Amazon ANS-C00 Exam Dumps [2021] Practice Valid Exam Dumps Question ANS-C00 Dumps - Grab Out For [NEW-2021] Amazon Exam Understanding functional and technical aspects of AWS Certified Advanced Networking - Specialty Design and Implement AWS Networks The following will be discussed in AMAZON ADVANCED-NETWORKING-SPECIALITY dumps: Determine network requirements for a specialized workloadDerive an appropriate [...]

All Products Contact now

Amazon ANS-C00 Exam Dumps [2021] Practice Valid Exam Dumps Question [Q90-Q112]

Share

Amazon ANS-C00 Exam Dumps [2021] Practice Valid Exam Dumps Question

ANS-C00 Dumps - Grab Out For [NEW-2021] Amazon Exam


Understanding functional and technical aspects of AWS Certified Advanced Networking - Specialty Design and Implement AWS Networks

The following will be discussed in AMAZON ADVANCED-NETWORKING-SPECIALITY dumps:

  • Determine network requirements for a specialized workload
  • Derive an appropriate architecture based on customer and application requirements
  • Apply AWS networking concepts
  • Propose optimized designs based on the evaluation of an existing implementation
  • Evaluate and optimize cost allocations given a network design and application data flow
  • Given customer requirements, define network architectures on AWS

NEW QUESTION 90
Which service would you use to see CPU usage?
Choose the correct answer:

  • A. None of the above
  • B. CloudWatch
  • C. Config
  • D. CloudTrail

Answer: B

 

NEW QUESTION 91
Changes made to a security group attached to an Application Load Balancer resulted in connectivity issues for a company's production web application. The Network Engineer needs to lock down permissions for the company's AWS account, automate auditing for any changes, and set up notifications.
What actions should accomplish this?

  • A. Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify API calls from users. Use AWS Config to audit any changes, and configure Amazon SNS to send notifications.
  • B. Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify the API calls from users. Configure Amazon Macie to use machine learning to identify any configuration changes, and configure Amazon SNS to send notifications.
  • C. Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify the API calls from users. Configure AWS CodeCommit to audit any changes in configurations, and configure Amazon SNS to send notifications.
  • D. Configure IAM role policies to lock down permissions for specific users. Configure Amazon GuardDuty to audit and monitor configuration changes, and configure Amazon SNS to send notifications.

Answer: D

 

NEW QUESTION 92
An organization has ordered a new AWS Direct Connect connection. The AWS Management Console reports that the connection is available and BGP status is up. However, the networking team is not able to reach instances in the VPC using ping on the organization's private IP address What could cause this connectivity issue? (Choose two.)

  • A. The instance security group does not allow ICMP traffic.
  • B. A public virtual interface must be configured for Amazon EC2 connectivity.
  • C. The VGW is not advertising the correct CIDR range back on-premises.
  • D. There is a misconfiguration of the bi-directional forwarding detection.
  • E. The on-premises router is not advertising the correct CIDR range to AWS.

Answer: A,E

 

NEW QUESTION 93
An organization has ordered a new AWS Direct Connect connection. The AWS Management Console reports that the connection is available and BGP status is up. However, the networking team is not able to reach instances in the VPC using ping on the organization's private IP address What could cause this connectivity issue? (Choose two.)

  • A. A public virtual interface must be configured for Amazon EC2 connectivity.
  • B. The VGW is not advertising the correct CIDR range back on-premises.
  • C. The instance security group does not allow ICMP traffic.
  • D. There is a misconfiguration of the bi-directional forwarding detection.
  • E. The on-premises router is not advertising the correct CIDR range to AWS.

Answer: A,E

 

NEW QUESTION 94
A Network Engineer is designing a new system on AWS that will take advantage of Amazon CloudFront for both content caching and for protecting the underlying origin. There is concern that an external agency might be able to access the IP addresses for the application's origin and then attack the origin despite it being served by CloudFront. Which of the following solutions provides the strongest level of protection to the origin?

  • A. Configure CloudFront to use a custom header and configure an AWS WAF rule on the origin's Application Load Balancer to accept only traffic that contains that header.
  • B. Configure an AWS Lambda@Edge function to validate that the traffic to the Application Load Balancer originates from CloudFront.
  • C. Attach an origin access identity to the CloudFront origin that allows traffic to the origin that originates from only CloudFront.
  • D. Use an IP whitelist rule in AWS WAF within CloudFront to ensure that only known-client IPs are able to access the application.

