Amazon ANS-C00 Online Practice Questions and Exam Preparation

Amazon ANS-C00 Online Questions & Answers

• Question 211:

  Your customer's internal security teams receive requests to allow Amazon S3 access from inside the corporate network. All external traffic must be explicitly whitelisted through your corporate firewalls. How can your security team grant this access?

  A. Obtain the list of IP prefixes from AWS Forum announcements, and use those prefixes in firewall rules.
  B. Obtain the list of IP prefixes from ip-ranges.json, and use those prefixes in firewall rules.
  C. Obtain the list of IP prefixes by performing a DNS lookup on Amazon S3 endpoints, and use those prefixes in firewall rules.
  D. Connect your data center to a VPC via Direct Connect. Create routes that forward traffic from your data center to an S3 private endpoint.
  B. Obtain the list of IP prefixes from ip-ranges.json, and use those prefixes in firewall rules.

• Question 212:

  An organization runs a consumer-facing website on AWS. The Amazon EC2-based web fleet is load balanced using the AWS Application Load Balancer, Amazon Route 53 is used to provide the public DNS services. The following URLs need to server content to end users:

  1.

  test.example.com

  2.

  web.example.com

  3.

  example.com

  Based on this information, what combination of services must be used to meet the requirement? (Choose two.)

  A. Path condition in ALB listener to route example.com to appropriate target groups.
  B. Host condition in ALB listener to route *.example.com to appropriate target groups.
  C. Host condition in ALB listener to route example.com to appropriate target groups.
  D. Path condition in ALB listener to route *.example.com to appropriate target groups.
  E. Host condition in ALB listener to route $$$$.example.com to appropriate target groups.
  A. Path condition in ALB listener to route example.com to appropriate target groups.
  C. Host condition in ALB listener to route example.com to appropriate target groups.

• Question 213:

  You are the AWS cloud architect and have been tasked with designing an appropriate subnetting design for your production VPC. Your production VPC requires secure communications back to the corporate private network. Quality of

  Service

  cloud. Any potential latency incurred on this connection will have a direct impact on the company's ability to attract investors and expansion into new markets.

  Select the correct network configuration that best facilitates your company's continued growth plans.

  A. Provision a Direct Connect connection - between your service provider's data center and the AWS region that your cloud compute resources exist in. Configure just a Private Virtual Interface. As this is a Direct Connection, a Virtual Private Gateway is not required
  B. Configure a site-to-site layer 2 software router using OpenVPN within your VPC and ensure that QoS enabled - this is a secure and cheap option
  C. Configure a site-to-site layer 3 software router using OpenVPN within your VPC and ensure that QoS enabled - this is a secure and cheap option
  D. Provision a Direct Connect connection - between your existing service provider's data center and the AWS region that your cloud compute resources exist in. Configure a Virtual Private Gateway and Private Virtual Interface
  D. Provision a Direct Connect connection - between your existing service provider's data center and the AWS region that your cloud compute resources exist in. Configure a Virtual Private Gateway and Private Virtual Interface

• Question 214:

  Your company has installed an AWS Direct Connect connection in an ap-southeast-1 Direct Connect location. A public virtual interface is configured through a router to a dedicated firewall. You advertise your company's public /24 CIDR block to AWS with AS 65500. The company maintains a separate, corporate Internet firewall to map all outbound traffic to a single IP. This firewall maintains a BGP relationship with an upstream Internet provider that has delegated the public IP block your company uses. When the BGP session for the public virtual interface is up, corporate network users cannot access Amazon S3 resources in the ap-southeast-1 region.

  Which step should you take to provide concurrent AWS and Internet access?

  A. Configure AS-PATH prepending for the public virtual interface.
  B. Advertise a host route for the corporate firewall on the public virtual interface.
  C. Advertise a host route for the corporate firewall to the upstream Internet provider.
  D. NAT the traffic destined for AWS from the dedicated firewall using the public virtual interface.
  D. NAT the traffic destined for AWS from the dedicated firewall using the public virtual interface.

• Question 215:

  The Security department has mandated that all outbound traffic from a VPC toward an on-premises datacenter must go through a security appliance that runs on an Amazon EC2 instance. Which of the following maximizes network performance on AWS? (Choose two.)

  A. Support for the enhanced networking drivers
  B. Support for sending traffic over the Direct Connect connection
  C. The instance sizes and families supported by the security appliance
  D. Support for placement groups within the VPC
  E. Security appliance support for multiple elastic network interfaces
  B. Support for sending traffic over the Direct Connect connection
  C. The instance sizes and families supported by the security appliance

• Question 216:

  Refer to the image.

  

  You have three VPCs: A, B, and C. VPCs A and C are both peered with VPC B. The IP address ranges are as follows:

  1.

  VPC A: 10.0.0.0/16

  2.

  VPC B: 192.168.0.0/16

  3.

