Question # 1
A Network Engineer is provisioning a subnet for a load balancer that will sit in front of a fleet of application servers in a private subnet. There is limited IP space left in the VPC CIDR. The application has few users now but is expected to grow quickly to millions of users.
What design will use the LEAST amount of IP space, while allowing for this growth?
|
A. Use two /29 subnets for an Application Load Balancer in different Availability Zones.
| B. Use one /29 subnet for the Network Load Balancer. Add another VPC CIDR to the VPC to allow for future growth.
| C. Use two /28 subnets for a Network Load Balancer in different Availability Zones.
| D. Use one /28 subnet for an Application Load Balancer. Add another VPC CIDR to the VPC to allow for future growth.
|
C. Use two /28 subnets for a Network Load Balancer in different Availability Zones.
Question # 2
A company recently migrated its Amazon EC2 instances to VPC private subnets to satisfy a security compliance requirement. The EC2 instances now use a NAT gateway for internet access. After the migration, some long-running database queries from private EC2 instances to a publicly accessible third-party database no longer receive responses. The database query logs reveal that the queries successfully completed after 7 minutes but that the client EC2 instances never received the response.
Which configuration change should a network engineer implement to resolve this issue?
|
A. Configure the NAT gateway timeout to allow connections for up to 600 seconds.
| B. Enable enhanced networking on the client EC2 instances.
| C. Enable TCP keepalive on the client EC2 instances with a value of less than 300 seconds.
| D. Close idle TCP connections through the NAT gateway.
|
C. Enable TCP keepalive on the client EC2 instances with a value of less than 300 seconds.
Explanation:
When a TCP connection is idle for a long time, it may be terminated by network devices, including the NAT gateway. By enabling TCP keepalive, the client EC2 instances can periodically send packets to the third-party database to indicate that the connection is still active, preventing it from being terminated prematurely.
Question # 3
A network engineer must develop an AWS CloudFormation template that can create a virtual private gateway, a customer gateway, a VPN connection, and static routes in a route table. During testing of the template, the network engineer notes that the CloudFormation template has encountered an error and is rolling back.
What should the network engineer do to resolve the error?
|
A. Change the order of resource creation in the CloudFormation template.
| B. Add the DependsOn attribute to the resource declaration for the virtual private gateway. Specify the route table entry resource.
| C. Add a wait condition in the template to wait for the creation of the virtual private gateway.
| D. Add the DependsOn attribute to the resource declaration for the route table entry. Specify the virtual private gateway resource.
|
D. Add the DependsOn attribute to the resource declaration for the route table entry. Specify the virtual private gateway resource.
Question # 4
An AWS CloudFormation template is being used to create a VPC peering connection between two existing operational VPCs, each belonging to a different AWS account. All necessary components in the ‘Remote’ (receiving) account are already in place.
The template below creates the VPC peering connection in the Originating account. It contains these components:
AWSTemplateFormation Version: 2010-09-09
Parameters:
Originating VCId:
Type: String
RemoteVPCId:
Type: String
RemoteVPCAccountId:
Type: String
Resources:
newVPCPeeringConnection:
Type: ‘AWS::EC2::VPCPeeringConnection’
Properties:
VpcdId: !Ref OriginatingVPCId
PeerVpcId: !Ref RemoteVPCId
PeerOwnerId: !Ref RemoteVPCAccountId
Which additional AWS CloudFormation components are necessary in the Originating account to create an operational cross-account VPC peering connection with AWS CloudFormation? (Select two.)
|
A. Resources:NewEC2SecurityGroup:Type: AWS::EC2::SecurityGroup
| B. Resources:NetworkInterfaceToRemoteVPC:Type: “AWS::EC2NetworkInterface”
| C. Resources:newEC2Route:Type: AWS::EC2::Route
| D. Resources:VPCGatewayToRemoteVPC:Type: “AWS::EC2::VPCGatewayAttachment”
| E. Resources:newVPCPeeringConnection:Type: ‘AWS::EC2VPCPeeringConnection’PeerRoleArn: !Ref PeerRoleArn
|
C. Resources:newEC2Route:Type: AWS::EC2::Route
E. Resources:newVPCPeeringConnection:Type: ‘AWS::EC2VPCPeeringConnection’PeerRoleArn: !Ref PeerRoleArn
Explanation:
https://docs.aws.amazon.com/AWSCloudFormatio n/latest/UserGuide/AWS_EC2.html
Question # 5
A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The ALB is the origin in an Amazon CloudFront distribution. The company wants to implement a custom authentication system that will provide a token for its authenticated customers.