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 95
Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution. A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location.
Which solution will meet this requirement, while minimizing downtime and costs?

  • A. Enable Amazon Macie on each AWS account and configure central reporting.
  • B. Deploy a third-party vendor solution to perform deep packet inspection in a transit VPC.
  • C. Enable Amazon GuardDuty on each account as members of a central account.
  • D. Enable VPC Flow Logs on each VPC. Set up a stream of the flow logs to a central Amazon Elasticsearch cluster.

Answer: C

Explanation:
References: https://aws.amazon.com/blogs/security/how-to-manage-amazon-guardduty-security-findings-across-multiple-accounts/

 

NEW QUESTION 96
You deploy an Amazon EC2 instance that runs a web server into a subnet in a VPC. An Internet gateway is attached, and the main route table has a default route (0.0.0.0/0) configured with a target of the Internet gateway.
The instance has a security group configured to allow as follows:
* Protocol: TCP
* Port: 80 inbound, nothing outbound
The Network ACL for the subnet is configured to allow as follows:
* Protocol: TCP
* Port: 80 inbound, nothing outbound
When you try to browse to the web server, you receive no response.
Which additional step should you take to receive a successful response?

  • A. Add an entry to the Network ACL outbound rules for Protocol: TCP, Port Range: 1024-65535
  • B. Add an entry to the security group outbound rules for Protocol: TCP, Port Range: 80
  • C. Add an entry to the Network ACL outbound rules for Protocol: TCP, Port Range: 80
  • D. Add an entry to the security group outbound rules for Protocol: TCP, Port Range: 1024-65535

Answer: A

 

NEW QUESTION 97
You have a DX connection and a VPN connection as backup for your 10.0.0.0/16 network. You just received a letter indicating that the colocation provider hosting the DX connection will be undergoing maintenance soon. It is critical that you do not experience any downtime or latency during this period. What is the best course of action? Choose the correct answer:

  • A. Configure the VPN as a static VPN instead of dynamic.
  • B. None of the above.
  • C. Advertise 10.0.0.0/9 and 10.128.0.0/9 over your VPN connection.
  • D. Configure AS_PATH Prepending on the DX connection to make it the less preferred path.

Answer: B

Explanation:
A more specific route is the only way to force AWS to prefer a VPN connection over a DX connection. A /9 is not more specific than a /16.

 

NEW QUESTION 98
Which of the following types of contents cannot serve over HTTP or HTTPS in Amazon CloudFront?

  • A. Adobe Flash multimedia content
  • B. Static and dynamic download content
  • C. Apple HTTP Live Streaming
  • D. CloudFront RTMP distribution

Answer: A

Explanation:
In Amazon CloudFront, you can use web distributions to serve the following content over HTTP or HTTPS:
Static and dynamic download content, for example, .html, .css, .php, and image files, using HTTP or HTTPS.
Multimedia content on demand using progressive download and Apple HTTP Live Streaming (HLS). A live event, such as a meeting, conference, or concert, in real time. You can't serve Adobe Flash multimedia content over HTTP or HTTPS.
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-overvie w.html

 

NEW QUESTION 99
You work for a company that has several instances running with automatically assigned public IPs. You performed an upgrade that required you to restart the instances from the console and your DNS records don't work anymore. What happened? Choose the correct answer:

  • A. You need to restart Route 53
  • B. Restarting too many instances at once overloads the system
  • C. The instances changed their public IP addresses on restart
  • D. Your network interfaces need to be reinitialized

Answer: C

Explanation:
Automatically assigned public IPs change on stop or termination of an instance.

 

NEW QUESTION 100
Refer to the image.You have three VPCs: A, B, and C.
VPCs A and C are both peered with VPC B.
The IP address ranges are as follows:
VPC A: 10.0.0.0/16
VPC B: 192.168.0.0/16
VPC C: 10.0.0.0/16
Instance i-1 in VPC A has the IP address 10.0.0.10. Instance i-2 in VPC C has the IP address
10.0.0.10. Instances i-3 and i-4 in VPC B have the IP addresses 192.168.1.10 and 192.168.1.20, respectively, i-3 and i-4 are in the subnet 192.168.1.0/24.
i-3 must be able to communicate with i-1
i-4 must be able to communicate with i-2
i-3 and i-4 are able to communicate with i-1, but not with i-2.
Which two steps will fix this problem? (Select two.)

