2023 Free Amazon ANS-C00 Exam Files Downloaded Instantly Pass Amazon ANS-C00 exam Dumps 100 Pass Guarantee With Latest Demo NEW QUESTION 50 In AWS Direct Connect, to provide for failover, AWS recommends that you request and configure two dedicated connections to AWS.These connections can terminate on one or two routers in your network. You can do this while__________________ with AWS Direct Connect [...]

All Products Contact now

2023 Free Amazon ANS-C00 Exam Files Downloaded Instantly [Q50-Q73]

Share

2023 Free Amazon ANS-C00 Exam Files Downloaded Instantly

Pass Amazon ANS-C00 exam Dumps 100 Pass Guarantee With Latest Demo

NEW QUESTION 50
In AWS Direct Connect, to provide for failover, AWS recommends that you request and configure two dedicated connections to AWS.
These connections can terminate on one or two routers in your network. You can do this while
__________________ with AWS Direct Connect step.

  • A. creating a Virtual Interface
  • B. verifying your Virtual Interface
  • C. configuring redundant connections
  • D. completing the cross-connect

Answer: C

Explanation:
In AWS Direct Connect, to provide for failover, AWS recommends that you request and configure two dedicated connections to AWS.
These connections can terminate on one or two routers in your network. You can do this in Configure Redundant Connections with AWS Direct Connect step.
Reference:
http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.html#RedundantCo nnections

 

NEW QUESTION 51
An organization is migrating its on-premises applications to AWS by using a lift-and-shift approach, taking advantage of managed AWS services wherever possible. The company must be able to edit the application code during the migration phase. One application is a traditional three-tier application, consisting of a web presentation tier, an application tier, and a database tier. The external calling client applications need their sessions to remain sticky to both the web and application nodes that they initially connect to.
Which load balancing solution would allow the web and application tiers to scale horizontally independent from one another other?

  • A. Deploy a web node and an application node as separate containers on the same host, using task linking to create a relationship between the pair. Add an Application Load Balancer with session stickiness in front of all web node containers.
  • B. Use an Application Load Balancer at the web tier and a Classic Load Balancer at the application tier. Set session stickiness on both, but update the application code to create an application-controlled cookie on the Classic Load Balancer.
  • C. Use a Network Load Balancer at the web tier, and an Application Load Balancer at the application tier.
    Enable session stickiness on the Application Load Balancer, but take advantage of the native WebSockets protocols available to the Network Load Balancer.
  • D. Use an Application Load Balancer at both the web and application tiers, setting session stickiness at the target group level for both tiers.

Answer: D

 

NEW QUESTION 52
You are designing an AWS Direct Connect solution into your VPC. You need to consider requirements for the customer router to terminate the Direct Connect link at the Direct Connect location.
Which three factors that must be supported should you consider when choosing the customer router?
(Select three.)

  • A. single-mode optical fiber connectivity
  • B. 1-Gbps copper connectivity
  • C. 802.1ax or 802.3ad link aggregation
  • D. OSPF
  • E. 802.1q trunking
  • F. BGP

Answer: A,B,E

Explanation:
Explanation/Reference:
References: https://aws.amazon.com/directconnect/faqs/

 

NEW QUESTION 53
Non-compliant resources identified through the use of AWS Config Rules are automatically removed from operational service.

  • A. It depends on the Rule configuration
  • B. False
  • C. Only if it remains non-compliant for more than 6 hours
  • D. True

Answer: B

Explanation:
Each time a change is made to one of your supported resources, AWS config will check its compliance against any Config Rules that you have in place. If there is a violation against these rules then AWS Config will send a message to the Configuration Stream via SNS and the resource will be marked as `noncompliant'.
It's important to note that this does not mean the resource will be taken out of service or it will stop working. It will continue to operate exactly as it is with its new configuration. AWS Config simply alerts you that there is a violation and it's up to you to take the appropriate action.
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_view-compliance.html

 

NEW QUESTION 54
Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution. A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location.
Which solution will meet this requirement, while minimizing downtime and costs?

  • A. Enable Amazon GuardDuty on each account as members of a central account.
  • B. Enable Amazon Macie on each AWS account and configure central reporting.
  • C. Enable VPV Flow Logs on each VPC. Set up a stream of the flow logs to a central Amazon Elasticsearch cluster.
  • D. Deploy a third-party vendor solution to perform deep packet inspection in a transit VPC.

