Released the latest Amazon ANS-C00 exam dumps! You can get ANS-C00 VCE dumps and ANS-C00 PDF dumps from Pass4itsure, (including the latest ANS-C00 exam questions), which will ensure that your ANS-C00 exam is 100% passed! Pass4itsure ANS-C00 dumps VCE and PDF — https://www.pass4itsure.com/aws-certified-advanced-networking-specialty.html Updated!
Amazon ANS-C00 Exam Dumps
[100% free] Amazon ANS-C00 pdf dumps https://drive.google.com/file/d/1LmTq-EL7XwgqdJ6Fb9i3wqT7VBmoNl7_/view?usp=sharing
other Amazon exam dumps https://www.actual4tests.com/category/amazon-exam-dumps/
Amazon ANS-C00 Practice Test 1-13
QUESTION 1
For _______ distributions, CloudFront does not cache cookies in edge caches.
A. AMI
B. Web
C. RTMP
D. Web and RTMP
Correct Answer: C
For RTMP distributions, when Amazon CloudFront requests an object from the origin server, it removes any cookies
before forwarding the request to your origin. If your origin returns any cookies along with the object, CloudFront
removes
them before returning the object to the viewer.
For RTMP distributions, CloudFront does not cache cookies in edge caches.
Reference: click here
QUESTION 2
Your company is expanding its cloud infrastructure and moving many of its flat files and static assets to S3. You
currently use a VPN to access your compute infrastructure, but you require more reliability for your static files as you are
offloading all of your important data to AWS. What is your best course of action while keeping costs low?
A. Create a Direct Connect connection using a Private VIF to access both compute and S3 resources.
B. Create an S3 endpoint and create a route to the endpoint prefix-list for your VPN to allow access to your S3
resources.
C. Create two Direct Connect connections. Each connected to a Private VIF to ensure maximum resiliency.
D. Create a Direct Connect connection using a Public VIF and route your VPN over the DX connection to your VPN
endpoint.
Correct Answer: D
An S3 endpoint cannot be used with a VPN. A Private VIF cannot access S3 resources. A Public VIF with a VPN will
ensure security for your compute resources and access to your S3 resources. Two DX connections are very expensive
and a Private VIF still won\\’t allow access to your S3 resources.
QUESTION 3
Which service would you use to see who changed your infrastructure?
A. Config
B. CloudTrail
C. Flow Logs
Correct Answer: B
QUESTION 4
You have just deployed a website that utilizes CloudFront, ELB, and S3 to serve content. When users access your site,
they are seeing broken image links. What is most likely the problem?
A. There is no record in Route 53 pointing cdn.yourdomain.com to the CloudFront ALIAS.
B. You need to create Origin Access Identity for CloudFront and add it to your bucket policy.
C. The images in S3 are saved as .png instead of .jpg.
D. There is no rule in your bucket policy allowing public access.
Correct Answer: B
You must have an OAI if the bucket policy does not allow public access, which is bad practice.
QUESTION 5
Your company has decided to use AWS WorkSpaces for its hosted desktop solution. Your company has an existing AD
of about 57,000 users, and you want to minimize authentication traffic from AWS to your datacenter. Your company has
a lot of personnel changes, and it is crucial that these changes are reflected reliably.
What two steps should you take? (Choose two.)
A. Deploy Hosted AD in AWS.
B. Deploy an AD Connector in AWS.
C. Create a DX connection between the datacenter and AWS.
D. Create a VPN between the datacenter AWS.
Correct Answer: AC
A VPN is not reliable enough, and an AD connector will cause too much authentication traffic.
QUESTION 6
You are your company\\’s AWS cloud architect. You have created a VPC topology that consists of 3 VPCs. You have a
centralized VPC (VPC-Shared) that provides shared services to the remaining 2 departmental dedicated VPCs (VPCDept1 and VPC-Dept2). The centralized VPC is VPC peered to both of the departmental VPCs, that is a VPC peering
connection exists between VPC-Shared and VPC-Dept1, and a VPC peering connection exists between VPC-Shared
and VPCDept2.
Select the correct option from the list below.
A. Network traffic is possible between VPC-Shared instances and VPC-Dept1 and VPC-Dept2 instances as long as the
appropriate routes and security groups are in place, but only for communication that is initiated from VPC1-Shared
instances as the default peering bi-directional communication flag have been disabled.
B. Instances within VPC-Dept1 can communicate directly with instances in VPC-Shared, as long as the appropriate
routes and security groups are in place, and vice versa regardless of who initiates communication
C. All network communication remains blocked between all VPCs until the respective peering bi-directional
communication flags are set to the appropriate setting that allows traffic to flow.
