• Home
  • Articles
  • [Oct 12, 2022] ANS-C00 Free Exam Questions with Quality Guaranteed [Q61-Q78]

[Oct 12, 2022] ANS-C00 Free Exam Questions with Quality Guaranteed [Q61-Q78]

Share

[Oct 12, 2022] ANS-C00 Free Exam Questions with Quality Guaranteed

 ANS-C00 Free Exam Files Downloaded Instantly

NEW QUESTION 61
You have multiple Amazon Elastic Compute Cloud (EC2) instances running a web server in a VPC configured with security groups and NACL. You need to ensure layer 7 protocol level logging of all network traffic (ACCEPT/REJECT) on the instances. What should be enabled to complete this task?

  • A. Packet sniffing at the instance level
  • B. CloudWatch Logs at the VPC level
  • C. VPC flow logs at the subnet level
  • D. Packet sniffing at the VPC level

Answer: B

 

NEW QUESTION 62
A Network Engineer needs to create a public virtual interface on the company's AWS Direct Connect connection and only import routes which originated from the same region as the Direct Connect location.
What action should accomplish this?

  • A. Configure a filter on the company's router to only import routes without a BGP community attribute and a maximum path length of 3.
  • B. Configure a filter on the company's router to only import routes with the 7224:8100 BGP community attribute.
  • C. Configure a filter in the console and only allow routes advertised by AWS without a BGP community attribute and a maximum path length of 3.
  • D. Configure a prefix list on the customer router containing the AWS IP address ranges for the specific region.

Answer: D

 

NEW QUESTION 63
You need to set up an Amazon Elastic Compute Cloud (EC2) instance for an application that requires the lowest latency and the highest packet-per-second network performance. The application will talk to other servers in a peered VPC.
Which two of the following components should be part of the design? (Select two.)

  • A. Select an instance with Amazon Elastic Block Store (EBS)-optimization.
  • B. Select an instance that has support for multiple ENAs.
  • C. Ensure that the instance supports jumbo frames and set 9001 MTU.
  • D. Select an instance with support for single root I/O virtualization.
  • E. Ensure that proper OS drivers are installed.

Answer: B,D

Explanation:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html

 

NEW QUESTION 64
A bank built a new version of its banking application in AWS using containers that content to an on- premises database over VPN connection. This application version requires users to also update their client application. The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their on-premises version of the application to serve a small portion of the customers who haven't yet upgraded.
What design will allow the company to serve both newer and earlier clients in the MOST efficient way?

  • A. Use an Application Load Balancer for the new application. Register both the new and earlier application backends as separate target groups. Use header-based routing to route traffic based on the application version.
  • B. Use an Amazon Route 53 multivalue answer routing policy to route older client traffic to the on- premises application version and the rest of the traffic to the new AWS based version.
  • C. Use an Application Load Balancer for the new application. Register both the new and earlier applications as separate target groups and use path-based routing to route traffic based on the application version.
  • D. Use a Classic Load Balancer for the new application. Route all traffic to the new application by using an Elastic Load Balancing (ELB) load balancer DNS. Define a user-agent-based rule on the backend servers to redirect earlier clients to the on-premises application.

Answer: A

Explanation:
User-Agent is a HTTP Header which Contains a characteristic string that allows the network protocol peers to identify the application type, operating system, software vendor or software version of the requesting software user agent. ALB has the capability to route based on headers, no other ELB has that capability.

 

NEW QUESTION 65
An organization will be extending its existing on-premises infrastructure into the cloud. The design consists of a transit VPC that contains stateful firewalls that will be deployed in a highly available configuration across two Availability Zones for automatic failover.
What MUST be configured for this design to work? (Select two.)

  • A. Equal-cost multi-path routing (ECMP)
  • B. Static routing
  • C. A different Autonomous System Number (ASN) for each firewall.
  • D. Border Gateway Protocol (BGP) routing
  • E. Autonomous system (AS) path prepending

Answer: D,E

Explanation:
https://docs.aws.amazon.com/solutions/latest/cisco-based-transit-vpc/appendix-a.html

 

NEW QUESTION 66
You have a global corporate network with 153 individual IP prefixes in your internal routing table. You establish a private virtual interface over AWS Direct Connect to a VPC that has an Internet gateway (iGW).
All instances in the VPC must be able to route to the Internet via an IGW and route to the global corporate network via the VGW.
How should you configure your on-premises BGP peer to meet these requirements?

