Released the latest Amazon ANS-C00 exam dumps! You can get ANS-C00 VCE dumps and ANS-C00 PDF dumps from Pass4itsure, (including the latest ANS-C00 exam questions), which will ensure that your ANS-C00 exam is 100% passed! Pass4itsure ANS-C00 dumps VCE and PDF — https://www.pass4itsure.com/aws-certified-advanced-networking-specialty.html Updated!
Latest Amazon AWS Certified Specialty ANS-C00 exam practice test
QUESTION 1
You have a three-tier web application with separate subnets for Web, Applications, and Database tiers. Your CISO
suspects your application will be the target of malicious activity. You are tasked with notifying the security team in the
event your application is port scanned by external systems.
Which two AWS Services cloud you leverage to build an automated notification system? (Choose two.)
A. Internet gateway
B. VPC Flow Logs
C. AWS CloudTrail
D. Lambda
E. AWS Inspector
Correct Answer: CD
References: https://aws.amazon.com/blogs/security/how-to-receive-alerts-when-specific-apis-are-called-by-using-awscloudtrail-amazon-sns-and-aws-lambda/
QUESTION 2
A company uses a single connection to the internet when connecting its on-premises location to AWS. It has selected
an AWS Partner Network (APN) Partner to provide a point-to-point circuit for its first-ever 10 Gbps AWS Direct Connect
connection.
What steps must be taken to order the cross-connect at the Direct Connect location?
A. Obtain the LOA/CFA from the APN Partner when ordering connectivity. Upload it to the AWS Management Console
when creating a new Direct Connect connection. AWS will ensure that the cross-connect is installed.
B. Obtain the LOA/CFA from the AWS Management Console when ordering the Direct Connect connection. Provide it to
the APN Partner when ordering connectivity. The Direct Connect partner will ensure that the cross-connect is installed.
C. Obtain the LOA/CFA each from the AWS Management Console and the APN Partner. Provide both to the Facility
The operator of the Direct Connect location. The Facility Operator will ensure that the cross-connect is installed.
D. Identify the APN Partner in the AWS Management Console when creating the Direct Connect connection. Provide
the resulting Connection ID to the APN Partner, who will ensure that the cross-connect is installed.
Correct Answer: B
QUESTION 3
A company has a hybrid IT architecture with two AWS Direct Connect connections to provide high availability. The
services hosted on-premises are accessible using public IPs, and are also on the 172.16.0.0/16 range. The AWS resources are on the 192.168.0.0/18 range. The company wants to use Amazon Elastic Load Balancing for SSL
offloading, health checks, and sticky sessions.
What should be done to meet these requirements?
A. Create a Network Load Balancer pointing to the on-premises server\\’s private IP address.
B. Create an Amazon CloudFront distribution for the on-premises service and use the public IPs of the on-premises
servers as the origin.
C. Create a Network Load Balancer pointing to the on-premises server\\’s public IP address.
D. Create an Application Load Balancer pointing to the on-premises server\\’s private IP address.
Correct Answer: A
QUESTION 4
A network engineer deploys an application in a private subnet in a VPC that connects to many external video feed
providers using RTMP over the internet. A NAT gateway has been deployed in a public subnet and is working as
expected. From the Amazon EC2 instance, the application is able to connect to all feed providers except one, which
hangs when connecting. Manually testing a connection from an Amazon EC2 instance in the public subnet to the
problem feed indicates that the feed works as expected.
What is causing this issue?
A. The NAT gateway does not support fragmented packets.
B. The internet gateway only supports an MTU of 1500 bytes.
C. An Amazon EC2 instance expects to communicate with an MTU of 9001.
D. The security group on the instances does not allow PMTUD.
Correct Answer: D
QUESTION 5
A company is about to migrate an application from its on-premises data center to AWS. As part of the planning process,
the following requirements involving DNS have been identified.
On-premises systems must be able to resolve the entries in an Amazon Route 53 private hosted zone.
Amazon EC2 instances running in the organization\\’s VPC must be able to resolve the DNS names of on-premises
systems
The organization\\’s VPC uses the CIDR block 172.16.0.0/16.