The web application must ensure that the GET/POST requests come from authenticated customers before it delivers the content. A network engineer must design a solution that gives the web application the ability to identify authorized customers.
What is the MOST operationally efficient solution that meets these requirements?
|
A. Use the ALB to inspect the authorized token inside the GET/POST request payload. Use an AWS Lambda function to insert a customized header to inform the web application of an authenticated customer request.
| B. Integrate AWS WAF with the ALB to inspect the authorized token inside the GET/POST request payload. Configure the ALB listener to insert a customized header to inform the web application of an authenticated customer request.
| C. Use an AWS Lambda@Edge function to inspect the authorized token inside the GET/POST request payload. Use the Lambda@Edge function also to insert a customized header to inform the web application of an authenticated customer request.
| D. Set up an EC2 instance that has a third-party packet inspection tool to inspect the authorized token inside the GET/POST request payload. Configure the tool to insert a customized header to inform the web application of an authenticated customer request.
|
C. Use an AWS Lambda@Edge function to inspect the authorized token inside the GET/POST request payload. Use the Lambda@Edge function also to insert a customized header to inform the web application of an authenticated customer request.
Question # 6
A company is planning to deploy many software-defined WAN (SD-WAN) sites. The company is using AWS Transit Gateway and has deployed a transit gateway in the required AWS Region. A network engineer needs to deploy the SD-WAN hub virtual appliance into a VPC that is connected to the transit gateway. The solution must support at least 5 Gbps of throughput from the SD-WAN hub virtual appliance to other VPCs that are attached to the transit gateway.
Which solution will meet these requirements?
|
A. Create a new VPC for the SD-WAN hub virtual appliance. Create two IPsec VPN connections between the SD-WAN hub virtual appliance and the transit gateway. Configure BGP over the IPsec VPN connections
| B. Assign a new CIDR block to the transit gateway. Create a new VPC for the SD-WAN hub virtual appliance. Attach the new VPC to the transit gateway with a VPC attachment. Add a transit gateway Connect attachment. Create a Connect peer and specify the GRE and BGP parameters. Create a route in the appropriate VPC for the SD-WAN hub virtual appliance to route to the transit gateway.
| C. Create a new VPC for the SD-WAN hub virtual appliance. Attach the new VPC to the transit gateway with a VPC attachment. Create two IPsec VPN connections between the SD-WAN hub virtual appliance and the transit gateway. Configure BGP over the IPsec VPN connections.
| D. Assign a new CIDR block to the transit gateway. Create a new VPC for the SD-WAN hub virtual appliance. Attach the new VPC to the transit gateway with a VPC attachment. Add a transit gateway Connect attachment. Create a Connect peer and specify the VXLAN and BGP parameters. Create a route in the appropriate VPC for the SD-WAN hub virtual appliance to route to the transit gateway.
|
D. Assign a new CIDR block to the transit gateway. Create a new VPC for the SD-WAN hub virtual appliance. Attach the new VPC to the transit gateway with a VPC attachment. Add a transit gateway Connect attachment. Create a Connect peer and specify the VXLAN and BGP parameters. Create a route in the appropriate VPC for the SD-WAN hub virtual appliance to route to the transit gateway.
Question # 7
A network engineer needs to update a company's hybrid network to support IPv6 for the upcoming release of a new application. The application is hosted in a VPC in the AWS Cloud. The company's current AWS infrastructure includes VPCs that are connected by a transit gateway. The transit gateway is connected to the on-premises network by AWS Direct Connect and AWS Site-to-Site VPN. The company's on-premises devices have been updated to support the new IPv6 requirements.
The company has enabled IPv6 for the existing VPC by assigning a new IPv6 CIDR block to the VPC and by assigning IPv6 to the subnets for dual-stack support. The company has launched new Amazon EC2 instances for the new application in the updated subnets.
When updating the hybrid network to support IPv6 the network engineer must avoid making any changes to the current infrastructure. The network engineer also must block direct access to the instances' new IPv6 addresses from the internet. However, the network engineer must allow outbound internet access from the instances.