D. Network traffic is possible between VPC-Shared instances and VPC-Dept1 and VPC-Dept2 instances as long as the
appropriate routes and security groups are in place, but only for communication that is initiated from VPC1-Shared
instances as the default peering bi-directional communication flag has been enabled.
Correct Answer: B
Answers A, C, and D are incorrect answers as they reference a non-existing setting – there is no such thing as a “default
peering bi-directional communication flag”.
Reference: click here
QUESTION 7
Your company needs to directly update an S3 bucket that serves as a CloudFront origin with the most reliability
possible. Your company also has a set of private EC2 servers that it needs to access with the same reliability. Which
combination will provide the best solution?
A. A Virtual Gateway and a Public VIF
B. A Private VIF is all you need to access all AWS resources.
C. A Hosted VIF and a Private VIF
D. A Public VIF and a Private VIF
Correct Answer: D
The Public VIF will allow access to the S3 bucket, and the Private VIF will allow access to the EC2 instances.
QUESTION 8
What is the DNS server address for a VPC (10.111.0.0/16) with a subnet of 10.111.4.0/24?
A. 10.111.0.2
B. 10.111.4.2
C. 10.111.1.2
D. 10.111.4.1
Correct Answer: A
The DNS server is the base VPC CIDR + 2.
QUESTION 9
You need to create a subnet in a VPC that supports 14 hosts. You need to be as accurate as possible since you run a
very large company. What CIDR should you use?
A. /28
B. /24
C. /25
D. /27
Correct Answer: D
/27 supports 27 hosts since AWS reserves 5 addresses. /25 supports 123 hosts, /28 supports 11, /24 supports 251.
QUESTION 10
You are responsible for several EC2 instances deployed from Amazon AMIs that are required to upload information to
an S3 bucket. This information must not traverse the public internet. You must also be able to update the instances.
Which option is your best solution?
A. An S3 endpoint and a NAT
B. An S3 endpoint
C. A VPN to the IP addresses specified in the AWS official S3 prefix list
D. A NACL with the AWS prefix list added to it and a VPN.
Correct Answer: B
A NAT is not required as an S3 endpoint will allow an instance to update. C and D are not possible.
QUESTION 11
What value in a packet dictates the priority of the packet in a QoS enabled network?
A. BFD
B. IPv6
C. NAT
D. DSCP
Correct Answer: D
The Differentiated Services Code Point value, or DSCP, is used to label packets on QoS enabled networks for
prioritization.
QUESTION 12
Imagine you are using AWS Direct Connect with just one connection from your router to the AWS Direct Connect router.
If your connection becomes unavailable, the communication with AWS cloud is lost. What is the best method to prevent
this from happening?
A. AWS Direct Connect neither provides BGP nor provides the failover.
B. AWS Direct Connect recommends to have the same configuration set up in a multi AZ zone to prevent such loss in
connections.
C. AWS Direct Connect recommends that you request and configure two dedicated connections to AWS either using
BGP Multipath (Active/Active) connection or the failover (Active/Passive) connection.
D. AWS Direct connect does not have a provision to prevent the situation but when you design the system, it is
recommended to request a back-up instance to which the traffic can be re-routed.
Correct Answer: C
When configuring redundant connections with the AWS Direct Connect, and to provide for failover, we recommend that
you request and configure two dedicated connections to the AWS. There are different configuration choices available
when you provision two dedicated connections. You can either use Active/Active (BGP multipath) connection or
Active/Passive (failover) connection to configure the two dedicated connections.
Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.html#RedundantConnections
QUESTION 13
Changes made to a security group attached to an Application Load Balancer resulted in connectivity issues for a
company\\’s production web application. The Network Engineer needs to lock down permissions for the company\\’s
AWS account, automate auditing for any changes, and set up notifications.
What actions should accomplish this?
A. Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify API calls
from users. Use AWS Config to audit any changes, and configure Amazon SNS to send notifications.
B. Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify the API
calls from users. Configure AWS CodeCommit to audit any changes in configurations, and configure Amazon SNS to
send notifications.
C. Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify the API
calls from users. Configure Amazon Macie to use machine learning to identify any configuration changes, and configure
Amazon SNS to send notifications.
D. Configure IAM role policies to lock down permissions for specific users. Configure Amazon GuardDuty to audit and
monitor configuration changes, and configure Amazon SNS to send notifications.
Correct Answer: D
Pass4itsure Discount Code 2020
Please read the picture carefully to get 12% off!
P.S.
Passing the Amazon ANS-C00 exam is no more dream. Free share all the resources: Latest ANS-C00 practice questions, latest ANS-C00 pdf dumps, ANS-C00 exam video learning. Visit https://www.pass4itsure.com/aws-certified-advanced-networking-specialty.html exam dumps with the latest questions.