Amazon ANS-C00 Online Practice Questions and Exam Preparation

Amazon ANS-C00 Online Questions & Answers

• Question 361:

  You have configured a dynamic VPN between your datacenter and your VPC. Your router says the tunnel is up and BGP is active, but for some reason, you are not seeing your routes propagate. What is most likely the issue?

  A. You need to configure the firewall for BGP.
  B. Your router does not support BFD.
  C. You need to obtain a new BGP MD5 key.
  D. You forgot to set route propagation to "yes" in the route table.
  D. You forgot to set route propagation to "yes" in the route table.

• Question 362:

  You have a three-tier web application with separate subnets for Web, Applications, and Database tiers. Your CISO suspects your application will be the target of malicious activity. You are tasked with notifying the security team in the event your application is port scanned by external systems.

  Which two AWS Services cloud you leverage to build an automated notification system? (Choose two.)

  A. Internet gateway
  B. VPC Flow Logs
  C. AWS CloudTrail
  D. Lambda
  E. AWS Inspector
  C. AWS CloudTrail
  D. Lambda

• Question 363:

  A company has deployed a production environment in the AWS Cloud. The environment is contained in a VPC and includes a virtual private gateway. The company has established an AWS Direct Connect connection. which includes a private Virtual Interface (VIF), and a VPN connection to the on-premises data center.

  For traffic originating in the VPC, what is the order of BGP path selection from MOST preferred to LEAST preferred?

  A. Direct Connect BGP routes; static routes; longest prefix match; VPN BGP routes.
  B. Static routes; longest prefix match; Direct Connect BGP routes; VPN BGP routes.
  C. Longest prefix match; static routes; Direct-Connect BGP routes; VPN BGP routes.
  D. Longest prefix match; VPN BGP routes; static routes; Direct Connect BGP routes.
  C. Longest prefix match; static routes; Direct-Connect BGP routes; VPN BGP routes.

• Question 364:

  To get started using AWS Direct Connect, in which of the following steps do you configure Border Gateway Protocol (BGP)?

  A. Complete the Cross Connect
  B. Verify your Virtual Interface
  C. Create a Virtual Interface
  D. Submit AWS Direct Connect Connection Request
  C. Create a Virtual Interface

• Question 365:

  A company has two redundant AWS Direct Connect connections to a VPC. The VPC is configured using BGP metrics so that one Direct Connect connection is used as the primary traffic path. The company wants the primary Direct Connect connection to fail to the secondary in less than one second.

  What should be done to meet this requirement?

  A. Configure BGP on the company's router with a keep-alive to 300 ms and the BGP hold timer to 900 ms.
  B. Enable Bidirectional Forwarding Detection (BFD) on the company's router with a detection minimum interval of 300 ms and a BFD liveness detection multiplier of 3.
  C. Enable Dead Peer Detection (DPD) on the company's router with a detection minimum interval of 300 ms and a DPD liveliness detection multiplier of 3.
  D. Enable Bidirectional Forwarding Detection (BFD) echo mode on the company's router and disable sending the Internet Control Message Protocol (ICMP) IP packet requests.
  B. Enable Bidirectional Forwarding Detection (BFD) on the company's router with a detection minimum interval of 300 ms and a BFD liveness detection multiplier of 3.

• Question 366:

  A company has 225 mobile and desktop devices and 300 partner VPNs that need access to an AWS VPC. VPN users should not be able to reach one another. Which approach will meet the technical and security requirements while minimizing costs?

  A. Use the AWS IPsec VPN for the mobile, desktop, and partner VPN connections. Use network access control lists (Network ACLs) and security groups to maintain routing separation.
  B. Use the AWS IPsec VPN for the partner VPN connections. Use an Amazon EC2 instance VPN for the mobile and desktop devices. Use Network ACLs and security groups to maintain routing separation.
  C. Create an AWS Direct Connect connection between on-premises and AWS Use a public virtual interface to connect to the AWS IPsec VPN for the mobile, desktop, and partner VPN connections.
  D. Use an Amazon EC2 instance VPN for the desktop, mobile, and partner VPN connections. Use features of the VPN instance to limit routing and connectivity.
  B. Use the AWS IPsec VPN for the partner VPN connections. Use an Amazon EC2 instance VPN for the mobile and desktop devices. Use Network ACLs and security groups to maintain routing separation.

• Question 367:

  You want to ensure you have the absolute best transmission rates inside and outside your VPC. You are concerned about the MTU settings. What is the best way to configure your T2 instances to ensure the best compatibility?

  A. Set all MTU to 1500 as that is the best way to ensure compatibility.
  B. Leave everything as is.
  C. Configure two ENIs, one for internal traffic and one for external traffic. Configure the external ENI with an MTU of 1500 and the internal ENI with an MTU of 9001.
  D. Set all MTU to 9001 as that is the best way to ensure the best speed. The packets will be fragmented if they have to be.
  C. Configure two ENIs, one for internal traffic and one for external traffic. Configure the external ENI with an MTU of 1500 and the internal ENI with an MTU of 9001.

• Question 368:

  Which of the following services is used to send an alert from CloudWatch?

  A. AWS SNS
  B. AWS EBS
  C. AWS SES
  D. AWS SQS
  A. AWS SNS

• Question 369:

  An organization has created a web application inside a VPC and wants to make it available to 200 client VPCs. The client VPCs are in the same region but are owned by other business units within the organization. What is the best way to meet this requirement, without making the application publicly available?

  A. Configure the application as an AWS PrivateLink-powered service, and have the client VPCs connect to the endpoint service by using an interface VPC endpoint.
  B. Enable VPC peering between the web application VPC and all client VPCs.
  C. Deploy the web application behind an internet-facing Application Load Balancer and control which clients have access by using security groups.
  D. Deploy the web application behind an internal Application Load Balancer and control which clients have access by using security groups.
  C. Deploy the web application behind an internet-facing Application Load Balancer and control which clients have access by using security groups.

• Question 370:

  A company wants to migrate a proprietary application from on premises to the AWS Cloud. The application implements segregation of different types of network traffic.

  The application uses services that listen to multiple ports on two different IP addresses. One IP address is used for customer-facing traffic, and the other IP address is used for management traffic. The application requires the IP addresses to

  belong to different subnets.

  How can the company deploy the application with the LEAST management overhead?

  A. Deploy the application to Amazon Elastic Container Service (Amazon ECS). Configure two elastic network interfaces in the task definition.
  B. Deploy the application to Amazon Elastic Container Service (Amazon ECS). Create an AWS Lambda function to attach a second elastic network interface. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the function.
  C. Deploy the application to an Amazon EC2 instances that has a secondary elastic network interface attached. Select different subnets for each network interface.
  D. Deploy the application to Amazon Elastic Container Service (Amazon ECS). Create an AWS Lambda function to attach a second elastic network interface. Use an AWS Step Functions workflow to invoke the function.
  C. Deploy the application to an Amazon EC2 instances that has a secondary elastic network interface attached. Select different subnets for each network interface.