  • A. Enable route propagation on the VPC route table
  • B. Announce a default route to the VPC over the BGP session
  • C. Configure AS-Prepending on your BGP session
  • D. Summarize your prefix announcement to less than 100

Answer: A

 

NEW QUESTION 67
You are moving a two-tier application into an Amazon VPC. An Elastic Load Balancing (ELB) load balancer is configured in front of the application tier. The application tier is driven through RESTful interfaces. The data tier uses relational database service (RDS) MySQL. Company policy requires end-to-end encryption of all data in transit. in front
What ELB configuration complies with the corporate encryption policy?

  • A. Configure the ELB load balancer protocol as HTTP. Configure the application instances for SSL termination. Configure Amazon RDS for SSL, and use REQUIRE SSL grants.
  • B. Configure the ELB load balancer protocol as HTTPS. Offload application instance encryption to the load balancer. Install your SSL certificate on Amazon RDS, and configure SSL.
  • C. Configure the ELB protocols in SSL mode. Offload application instance encryption to the load balancer. Install your SSL/TLS certificate on Amazon RDS, and configure SSL.
  • D. Configure the ELB protocols in TCP mode. Configure the application instances for SSL termination. Configure Amazon RDS for SSL, and use REQUIRE SSL grants.

Answer: D

Explanation:
Refer: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-listener-config.html

 

NEW QUESTION 68
A legacy, on-premises web application cannot be load balances effectively. There are both planned and unplanned events that cause usage spikes to millions of concurrent users. The existing infrastructure cannot handle the usage spikes. The CIO has mandated that the application be moved to the cloud to avoid further disruptions, with the additional requirement that source IP addresses be unaltered to support network traffic monitoring needs. Which of the following designs will meet these requirements?

  • A. Use an Auto Scaling group of EC2 instances in a target group behind a Network Load Balancer.
  • B. Use an Auto Scaling group of Amazon EC2 instances behind a Classic Load Balancer.
  • C. Use an Auto Scaling group of EC2 instances in a target group behind a Classic Load Balancer.
  • D. Use an Auto Scaling group of EC2 instances in a target group behind an Application Load Balancer.

Answer: A

 

NEW QUESTION 69
What are two reasons that could cause an HTTP health check to fail? Choose the 2 correct answers:

  • A. HTTP server not running
  • B. No Internet Gateway
  • C. Security group blocking port 80 to the instance
  • D. NACL blocking port 443 to the instance

Answer: A,C

Explanation:
A load balancer does not perform health checks through the internet gateway, so it is not necessary and 443 is HTTPS not HTTP

 

NEW QUESTION 70
Your organization's corporate website must be available on www.acme.com and acme.com.
How should you configure Amazon Route 53 to meet this requirement?

  • A. Configure acme.com with an ALIAS record targeting the ELB. www.acme.com with an ALIAS record targeting the ELB.
  • B. Configure acme.com using a second ALIAS record with the ELB target. www.acme.com using a PTR record with the acme.com record target.
  • C. Configure acme.com with an A record targeting the ELB. www.acme.com with a CNAME record targeting the acme.com record.
  • D. Configure acme.com with a CNAME record targeting the ELB. www.acme.com with a CNAME record targeting the acme.com record.

Answer: A

 

NEW QUESTION 71
A Network Engineer needs to be automatically notified when a certain TCP port is accessed on a fleet of Amazon EC2 instances running in an Amazon VPC.
Which of the following is the MOST reliable solution?

  • A. Install intrusion detection software on each Amazon EC2 instance and configure it to use the AWS CLI to notify the Administrator with Amazon SNS each time the TCP port is accessed.
  • B. Create VPC Flow Logs that write to Amazon CloudWatch Logs, with a metric filter matching connections on the required port. Create a CloudWatch alarm on the resulting metric that uses Amazon SNS to notify the Administrator when the metric is greater than zero.
  • C. Create an inbound rule in the VPC's network ACL that matches the TCP port. Create an Amazon CloudWatch alarm on the NetworkPackets metric for the ACL that uses Amazon SNS to notify the Administrator when the metric is greater than zero.
  • D. Install intrusion detection software on each Amazon EC2 instance and configure it to use the AWS CLI to publish to a custom Amazon CloudWatch metric each time the TCP port is accessed. Create a CloudWatch alarm on the resulting metric that uses Amazon SNS to notify the Administrator when the metric is greater than zero.