Assuming that there is no DNS namespace overlap, how can these requirements be met?
A. Change the DHCP options set for the VPC to use both the Amazon-provided DNS server and the on-premises DNS
systems. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as
authoritative for the Route 53 private hosted zone.B. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to
forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to
172.16.0.2. Change the DHCP options set for the VPC to use the new DNS proxies. Configure the on-premises DNS
systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.
C. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to
forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to the
Amazon-provided DNS server (172.16.0.2). Change the DHCP options set for the VPC to use the new DNS proxies.
Configure the on-premises DNS systems with a stub-zone, delegating the proxies as authoritative for the Route 53
private hosted zone.
D. Change the DHCP options set for the VPC to use both the on-premises DNS systems. Configure the on-premises
DNS systems with a stub-zone, delegating the Route 53 private hosted zone\\’s name servers as authoritative for the
Route 53 private hosted zone.
Correct Answer: C
QUESTION 6
The Security department has mandated that all outbound traffic from a VPC toward an on-premises datacenter must go
through a security appliance that runs on an Amazon EC2 instance.
Which of the following maximizes network performance on AWS? (Choose two.)
A. Support for the enhanced networking drivers
B. Support for sending traffic over the Direct Connect connection
C. The instance sizes and families supported by the security appliance
D. Support for placement groups within the VPC
E. Security appliance support for multiple elastic network interfaces
Correct Answer: BC
QUESTION 7
A Network Engineer is designing a new system on AWS that will take advantage of Amazon CloudFront for both content
caching and for protecting the underlying origin. There is concern that an external agency might be able to access the IP
addresses for the application\\’s origin and then attack the origin despite it being served by CloudFront. Which of the
following solutions provides the strongest level of protection to the origin?
A. Use an IP whitelist rule in AWS WAF within CloudFront to ensure that only known-client IPs are able to access the
application.
B. Configure CloudFront to use a custom header and configure an AWS WAF rule on the origin\\’s Application Load
Balancer to accept only traffic that contains that header.
C. Configure an AWS Lambda@Edge function to validate that the traffic to the Application Load Balancer originates from CloudFront.
D. Attach an origin access identity to the CloudFront origin that allows traffic to the origin that originates from only
CloudFront.
Correct Answer: A
QUESTION 8
Your company runs an application for the US market in the us-east-1 AWS region. This application uses proprietary
TCP and UDP protocols on Amazon Elastic Compute Cloud (EC2) instances. End users run a real-time, front-end
application on their local PCs. This front-end application knows the DNS hostname of the service.
You must prepare the system for global expansion. The end users must access the application with the lowest latency.
How should you use AWS services to meet these requirements?
A. Register the IP addresses of the service hosts as “A” records with latency-based routing policy in Amazon Route 53,
and set a Route 53 health check for these hosts.
B. Set the Elastic Load Balancing (ELB) load balancer in front of the hosts of the service, and register the ELB name of
the main service host as an ALIAS record with latency-based routing policy in Route 53.
C. Set Amazon CloudFront in front of the host of the service, and register the CloudFront name of the main service as
an ALIAS record in Route 53.
D. Set the Amazon API gateway in front of the service, and register the API gateway name of the main service as an
ALIAS record in Route 53.
Correct Answer: B
QUESTION 9
A Network Engineer needs to create a public virtual interface on the company\\’s AWS Direct Connect connection and
only import routes which originated from the same region as the Direct Connect location What action should accomplish
this?
A. Configure a prefix-list on the customer router containing the AWS IP address ranges for the specific region.
B. Configure a filter on the company\\’s router to only import routes with the 7224:8100 BGP community attribute.
C. Configure a filter on the company\\’s router to only import routes without a BGP community attribute and a maximum
the path length of 3.
D. Configure a filter in the console and only allow routes advertised by AWS without a BGP community attribute and a
the maximum path length of 3.