Answer: A

 

NEW QUESTION 55
Which of the following characters is not allowed while creating a Namespace for a CloudWatch metric?

  • A. :
  • B. /
  • C. #
  • D. @

Answer: D

Explanation:
Namespace is a grouping or a container for a CloudWatch metric. The names must be valid XML characters, typically containing the alphanumeric characters "0-9A-Za-z" plus "."(period), "-" (hyphen), "_" (underscore), "/" (slash), "#" (hash), and ":" (colon). All AWS namespaces follow the convention AWS/<service>, such as AWS/EC2 and AWS/ELB.
Reference:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.ht ml

 

NEW QUESTION 56
Your application is hosted behind an Elastic Load Balancer (ELB) within an autoscaling group. The autoscaling group is configured with a minimum of 2, a maximum of 14, and a desired value of 2. The autoscaling cooldown and the termination policies are set to the default value.
CloudWatch reports that the site typically requires just two servers, but spikes at the start and end of the business day can require eight to ten servers. You receive intermittent reports of timeouts and partially loaded web pages.
Which configuration change should you make to address this issue?

  • A. Configure connection draining on the ELB.
  • B. Configure a Terminating: Wait lifecycle hook on a scale in event.
  • C. Configure the autoscaling cooldown to 600 seconds.
  • D. Configure the termination policy to oldest instance.

Answer: A

Explanation:
Explanation/Reference:
References: https://docs.aws.amazon.com/autoscaling/ec2/userguide/attach-load-balancer-asg.html

 

NEW QUESTION 57
A company wants to use thin clients running virtual desktops to replace 500 desktop computers used by its call center employees. The company is evaluating Amazon WorkSpaces as a solution.
A network engineer who is testing with a thin client is unable to connect to Amazon WorkSpaces.
After entering credentials, the network engineer receives the following error:
"An error occurred while launching your WorkSpace. Please try again."
What should the network engineer do to resolve this issue?

  • A. Update the company's corporate firewall to allow inbound access to UDP on port 4172 and TCP on port 4172. Open outbound ephemeral ports explicitly to allow return communication.
  • B. Update the inbound rules on the network ACL on the subnets used for Amazon WorkSpaces to allow UDP on port 4172 and TCP on port 4172.
  • C. Update the inbound rules on the security group assigned to Amazon WorkSpaces to allow UDP on port 4172 and TCP on port 4172.
  • D. Update the company's corporate firewall to allow outbound access to UDP on port 4172 and TCP on port 4172. Open inbound ephemeral ports explicitly to allow return communication.

Answer: D

Explanation:
https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-port- requirements.html#client-application-ports To connect to your WorkSpaces, the network that your Amazon WorkSpaces clients are connected to must have certain ports open to the IP address ranges for the various AWS services (grouped in subsets). These address ranges vary by AWS Region. These same ports must also be open on any firewall running on the client. For more information about the AWS IP address ranges for different Regions, see AWS IP Address Ranges in the Amazon Web Services General Reference.

 

NEW QUESTION 58
An organization has created a web application inside a VPC and wants to make it available to 200 client VPCs. The client VPCs are in the same region but are owned by other business units within the organization.
What is the best way to meet this requirement, without making the application publicly available?

  • A. Deploy the web application behind an internal Application Load Balancer and control which clients have access by using security groups.
  • B. Enable VPC peering between the web application VPC and all client VPCs.
  • C. Configure the application as an AWS PrivateLink-powered service, and have the client VPCs connect to the endpoint service by using an interface VPC endpoint.
  • D. Deploy the web application behind an internet-facing Application Load Balancer and control which clients have access by using security groups.

Answer: D

 

NEW QUESTION 59
A company uses multiple AWS accounts within AWS Organizations and has services deployed in a single AWS Region. The instances in a private subnet occasionally download patches from the internet through a NAT gateway The company recently migrated from VPC peering to AWS Transit Gateway The cumulative traffic through deployed NAT gateways Is less than 1Gbps The NAT gateway hourly charge contributes to most of the NAT gateway costs across all linked accounts.
What should the company do to reduce NAT gateway hourly costs?