Answer: C

 

NEW QUESTION 72
You are preparing to launch Amazon WorkSpaces and need to configure the appropriate networking resources. What must be configured to meet this requirement?

  • A. An IPsec VPN to on-premises Active Directory
  • B. Network address translation for outbound traffic.
  • C. At least two subnets in different Availability Zones.
  • D. A dedicated VPC with Active Directory Services.

Answer: B,C

Explanation:
Explanation/Reference:
References: https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces-vpc.html

 

NEW QUESTION 73
You work for an international corporation that uses AWS. Due to regulations, you are now required to route the US and China to two different websites. You set up the records and now no other countries can access your site. Why is this? Choose the correct answer:

  • A. Geolocation features are only available in CloudFront.
  • B. You probably broke your DNS.
  • C. You forgot to set a default geolocation record.
  • D. You must have a geolocation in place for every country.

Answer: C

Explanation:
A default record is required for traffic that does not match a geolocation criteria to follow.

 

NEW QUESTION 74
A company wants to use thin clients running virtual desktops to replace 500 desktop computers used by its call center employees The company is evaluating Amazon Workspaces as a solution
A network engineer who is testing with a thin client is unable to conned to Amazon Workspaces After entering credentials the network engineer receives the following error:
"An error occurred while launching your Workspace Please try again"
What should the network engineer do to resolve this issue?

  • A. Update the inbound rules on the network ACL on the subnets used for Amazon Workspaces to allow UDP on port 4172 and TCP on port 4172
  • B. Update the inbound rules on the security group assigned to Amazon Workspaces to allow UDP on port 4172 and TCP on port 4172
  • C. Update the company's corporate firewall to allow outbound access to UDP on port 4172 and TCP on port 4172 Open inbound ephemeral ports explicitly to allow return communication
  • D. Update the company's corporate firewall to allow inbound access to UDP on port 4172 and TCP on port 4172 Open outbound ephemeral ports explicitly to allow return communication

Answer: B

 

NEW QUESTION 75
You are designing an AWS Direct Connect solution into your VPC. You need to consider requirements for the customer router to terminate the Direct Connect link at the Direct Connect location.
Which three factors that must be supported should you consider when choosing the customer router? (Select three.)

  • A. 802.1ax or 802.3ad link aggregation
  • B. BGP
  • C. 1-Gbps copper connectivity
  • D. single-mode optical fiber connectivity
  • E. OSPF
  • F. 802.1q trunking

Answer: C,D,F

Explanation:
Explanation
References: https://aws.amazon.com/directconnect/faqs/

 

NEW QUESTION 76
You are configuring a virtual interface for access to your VPC on a newly provisioned 1-Gbps AWS Direct Connect connection. Which two configuration values do you need to provide? (Select two.)

  • A. Public AS number
  • B. Virtual private gateway
  • C. Direct Connect location
  • D. VLAN ID
  • E. IP prefixes to advertise

Answer: B,D

Explanation:
Explanation
References: https://aws.amazon.com/directconnect/faqs/

 

NEW QUESTION 77
A company has an application running on Amazon EC2 instances in a VPC The application must publish custom metrics to Amazon CloudWatch in the same AWS Region The metrics include proprietary information All connectivity must be over private IP addresses.
Which solution will meet these requirements'?

  • A. Connect to CloudWatch through a NAT gateway
  • B. Connect to CloudWatch through an internet gateway
  • C. Connect to CloudWatch through an interface endpoint
  • D. Connect to CloudWatch through a gateway endpoint

Answer: C

 

NEW QUESTION 78
......

Q&As with Explanations Verified & Correct Answers: https://www.prep4sures.top/ANS-C00-exam-dumps-torrent.html

Related Articles

more
Amazon ANS-C00 Certification Practice Exam