What is the MOST operationally efficient solution that meets these requirements?
|
A. Update the Direct Connect transit VIF and configure BGP peering with the AWS assigned IPv6 peering address. Create a new VPN connection that supports IPv6 connectivity. Add an egress-only internet gateway. Update any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices
| B. Update the Direct Connect transit VIF and configure BGP peering with the AWS assigned IPv6 peering address. Update the existing VPN connection to support IPv6 connectivity. Add an egress-only internet gateway. Update any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices.
| C. Create a Direct Connect transit VIF and configure BGP peering with the AWS assigned IPv6 peering address. Create a new VPN connection that supports IPv6 connectivity. Add an egress-only internet gateway. Update any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices.
| D. Create a Direct Connect transit VIF and configure BGP peering with the AWS assigned IPv6 peering address. Create a new VPN connection that supports IPv6 connectivity. Add a NAT gateway. Update any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices.
|
B. Update the Direct Connect transit VIF and configure BGP peering with the AWS assigned IPv6 peering address. Update the existing VPN connection to support IPv6 connectivity. Add an egress-only internet gateway. Update any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices.
Question # 8
A company hosts an application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company recently experienced a network security breach. A network engineer must collect and analyze logs that include the client IP address, target IP address, target port, and user agent of each user that accesses the application.
What is the MOST operationally efficient solution that meets these requirements?
|
| A. Configure the ALB to store logs in an Amazon S3 bucket. Download the files from Amazon S3, and use a spreadsheet application to analyze the logs. | | B. Configure the ALB to push logs to Amazon Kinesis Data Streams. Use Amazon Kinesis Data Analytics to analyze the logs. | | C. Configure Amazon Kinesis Data Streams to stream data from the ALB to Amazon OpenSearch Service (Amazon Elasticsearch Service). Use search operations in Amazon OpenSearch Service (Amazon Elasticsearch Service) to analyze the data. | | D. Configure the ALB to store logs in an Amazon S3 bucket. Use Amazon Athena to analyze the logs in Amazon S3. |
D. Configure the ALB to store logs in an Amazon S3 bucket. Use Amazon Athena to analyze the logs in Amazon S3.
Explanation:
The most operationally efficient solution to collect and analyze logs that include the client IP address, target IP address, target port, and user agent of each user that accesses the application would be to configure the ALB to store logs in an Amazon S3 bucket and use Amazon Athena to analyze the logs in Amazon S3 (Option D). This solution allows for quick and easy analysis of log data without requiring manual download or manipulation of log files.
Question # 9
Your company runs an application for the US market in the us-east-1 AWS region. This application uses proprietary TCP and UDP protocols on Amazon Elastic Compute Cloud (EC2) instances. End users run a real-time, front-end application on their local PCs. This front-end application knows the DNS hostname of the service.
You must prepare the system for global expansion. The end users must access the application with lowest latency.
How should you use AWS services to meet these requirements?
|
| A. Register the IP addresses of the service hosts as “A” records with latency-based routing policy in Amazon Route 53, and set a Route 53 health check for these hosts. | | B. Set the Elastic Load Balancing (ELB) load balancer in front of the hosts of the service, and register the ELB name of the main service host as an ALIAS record with a latency-based routing policy in Route 53. | | C. Set Amazon CloudFront in front of the host of the service, and register the CloudFront name of the main service as an ALIAS record in Route 53. | | D. Set the Amazon API gateway in front of the service, and register the API gateway name of the main service as an ALIAS record in Route 53. |
B. Set the Elastic Load Balancing (ELB) load balancer in front of the hosts of the service, and register the ELB name of the main service host as an ALIAS record with a latency-based routing policy in Route 53.
Question # 10
A company has a hybrid cloud environment. The company’s data center is connected to the AWS Cloud by an AWS Direct Connect connection. The AWS environment includes VPCs that are connected together in a hub-and-spoke model by a transit gateway. The AWS environment has a transit VIF with a Direct Connect gateway for on-premises connectivity.
The company has a hybrid DNS model. The company has configured Amazon Route 53 Resolver endpoints in the hub VPC to allow bidirectional DNS traffic flow. The company is running a backend application in one of the VPCs.
The company uses a message-oriented architecture and employs Amazon Simple Queue Service (Amazon SQS) to receive messages from other applications over a private network. A network engineer wants to use an interface VPC endpoint for Amazon SQS for this architecture. Client services must be able to access the endpoint service from on premises and from multiple VPCs within the company's AWS infrastructure.
