Exams > Amazon > ANS-C00: AWS Certified Advanced Networking - Specialty
ANS-C00: AWS Certified Advanced Networking - Specialty
Page 1 out of 37 pages Questions 1-10 out of 367 questions
Question#1

An organization is migrating its on-premises applications to AWS by using a lift-and-shift approach, taking advantage of managed AWS services wherever possible. The company must be able to edit the application code during the migration phase. One application is a traditional three-tier application, consisting of a web presentation tier, an application tier, and a database tier. The external calling client applications need their sessions to remain sticky to both the web and application nodes that they initially connect to.
Which load balancing solution would allow the web and application tiers to scale horizontally independent from one another other?

  • A. Use an Application Load Balancer at the web tier and a Classic Load Balancer at the application tier. Set session stickiness on both, but update the application code to create an application-controlled cookie on the Classic Load Balancer.
  • B. Use an Application Load Balancer at both the web and application tiers, setting session stickiness at the target group level for both tiers.
  • C. Deploy a web node and an application node as separate containers on the same host, using task linking to create a relationship between the pair. Add an Application Load Balancer with session stickiness in front of all web node containers.
  • D. Use a Network Load Balancer at the web tier, and an Application Load Balancer at the application tier. Enable session stickiness on the Application Load Balancer, but take advantage of the native WebSockets protocols available to the Network Load Balancer.
Discover Answer Hide Answer

B

Question#2

A team implements a highly available solution using Amazon AppStream 2.0. The AppStream 2.0 fleet needs to communicate with resources both in an existing
VPC and on-premises. The VPC is connected to the on-premises environment using an AWS Direct Connect private virtual interface.
What implementation enables on-premises users to connect to AppStream and existing VPC resources?

  • A. Deploy two subnets into the existing VPC. Add a public virtual interface to the Direct Connect connection for users to access the AppStream endpoint
  • B. Deploy two subnets into the existing VPC. Add a private virtual interface on the Direct Connect connection for users to access the AppStream endpoint.
  • C. Deploy a new VPC with two subnets. Create a VPC peering connection between the two VPCs for users to access the AppStream endpoint.
  • D. Deploy one subnet into the existing VPC. Add a private virtual interface on the Direct Connect connection for users to access the AppStream endpoint.
Discover Answer Hide Answer

A

Question#3

An organization has ordered a new AWS Direct Connect connection. The AWS Management Console reports that the connection is available and BGP status is up. However, the networking team is not able to reach instances in the VPC using ping on the organization's private IP address.
What could cause this connectivity issue? (Choose two.)

  • A. The VGW is not advertising the correct CIDR range back on-premises.
  • B. The instance security group does not allow ICMP traffic.
  • C. A public virtual interface must be configured for Amazon EC2 connectivity.
  • D. The on-premises router is not advertising the correct CIDR range to AWS.
  • E. There is a misconfiguration of the bi-directional forwarding detection.
Discover Answer Hide Answer

CD

Question#4

A company has a hybrid IT architecture with two AWS Direct Connect connections to provide high availability. The services hosted on-premises are accessible using public IPs, and are also on the 172.16.0.0/16 range. The AWS resources are on the 192.168.0.0/18 range. The company wants to use Amazon Elastic Load
Balancing for SSL offloading, health checks, and sticky sessions.
What should be done to meet these requirements?

  • A. Create a Network Load Balancer pointing to the on-premises server's private IP address.
  • B. Create an Amazon CloudFront distribution for the on-premises service and use the public IPs of the on-premises servers as the origin.
  • C. Create a Network Load Balancer pointing to the on-premises server's public IP address.
  • D. Create an Application Load Balancer pointing to the on-premises server's private IP address.
Discover Answer Hide Answer

A

Question#5

A company deployed its production Amazon VPC using CIDR block 33.16.0.0/16. The company has nearly depleted its addresses and now needs to extend the
VPC network.
Which CIDR blocks meet the company's requirement to extend the VPC network with a secondary CIDR? (Choose two.)