  • A. Use VPC endpoints to send traffic to AWS services in the same Region.
  • B. Deploy and use NAT gateways in the same Availability Zone as the heavy-traffic resources.
  • C. Move to a centralized NAT gateway architecture with NAT gateways deployed in an egress VPC Use AWS Transit Gateway to send traffic through the centralized NAT gateways.
  • D. Move to a centralized NAT gateway architecture with NAT gateways deployed in an egress VPC Use VPC peering to send traffic through the centralized NAT gateways.

Answer: D

 

NEW QUESTION 60
In AWS, which tool records API calls for a specific AWS account and also delivers the log files for that account?

  • A. Beanstalk
  • B. CloudTrail
  • C. Cognito
  • D. Redshift

Answer: B

Explanation:
The AWS CloudTrail is a web service that is used to record AWS API call for a specific AWS account. It also delivers log files, which provide the following details:
. Identity of the API caller
. Time of the API call
. Source IP address of API caller
. Request parameters
. Response elements
Reference: https://aws.amazon.com/cloudtrail/

 

NEW QUESTION 61
Which of the following services is used to send an alert from CloudWatch?

  • A. AWS SQS
  • B. AWS SNS
  • C. AWS EBS
  • D. AWS SES

Answer: B

Explanation:
AWS Auto Scaling and Simple Notification Service (SNS) work in conjunction with CloudWatch.
You use Amazon SNS with CloudWatch to send messages when an alarm threshold has been reached.
Reference:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/related_services.ht ml

 

NEW QUESTION 62
A corporate network routing table contains 624 individual RFC 1918 and public IP prefixes. You have two AWS Direct Connect connectors. You congure a private virtual interface on both connections to a virtual private gateway. The virtual private gateway is not currently attached to a VPC. Neither BGP session will maintain the Established state on the customer router. The AWS Management Console reports the private virtual interfaces as Down.
What could you do to address the problem so that the AWS Management Console reports the private virtual interface as Available?

  • A. Attach the virtual private gateway to a VPC and enable route propagation.
  • B. Attach the second virtual interface to an alternative virtual private gateway.
  • C. Filter the public IP prexes on the corporate network from the private virtual interface.
  • D. Change the BGP advertisements from the corporate network to only be a default route.

Answer: D

Explanation:
Explanation
https://aws.amazon.com/es/premiumsupport/knowledge-center/virtual-interface-bgp-down/

 

NEW QUESTION 63
Your company needs to leverage Amazon Simple Storage Solution (S3) for backup and archiving. According to company policy, data should not flow on the public Internet even if data is encrypted. You have set up two S3 buckets in us-east-1 and us-west-2. Your company data center is located on the West Coast of the United States. The design must be cost-effective and enable minimal latency.
Which design should you set up?

  • A. An AWS Direct Connect connection to us-west-2.
  • B. An AWS Direct Connect connection to us-east-1.
  • C. An AWS Direct Connect connection to us-east-1 and a Direct Connect connection to us-west-2.
  • D. An AWS Direct Connect connection to us-west-2 and a VPN connection to us-east-1.

Answer: C

 

NEW QUESTION 64
You have a hybrid infrastructure, and you need AWS resources to be able to resolve your on- premises DNS names. You have configured a DNS server on an EC2 instance in your
10.1.3.0/24 subnet. This subnet resides on the VPC 10.1.0.0/16. What step should you take to accomplish this?
Choose the correct answer:

  • A. Configure your DNS server to forward queries for the private hosted zone to 10.1.0.2.
  • B. Configure the DHCP option set in the VPC to point ot the EC2 DNS server.
  • C. Configure your DNS server to forward queries for the private hosted zone to 10.1.3.2.
  • D. Disable the source/destination check flag for the DNS instance.

Answer: B

Explanation:
Your DNS server will forward queries to your on-premises DNS. You must configure the DHCP option set so the instances will forward queries to your on-premises DNS instead of the VPC DNS.

 

NEW QUESTION 65
Your company decides to use Amazon S3 to augment its on-premises data store. Instead of using the company's highly controlled, on-premises Internet gateway, a Direct Connect connection is ordered to provide high bandwidth, low latency access to S3. Since the company does not own a publically routable IPv4 address block, a request was made to AWS for an AWS-owned address for a Public Virtual Interface (VIF).
The security team is calling this new connection a "backdoor", and you have been asked to clarify the risk to the company.
Which concern from the security team is valid and should be addressed?