  VPC C: 10.0.0.0/16

  Instance i-1 in VPC A has the IP address 10.0.0.10. Instance i-2 in VPC C has the IP address 10.0.0.10. Instances i-3 and i-4 in VPC B have the IP addresses 192.168.1.10 and 192.168.1.20, respectively, i-3 and i-4 are in the subnet 192.168.1.0/24.

  1.

  i-3 must be able to communicate with i-1

  2.

  i-4 must be able to communicate with i-2

  3.

  i-3 and i-4 are able to communicate with i-1, but not with i-2. Which two steps will fix this problem? (Choose two.)

  A. Create subnets 192.168.1.0/28 and 192.168.1.16/28. Move i-3 and i-4 to these subnets, respectively.
  B. Create subnets 192.168.1.0/27 and 192.168.1.16/27. Move i-3 and i-4 to these subnets, respectively.
  C. Change the IP address of i-2 to 10.0.0.100. Assign it an elastic IP address.
  D. Create a new route table for VPC B, with unique route entries for destination VPC A and destination VPC C.
  E. Create two route tables: one with a route for destination VPC A, and another for destination VPC C.
  A. Create subnets 192.168.1.0/28 and 192.168.1.16/28. Move i-3 and i-4 to these subnets, respectively.
  E. Create two route tables: one with a route for destination VPC A, and another for destination VPC C.

• Question 217:

  You wish to have a sub-1G connection to AWS to save on costs. How can you achieve this?

  A. Just set your router to the speed you want and AWS will charge you based on the actual speed of the port.
  B. Contact AWS, they will put you in contact with a technical account manager who can help you get this setup.
  C. You can't. The only speeds available for Direct Connect are 1G and 10G.
  D. Contact an AWS partner, AWS does not provide sub-1G connection speeds.
  D. Contact an AWS partner, AWS does not provide sub-1G connection speeds.

• Question 218:

  You are preparing to launch Amazon WorkSpaces and need to configure the appropriate networking resources. What must be configured to meet this requirement?

  A. At least two subnets in different Availability Zones.
  B. A dedicated VPC with Active Directory Services.
  C. An IPsec VPN to on-premises Active Directory
  D. Network address translation for outbound traffic.
  A. At least two subnets in different Availability Zones.
  D. Network address translation for outbound traffic.

• Question 219:

  A company uses a single connection to the internet when connecting its on-premises location to AWS. It has selected an AWS Partner Network (APN) Partner to provide a point-to-point circuit for its first-ever 10 Gbps AWS Direct Connect connection.

  What steps must be taken to order the cross-connect at the Direct Connect location?

  A. Obtain the LOA/CFA from the APN Partner when ordering connectivity. Upload it to the AWS Management Console when creating a new Direct Connect connection. AWS will ensure that the cross-connect is installed.
  B. Obtain the LOA/CFA from the AWS Management Console when ordering the Direct Connect connection. Provide it to the APN Partner when ordering connectivity. The Direct Connect partner will ensure that the cross-connect is installed.
  C. Obtain one LOA/CFA each from the AWS Management Console and the APN Partner. Provide both to the Facility Operator of the Direct Connect location. The Facility Operator will ensure that the cross-connect is installed.
  D. Identify the APN Partner in the AWS Management Console when creating the Direct Connect connection. Provide the resulting Connection ID to the APN Partner, who will ensure that the cross-connect is installed.
  C. Obtain one LOA/CFA each from the AWS Management Console and the APN Partner. Provide both to the Facility Operator of the Direct Connect location. The Facility Operator will ensure that the cross-connect is installed.

• Question 220:

  An organization launched an IPv6-only web portal to support IPv6-native mobile clients. Front-end instances launch in an Amazon VPC associated with an appropriate IPv6 CIDR. The VPC IPv4 CIDR is fully utilized. A single subnet exists in each of two Availability Zones with appropriately configured IPv6 CIDR associations. Auto Scaling is properly configured, and no Elastic Load Balancing is used.

  Customers say the service is unavailable during peak load times. The network engineer attempts to launch an instance manually and receives the following message: "There are not enough free addresses in subnet `subnet-12345678' to satisfy the requested number of instances."

  What action will resolve the availability problem?

  A. Create a new subnet using a VPC secondary IPv6 CIDR, and associate an IPv6 CIDR. Include the new subnet in the Auto Scaling group.
  B. Create a new subnet using a VPC secondary IPv4 CIDR, and associate an IPv6 CIDR. Include the new subnet in the Auto Scaling group.
  C. Resize the IPv6 CIDR on each of the existing subnets. Modify the Auto Scaling group maximum number of instances.
  D. Add a secondary IPv4 CIDR to the Amazon VPC. Assign secondary IPv4 address space to each of the existing subnets.
  B. Create a new subnet using a VPC secondary IPv4 CIDR, and associate an IPv6 CIDR. Include the new subnet in the Auto Scaling group.