6 only, they were unable to access the resources on the instances via IPv6. What is the best option to fix this?
A. Configure the NAT for IPv6.
B. Configure an egress-only internet gateway.
C. Add a route for ::/0 to the NAT.
D. Add an internet gateway.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ANS-C00 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.