Which combination of steps should the network engineer take to ensure that the client applications can resolve DNS for the interface endpoint? (Choose three.)
|
| A. Create the interface endpoint for Amazon SQS with the option for private DNS names turned on. | | B. Create the interface endpoint for Amazon SQS with the option for private DNS names turned off. | | C. Manually create a private hosted zone for sqs.us-east-1.amazonaws.com. Add necessary records that point to the interface endpoint. Associate the private hosted zones with other VPCs. | | D. Use the automatically created private hosted zone for sqs.us-east-1.amazonaws.com with previously created necessary records that point to the interface endpoint. Associate the private hosted zones with other VPCs. | | E. Access the SQS endpoint by using the public DNS name sqs.us-east-1 amazonaws.com in VPCs and on premises. |
A. Create the interface endpoint for Amazon SQS with the option for private DNS names turned on.
D. Use the automatically created private hosted zone for sqs.us-east-1.amazonaws.com with previously created necessary records that point to the interface endpoint. Associate the private hosted zones with other VPCs.
Get 153 Amazon AWS Certified Advanced Networking - Specialty questions Access in less then $0.12 per day.
Amazon Web Services Bundle 1:
1 Month PDF Access For All Amazon Web Services Exams with Updates
$100
$400
Buy Bundle 1
Amazon Web Services Bundle 2:
3 Months PDF Access For All Amazon Web Services Exams with Updates
$200
$800
Buy Bundle 2
Amazon Web Services Bundle 3:
6 Months PDF Access For All Amazon Web Services Exams with Updates
$300
$1200
Buy Bundle 3
Amazon Web Services Bundle 4:
12 Months PDF Access For All Amazon Web Services Exams with Updates
$400
$1600
Buy Bundle 4
Disclaimer: Fair Usage Policy - Daily 5 Downloads
Amazon AWS Certified Advanced Networking - Specialty Exam Dumps
Exam Code: ANS-C01
Exam Name: Amazon AWS Certified Advanced Networking - Specialty
- 90 Days Free Updates
- Amazon Web Services Experts Verified Answers
- Printable PDF File Format
- ANS-C01 Exam Passing Assurance
Get 100% Real ANS-C01 Exam Dumps With Verified Answers As Seen in the Real Exam. Amazon AWS Certified Advanced Networking - Specialty Exam Questions are Updated Frequently and Reviewed by Industry TOP Experts for Passing AWS Certified Specialty Exam Quickly and Hassle Free.
Amazon Web Services ANS-C01 Dumps
Struggling with Amazon AWS Certified Advanced Networking - Specialty preparation? Get the edge you need! Our carefully created ANS-C01 dumps give you the confidence to pass the exam. We offer:
1. Up-to-date AWS Certified Specialty practice questions: Stay current with the latest exam content.
2. PDF and test engine formats: Choose the study tools that work best for you.
3. Realistic Amazon Web Services ANS-C01 practice exam: Simulate the real exam experience and boost your readiness.
Pass your AWS Certified Specialty exam with ease. Try our study materials today!
Official AWS Certified Advanced Networking Specialty exam info is available on Amazon website at https://aws.amazon.com/certification/certified-advanced-networking-specialty/
Prepare your AWS Certified Specialty exam with confidence!We provide top-quality ANS-C01 exam dumps materials that are:
1. Accurate and up-to-date: Reflect the latest Amazon Web Services exam changes and ensure you are studying the right content.
2. Comprehensive Cover all exam topics so you do not need to rely on multiple sources.
3. Convenient formats: Choose between PDF files and online Amazon AWS Certified Advanced Networking - Specialty practice test for easy studying on any device.
Do not waste time on unreliable ANS-C01 practice test. Choose our proven AWS Certified Specialty study materials and pass with flying colors. Try Dumps4free Amazon AWS Certified Advanced Networking - Specialty 2024 material today!
-
Assurance
Amazon AWS Certified Advanced Networking - Specialty practice exam has been updated to reflect the most recent questions from the Amazon Web Services ANS-C01 Exam.
-
Demo
Try before you buy! Get a free demo of our AWS Certified Specialty exam dumps and see the quality for yourself. Need help? Chat with our support team.
-
Validity
Our Amazon Web Services ANS-C01 PDF contains expert-verified questions and answers, ensuring you're studying the most accurate and relevant material.
-
Success
Achieve ANS-C01 success! Our Amazon AWS Certified Advanced Networking - Specialty exam questions give you the preparation edge.
If you have any question then contact our customer support at live chat or email us at support@dumps4free.com.
| 