  • A. The S3 service could reach the router through a pre-configured VPC Endpoint.
  • B. EC2 instances in the same region with access to the Internet could directly reach the router.
  • C. AWS advertises its aggregate routes to the Internet allowing anyone on the Internet to reach the router.
  • D. Direct Connect customers with a Public VIF in the same region could directly reach the router.

Answer: D

Explanation:
Explanation
https://aws.amazon.com/premiumsupport/knowledge-center/control-routes-direct-connect/

 

NEW QUESTION 66
You are preparing to launch Amazon WorkSpaces and need to configure the appropriate networking resources. What must be configured to meet this requirement?

  • A. At least two subnets in different Availability Zones.
  • B. A dedicated VPC with Active Directory Services.
  • C. Network address translation for outbound traffic.
  • D. An IPsec VPN to on-premises Active Directory

Answer: A,C

 

NEW QUESTION 67
An organization delivers high-resolution, dynamic web content. Internet users access the content from a variety of platforms, including mobile, tablet and desktop. Each platform receives a customized experience to account for the differences in viewing modes. A dedicated, automatic-scaling fleet of Amazon EC2 instances is used for each platform to server content based on path-based headers.
Which combination of services will MINIMIZE cost and MAXIMIZE performance? (Select two.)

  • A. Amazon S3 static websites
  • B. Application Load Balancer
  • C. Amazon CloudFront with Lambda@Edge
  • D. Network Load Balancer
  • E. Amazon Route 53 with traffic flow policies

Answer: B,C

Explanation:
Explanation
References: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-at-the-edge.html

 

NEW QUESTION 68
You can use the ____ page of the AWS Config console to look up resources that AWS Config has discovered, including deleted resources and resources that are not currently being recorded.

  • A. resource inventory
  • B. snapshot listing
  • C. resource database
  • D. configuration history

Answer: A

Explanation:
You can use the AWS Config console, AWS CLI, and AWS Config API to look up the resources that AWS Config has taken an inventory of, or discovered, including deleted resources and resources that AWS Config is not currently recording. AWS Config discovers supported resource types only. You can use the AWS Config console in the AWS Management console to look up these resources. The Resource Inventory page lets you perform this search.
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/looking-up-discovered-resources.html

 

NEW QUESTION 69
An AWS CloudFormation template is being used to create a VPC peering connection between two existing operational VPCs, each belonging to a different AWS account. All necessary components in the 'Remote' (receiving) account are already in place.
The template below creates the VPC peering connection in the Originating account. It contains these components:
AWSTemplateFormation Version: 2010-09-09
Parameters:
Originating VCId:
Type: String
RemoteVPCId:
Type: String
RemoteVPCAccountId:
Type: String
Resources:
newVPCPeeringConnection:
Type: 'AWS::EC2::VPCPeeringConnection'
Properties:
VpcdId: !Ref OriginatingVPCId
PeerVpcId: !Ref RemoteVPCId
PeerOwnerId: !Ref RemoteVPCAccountId
Which additional AWS CloudFormation components are necessary in the Originating account to create an operational cross-account VPC peering connection with AWS CloudFormation? (Select two.)

  • A. Resources:VPCGatewayToRemoteVPC:Type: "AWS::EC2::VPCGatewayAttachment"
  • B. Resources:newEC2Route:Type: AWS::EC2::Route
  • C. Resources:newVPCPeeringConnection:Type: 'AWS::EC2VPCPeeringConnection'PeerRoleArn: !Ref PeerRoleArn
  • D. Resources:NetworkInterfaceToRemoteVPC:Type: "AWS::EC2NetworkInterface"
  • E. Resources:NewEC2SecurityGroup:Type: AWS::EC2::SecurityGroup

Answer: A,C

Explanation:
Explanation
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_EC2.html

 

NEW QUESTION 70
An organization will be expanding its current network design. When fully built out, there will be 99 VPCs spread across 11 AWS accounts (9 VPCs per account). There is currently an AWS Direct Connect connection into one account with 9 VPCs, each with a virtual network interface (VIF) per VPC.
Which of the following designs will minimize cost while allowing the organization to expand?

  • A. Order 10 new Direct Connect connections, one from each of the accounts that will be provisioned.
    Create private VIFs in each account. Attach one private VIF per VPC.
  • B. Create hosted private VIFs in the existing account. Connect a private VIF to an AWS Direct Connect gateway in each account. Connect the gateway in each account to the VPCs.
  • C. Create a public VIF on the Direct Connect connection. Leverage the public VIF to create a VPN connection to each VPC.
  • D. Create a transit VPC in the existing account that consists of two routers in separate Availability Zones.
    Connect each VPC to the two routers in the transit VPC by using VPN.