  • A. Create subnets 192.168.1.0/28 and 192.168.1.16/28. Move i-3 and i-4 to these subnets, respectively.
  • B. Create two route tables: one with a route for destination VPC A, and another for destination VPC C.
  • C. Create a new route table for VPC B, with unique route entries for destination VPC A and destination VPC C.
  • D. Create subnets 192.168.1.0/27 and 192.168.1.16/27. Move i-3 and i-4 to these subnets, respectively.
  • E. Change the IP address of i-2 to 10.0.0.100. Assign it an elastic IP address.

Answer: C,D

 

NEW QUESTION 101
You have just deployed a website that utilizes CloudFront, ELB, and S3 to serve content. When users access your site, they are seeing broken image links. You know you configured CloudFront to use cdn.yourdomain.com. What is the most likely reason why your users not seeing the images?
Choose the correct answer:

  • A. The users are using Internet Explorer.
  • B. There is no rule in your bucket policy allowing public access.
  • C. The images in S3 are saved as .png instead of .jpg.
  • D. There is no record in Route 53 pointing cdn.yourdomain.com to the ALIAS.

Answer: D

Explanation:
You must have a Route 53 record. You never want to give public access to your content bucket.

 

NEW QUESTION 102
Your company has a 1-Gbps AWS Direct Connect connection to AWS. Your company needs to send traffic from on-premises to a VPC owned by a partner company. The connectivity must have minimal latency at the lowest price.
Which of the following connectivity options should you choose?

  • A. Enable VPC peering and use your VPC as a transitive point to reach the partner VPC.
  • B. Create a new private virtual interface, and leverage the existing connection to connect to the partner VPC.
  • C. Create a new Direct Connect connection, and set up a new circuit to connect to the partner VPC using a private virtual interface.
  • D. Create a new Direct Connect connection, and leverage the existing circuit to connect to the partner VPC.

Answer: A

 

NEW QUESTION 103
What is NOT a benefit of CloudFront?
Choose the correct answer:

  • A. Speeds up distribution of RTMP content
  • B. Helps ease the strain on your web servers
  • C. Speeds up distribution of static and dynamic web content
  • D. Distributes traffic evenly to EC2 instances

Answer: D

Explanation:
Elastic Load balancers distribute traffic to EC2 instances.

 

NEW QUESTION 104
A Lambda function needs to access the private address of an Amazon ElastiCache cluster in a VPC. The Lambda function also needs to write messages to Amazon SQS. The Lambda function has been configured to run in a subnet in the VPC.
Which of the following actions meet the requirements? (Select two.)

  • A. The Lambda function must route through a NAT gateway or NAT instance in another subnet to access the public SQS API.
  • B. The Lambda function must be assigned a public IP address to access the public Amazon SQS API.
  • C. The ElastiCache server outbound security group rules must be configured to permit the Lambda function's security group.
  • D. The Lambda function needs an IAM role to access Amazon SQS
  • E. The Lambda function must consume auto-assigned public IP addresses but not elastic IP addresses.

Answer: B,D

Explanation:
Explanation
References: https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/

 

NEW QUESTION 105
You have a three-tier web application with separate subnets for Web, Applications, and Database tiers. Your CISO suspects your application will be the target of malicious activity. You are tasked with notifying the security team in the event your application is port scanned by external systems.
Which two AWS Services cloud you leverage to build an automated notification system? (Select two.)

  • A. Lambda
  • B. AWS CloudTrail
  • C. AWS Inspector
  • D. VPC Flow Logs
  • E. Internet gateway

Answer: A,D

Explanation:
References: https://aws.amazon.com/blogs/security/how-to-receive-alerts-when-specific-apis-are-called-by-using-aws-cloudtrail-amazon-sns-and-aws-lambda/

 

NEW QUESTION 106
You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
Choose the correct answer:

  • A. There is no rule in your bucket policy allowing public access.
  • B. You are using an SSL from an external CA.
  • C. Your S3 Bucket permissions are incorrect.
  • D. You have applied your SSL to your Elastic Loadbalancer but not your CDN.