  • A. 33.17.0.0/16
  • B. 172.16.0.0/18
  • C. 100.70.0.0/17
  • D. 192.168.1.0/24
  • E. 10.0.0.0/8
Discover Answer Hide Answer

AC

Question#6

A company is deploying a new web application that uses a three-tier model with a public-facing Network Load Balancer and web servers in an Amazon VPC. The application servers are hosted in the company's data center. There is an AWS Direct Connect connection between the VPC and the company's data center. Load testing results indicate that up to 100 servers, equally distributed across multiple Availability Zones, are required to handle peak loads.
The network engineer needs to design a VPC that has a /24 CIDR assigned to it.
How should the engineer allocate subnets across three Availability Zones for each tier?

  • A. Network Load Balancer: /29 per subnet Web: /26 per subnet
  • B. Network Load Balancer: /28 per subnet Web: /25 per subnet
  • C. Network Load Balancer: /28 per subnet Web: /27 per subnet
  • D. Network Load Balancer: /28 per subnet Web: /26 per subnet
Discover Answer Hide Answer

D

Question#7

Changes made to a security group attached to an Application Load Balancer resulted in connectivity issues for a company's production web application. The network engineer needs to lock down permissions for the company's AWS account, automate auditing for any changes, and set up notifications.
What actions should accomplish this?

  • A. Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify API calls from users. Use AWS Config to audit any changes, and configure Amazon SNS to send notifications.
  • B. Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify the API calls from users. Configure AWS CodeCommit to audit any changes in configurations, and configure Amazon SNS to send notifications.
  • C. Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify the API calls from users. Configure Amazon Macie to use machine learning to identify any configuration changes, and configure Amazon SNS to send notifications.
  • D. Configure IAM role policies to lock down permissions for specific users. Configure Amazon GuardDuty to audit and monitor configuration changes, and configure Amazon SNS to send notifications.
Discover Answer Hide Answer

D

Question#8

A computing team is evaluating whether to place a high performance computing (HPC) application in AWS. The team is concerned about application performance and wants to know what options are available to increase networking performance.
Which of the following changes would increase performance for this application? (Choose two.)

  • A. Place the application across many smaller instances to achieve higher total throughput.
  • B. Increase the MTU of the VPC to 9001.
  • C. Enable an MTU of 9001 in the application's operating system.
  • D. Enable enhanced networking on the instances.
  • E. Deploy the application in two Availability Zones and insert them in one placement group.
Discover Answer Hide Answer

BD

Question#9

An organization has created a web application inside a VPC and wants to make it available to 200 client VPCs. The client VPCs are in the same Region but are owned by other business units within the organization.
What is the best way to meet this requirement, without making the application publicly available?

  • A. Configure the application as an AWS PrivateLink-powered service, and have the client VPCs connect to the endpoint service by using an interface VPC endpoint.
  • B. Enable VPC peering between the web application VPC and all client VPCs.
  • C. Deploy the web application behind an internet-facing Application Load Balancer and control which clients have access by using security groups.
  • D. Deploy the web application behind an internal Application Load Balancer and control which clients have access by using security groups.
Discover Answer Hide Answer

C

Question#10

A company's IT Security team needs to ensure that all servers within an Amazon VPC can communicate with a list of five approved external IPs only. The team also wants to receive a notification every time any server tries to open a connection with a non-approved endpoint.
What is the MOST cost-effective solution that meets these requirements?

  • A. Add allowed IPs to the network ACL for the application server subnets. Enable VPC Flow Logs with a filter set to ALL. Create an Amazon CloudWatch Logs filter on the VPC Flow Logs log group filtered by REJECT. Create an alarm for this metric to notify the security team.
  • B. Enable Amazon GuardDuty on the account and the specific Region. Upload a list of allowed IPs to Amazon S3 and link the S3 object to the GuardDuty trusted IP list. Configure an Amazon CloudWatch Events rule on all GuardDuty findings to trigger an Amazon SNS notification to the security team.
  • C. Add allowed IPs to the network ACL for the application server subnets. Enable VPC Flow Logs with a filter set to REJECT. Set an Amazon CloudWatch Logs filter for the log group on every event. Create an alarm for this metric to notify the security team.
  • D. Enable Amazon GuardDuty on the account and specific Region. Upload a list of allowed IPs to Amazon S3 and link the S3 object to the GuardDuty threat IP list. Integrate GuardDuty with a compatible SIEM to report on every alarm from GuardDuty.
Discover Answer Hide Answer

A

chevron rightPrevious Nextchevron right