Correct Answer: A
QUESTION 10
You run a well-architected, multi-AZ application in the eu-central-1 (Frankfurt) AWS region. The application is hosted in
a VPC and is only accessed from the corporate network. To support large volumes of data transfer and administration of
the application, you use a single 10-Gbps AWS Direct Connect connection with multiple private virtual interfaces. As
part of a review, you decide to improve the resilience of your connection to AWS and make sure that any additional
connectivity does not share the same Direct Connect routers at AWS. You need to provide the best levels of resilience
to meet the application\\’s needs.
Which two options should you consider? (Choose two.)
A. Install a second 10-Gbps Direct Connect connection to the same Direct Connection location.
B. Deploy an IPsec VPN over a public virtual interface on a new 10-Gbps Direct Connect connection.
C. Install a second 10-Gbps Direct Connect connection to a Direct Connect location in eu-west-1.
D. Deploy an IPsec VPN over the Internet to the eu-west-1 region for diversity.
E. Install a second 10-Gbps Direct Connect connection to a second Direct Connect location for eu-central-1.
Correct Answer: BC
QUESTION 11
An organization will be extending its existing on-premises infrastructure into the cloud. The design consists of a transit
VPC that contains stateful firewalls that will be deployed in a highly available configuration across two Availability Zones
for automatic failover.
What MUST be configured for this design to work? (Choose two.)
A. A different Autonomous System Number (ASN) for each firewall.
B. Border Gateway Protocol (BGP) routing
C. Autonomous system (AS) path prepending
D. Static routing
E. Equal-cost multi-path routing (ECMP)
Correct Answer: BE
QUESTION 12
Refer to the image.
VPC A: 10.0.0.0/16 VPC B: 192.168.0.0/16 VPC C: 10.0.0.0/16
You have three VPCs: A, B, and C. VPCs A and C are both peered with VPC B. The IP address ranges are as follows:
Instance i-1 in VPC A has the IP address 10.0.0.10. Instance i-2 in VPC C has the IP address 10.0.0.10. Instances i-3
and i-4 in VPC B have the IP addresses 192.168.1.10 and 192.168.1.20, respectively, i-3 and i-4 are in the subnet
192.168.1.0/24.
i-3 must be able to communicate with i-1 i-4 must be able to communicate with i-2 i-3 and i-4 are able to communicate
with i-1, but not with i-2.
Which two steps will fix this problem? (Choose two.)
A. Create subnets 192.168.1.0/28 and 192.168.1.16/28. Move i-3 and i-4 to these subnets, respectively.
B. Create subnets 192.168.1.0/27 and 192.168.1.16/27. Move i-3 and i-4 to these subnets, respectively.
C. Change the IP address of i-2 to 10.0.0.100. Assign it an elastic IP address.
D. Create a new route table for VPC B, with unique route entries for destination VPC A and destination VPC C.
E. Create two route tables: one with a route for destination VPC A, and another for destination VPC C.
Correct Answer: AE
QUESTION 13
You need to set up an Amazon Elastic Compute Cloud (EC2) instance for an application that requires the lowest latency
and the highest packet-per-second network performance. The application will talk to other servers in a peered VPC.
Which two of the following components should be part of the design? (Choose two.)
A. Select an instance with support for single root I/O virtualization.
B. Select an instance that has support for multiple ENIs.
C. Ensure that the instance supports jumbo frames and set 9001 MTU.
D. Select an instance with Amazon Elastic Block Store (EBS)-optimization.
E. Ensure that proper OS drivers are installed.
Correct Answer: AB
References: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html
You may be interested in other Amazon exam practice, click to view!
Amazon ANS-C00 dumps pdf free download
[100% free] Amazon ANS-C00 dumps pdf https://drive.google.com/file/d/1LmTq-EL7XwgqdJ6Fb9i3wqT7VBmoNl7_/view?usp=sharing
Pass4itsure discount code 2020
P.S.
This is a free Amazon ANS-C00 study guide for the AWS Certified Specialty certification exam! It includes Amazon ANS-C00 pdf dumps, ANS-C00 exam video, ANS-C00 exam practice test & more free and paid resources! For more, please visit https://www.pass4itsure.com/aws-certified-advanced-networking-specialty.html Q&As. Study hard and practice a lot. This will help you prepare for the ANS-C00 exam. Good luck!