Answer: D

Explanation:
You must apply the SSL to your Elastic Loadblanacer and your CDN to encrypt all aspects of your site.

 

NEW QUESTION 107
Which other AWS service is used to track `Related Events' within the Configuration Item?

  • A. AWS CloudTrail
  • B. S3
  • C. SQS
  • D. AWS WAF

Answer: A

Explanation:
`Related Events' displays the AWS CloudTrail event ID that is related to the change that triggered the creation of the CI. There is a new CI made for every change made against a resource. As a result a different CloudTrail event IDs will be created. This allows you you to deep-dive into who or what and when made the change that triggered this CI. A great feature allowing for some great analysis to be taken, specifically when this affects security resources.
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#config- item-table

 

NEW QUESTION 108
A company's web application is deployed on Amazon EC2 instances behind a public Application Load Balancer. The application flags malicious requests and uses an AWS Lambda function to add the offending IP addresses to the network ACL to block any further request for 24 hours. Recently, the application has been receiving more malicious requests, which causes the network ACL to reach its limit of allowed entries.
Which action should be taken to block more IP addresses, without compromising the existing security requirements?

  • A. Update the AWS Lambda function to remove blocked entries from the network ACL after 2 hours.
  • B. Update the AWS Lambda function to block malicious IPs in security groups rather than the network ACL.
  • C. Update the AWS Lambda function to add an additional network ACL to the subnets once the limit for the previous ones has been reached.
  • D. Update the AWS Lambda function to block malicious IPs in AWS WAF attached to the Application Load Balancer.

Answer: C

 

NEW QUESTION 109
A multinational organization has applications deployed in three different AWS regions. These applications must securely communicate with each other by VPN. According to the organization's security team, the VPN must meet the following requirements:
* AES 128-bit encryption
* SHA-1 hashing
* User access via SSL VPN
* PFS using DH Group 2
* Ability to maintain/rotate keys and passwords
* Certificate-based authentication
Which solution should you recommend so that the organization meets the requirements?

  • A. AWS hardware VPN between the virtual private gateways in each region
  • B. AWS hardware VPN between the virtual private gateway and customer gateway
  • C. A third-party VPN solution deployed from AWS Marketplace
  • D. A private MPLS solution from an international carrier

Answer: A

 

NEW QUESTION 110
Your hybrid networking environment consists of two application VPCs, a shared services VPC, and your corporate network. The corporate network is connected to the shared services VPC via an IPsec VPN with dynamic (BGP) routing enabled.
The applications require access to a common authentication service in the shared services VPC. You need to enable native network access from the corporate network to both application VPCs.
Which step should you take to meet the requirements?

  • A. Use VPC peering to peer the application VPCs with the shared services VPC, and enable associated routing in the shared services VPC via the corporate VPN.
  • B. Enable CloudHub functionality to route traffic between the three VPCs and the corporate network using dynamic BGP routing.
  • C. Configure an IPsec VPN between the virtual private gateway in each application VPC to the virtual private gateway in the shared services VPC.
  • D. Configure additional IPsec VPNs for each application VPC back to the corporate network, and enable VPC peering to the shared services VPC.

Answer: D

 

NEW QUESTION 111
You are building an application that provides real-time audio and video services to customers on the Internet.
The application requires high throughput. To ensure proper audio and video transmission, minimal latency is required.
Which of the following will improve transmission quality?

  • A. Enable jumbo frames
  • B. Select G2 instance types
  • C. Enable enhanced networking
  • D. Use multiple elastic network interfaces

Answer: D

 

NEW QUESTION 112
......


Understanding functional and technical aspects of AWS Certified Advanced Networking - Specialty Configure Network Integration with Application Services

The following will be discussed in AMAZON ADVANCED-NETWORKING-SPECIALITY dumps:

  • Determine the appropriate configuration of DHCP within AWS
  • Reconcile AWS service requirements with network requirements
  • Given a scenario, determine an appropriate load balancing strategy within the AWS ecosystem
  • Evaluate DNS solutions in a hybrid IT architecture
  • Leverage the capabilities of Route 53
  • Determine a content distribution strategy to optimize for performance

ANS-C00 Exam Dumps PDF Guaranteed Success  with Accurate & Updated Questions: https://www.guidetorrent.com/ANS-C00-pdf-free-download.html

Related Articles

more
Amazon ANS-C00 Certification Practice Exam