Answer: D

Explanation:
Explanation
https://docs.aws.amazon.com/directconnect/latest/UserGuide/limits.html

 

NEW QUESTION 71
You are the AWS cloud architect and have been tasked with designing an appropriate subnetting design for your production VPC. Your production VPC requires secure communications back to the corporate private network. Quality of Service (QoS) is very important 24x7 for this particular connection, as real-time data is passed continually backwards and forwards between your on- prem bioinformatics enterprise application, and the number crunching servers deployed in the cloud. Any potential latency incurred on this connection will have a direct impact on the company's ability to attract investors and expansion into new markets. Select the correct network configuration that best facilitates your company's continued growth plans.

  • A. Configure a site-to-site layer 3 software router using OpenVPN within your VPC and ensure that QoS enabled - this is a secure and cheap option
  • B. Configure a site-to-site layer 2 software router using OpenVPN within your VPC and ensure that QoS enabled - this is a secure and cheap option
  • C. Provision a Direct Connect connection - between your service provider's data center and the AWS region that your cloud compute resources exist in . Configure just a Private Virtual Interface.
    As this is a Direct Connection, a Virtual Private Gateway is not required
  • D. Provision a Direct Connect connection - between your existing service provider's data center and the AWS region that your cloud compute resources exist in. Configure a Virtual Private Gateway and Private Virtual Interface

Answer: D

Explanation:
Answers A, B, and C all rely on an Internet connection. An Internet connection cannot guarantee QoS and will be subject to performance fluctuations - therefore they are all incorrect options. The only difference between these options is whether a Virtual Private Gateway is required - the answer is yes and therefore the correct answer is D.
Reference: https://aws.amazon.com/directconnect/faqs/

 

NEW QUESTION 72
A company uses multiple AWS accounts within AWS Organizations and has services deployed in a single AWS Region. The instances in a private subnet occasionally download patches from the internet through a NAT gateway The company recently migrated from VPC peering to AWS Transit Gateway The cumulative traffic through deployed NAT gateways Is less than 1Gbps The NAT gateway hourly charge contributes to most of the NAT gateway costs across all linked accounts.
What should the company do to reduce NAT gateway hourly costs?

  • A. Move to a centralized NAT gateway architecture with NAT gateways deployed in an egress VPC Use AWS Transit Gateway to send traffic through the centralized NAT gateways.
  • B. Use VPC endpoints to send traffic to AWS services in the same Region.
  • C. Deploy and use NAT gateways in the same Availability Zone as the heavy-traffic resources.
  • D. Move to a centralized NAT gateway architecture with NAT gateways deployed in an egress VPC Use VPC peering to send traffic through the centralized NAT gateways.

Answer: A

Explanation:
Deploying a NAT Gateway in every spoke VPC can become expensive because you pay an hourly charge for every NAT Gateway you deploy (see Amazon VPC pricing), so centralizing it could be a viable option. To centralize, we create an egress VPC in the network services account and route all egress traffic from the spoke VPCs via a NAT Gateway sitting in this VPC leveraging Transit Gateway, https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/centralized-egress-to-internet.html

 

NEW QUESTION 73
......


Understanding functional and technical aspects of AWS Certified Advanced Networking - Specialty Configure Network Integration with Application Services

The following will be discussed in AMAZON ANS-C00 exam dumps:

  • Leverage the capabilities of Route 53
  • Given a scenario, determine an appropriate load balancing strategy within the AWS ecosystem
  • Determine the appropriate configuration of DHCP within AWS

Exam Topics for AWS Certified Advanced Networking - Specialty

The following will be discussed in AMAZON ADVANCED-NETWORKING-SPECIALITY exam dumps:

  • Design and Implement for Security and Compliance
  • Manage, Optimize, and Troubleshoot the Network
  • Design and Implement Hybrid IT Network Architectures at Scale
  • Automate AWS Tasks

 

Read Online ANS-C00 Test Practice Test Questions Exam Dumps: https://freetorrent.braindumpsvce.com/ANS-C00_exam-dumps-torrent.html

Related Articles

more
Amazon ANS-C00 Certification Practice Exam