Exams > Amazon > ANS-C00: AWS Certified Advanced Networking - Specialty
ANS-C00: AWS Certified Advanced Networking - Specialty
Page 7 out of 37 pages Questions 61-70 out of 367 questions
Question#61

Your company has two DX locations. You need to configure one link as passive. What should you configure in your router to set that link as the passive link.

  • A. Set a higher MED.
  • B. Configure AS_PATH Prepending on the link.
  • C. Advertise a network with a higher CIDR.
  • D. Call your service provider and have the ASN changed for that link.
Discover Answer Hide Answer

B
You should configure AS_PATH prepending on the link. A higher CIDR is the same as a more specific prefix, which will make the link more preferred. A higher
MED will make the path less preferred, but this is not the preferred method to accomplish this. Changing your ASN will not help. Configuring AS_PATH
Prepending is the preferred method of AWS to configure an Active-Passive configuration with Direct Connect.

Question#62

You have just configured an Elastic Load Balancer. Assuming all settings are configured properly, about how long will it take an instance to become healthy with a
6 second HealthCheck Interval, an unhealthy threshold of 5 and a healthy threshold of 10?

  • A. 120 seconds
  • B. 30 seconds
  • C. 6 seconds
  • D. 60 seconds
Discover Answer Hide Answer

D
60 seconds. 10 healthcheck successes with 6 second intervals.

Question#63

Your company needs to directly update an S3 bucket that serves as a CloudFront origin with the most reliability possible. Your company also has a set of private
EC2 servers that it needs to access with the same reliability. Which combination will provide the best solution?

  • A. A Virtual Gateway and a Public VIF
  • B. A Private VIF is all you need to access all AWS resources.
  • C. A Hosted VIF and a Private VIF
  • D. A Public VIF and a Private VIF
Discover Answer Hide Answer

D
The Public VIF will allow access to the S3 bucket, and the Private VIF will allow access to the EC2 instances.

Question#64

You wish to have a sub-1G connection to AWS to save on costs. How can you achieve this?

  • A. Just set your router to the speed you want and AWS will charge you based on the actual speed of the port.
  • B. Contact AWS, they will put you in contact with a technical account manager who can help you get this setup.
  • C. You can't. The only speeds available for Direct Connect are 1G and 10G.
  • D. Contact an AWS partner, AWS does not provide sub-1G connection speeds.
Discover Answer Hide Answer

D
Sub-1G service is only available through AWS partners.

Question#65

You have just peered two VPCs, and you need to improve performance for instances you plan on deploying. What are two steps you would take to do this?
(Choose two.)

  • A. Create two subnets in the same AZ and create a placement group.
  • B. Set the MTU of your instances to 1500.
  • C. Create two subnets in different AZs and create a placement group.
  • D. Ensure you choose instances that use enhanced networking.
Discover Answer Hide Answer

AD
A placement group can only be deployed in the same AZ and is only useful with enhanced networking instances.

Question#66

You have just deployed a website that utilizes CloudFront, ELB, and S3 to serve content. When users access your site, they are seeing broken image links. What is most likely the problem?

  • A. There is no record in Route 53 pointing cdn.yourdomain.com to the CloudFront ALIAS.
  • B. You need to create Origin Access Identity for CloudFront and add it to your bucket policy. [1]
  • D. There is no rule in your bucket policy allowing public access.
Discover Answer Hide Answer

B
You must have an OAI if the bucket policy does not allow public access, which is bad practice.

Question#67

You have a static VPN connecting your data center and your VPC. You currently have 50 routes added to your route table. You want to add more; how should you do this?

  • A. 50 is the most you can have for any connection.
  • B. Just add them, you have a maximum of 100 static routes per route table.
  • C. Set up Direct Connect. A VPN will not support more routes.
  • D. Convert your VPN to a dynamic VPN and use BGP.
Discover Answer Hide Answer

D
A dynamic routing table can support 100 routes. A static can only support 50 per IPv4 and 50 per IPv6. Direct Connect will work, but it would be more than you needed.

Question#68

Your company needs an inexpensive solution to host their AD data in the cloud. They do not need all of the features of AD but do need to be able to use it with
WorkSpaces. What is the best solution?

  • A. AD Connector
  • B. Hosted Microsoft AD
  • C. Simple AD
  • D. Deploy an AD server on an M3.large instance
Discover Answer Hide Answer

C
Simple AD is the best choice here. If authentication is all you need, it is the most inexpensive option for in-cloud directory.

Question#69

You need to find the MTU used by another instance, but tracepath is not working. You know the instance you are trying to tracepath has open security group and
NACL rules. Which protocol do you need to allow to access your instance to remedy this?

  • A. Protocol 6: TCP
  • B. Protocol 47: GRE
  • C. Protocol 17: UDP
  • D. Protocol 1: ICMP
Discover Answer Hide Answer

D
You need to allow Protocol 1, ICMP, to access your instance. tracepath specifically needs the "destination unreachable" feature of ICMP.

Question#70

You are under a DDoS attack and you have added a deny all TCP rule to your NACL, but traffic is still coming. What did you do wrong?

  • A. You configured the rule number to be too low.
  • B. A NACL can't protect against a DDoS.
  • C. The DDoS isn't a TCP attack.
  • D. You need to add a deny rule outbound also since NACLs are stateful.
Discover Answer Hide Answer

C
The DDoS isn't a TCP attack (this time.) A DDoS can use several different protocols. NACLs are stateless. The lower the rule number, the higher the priority.

chevron rightPrevious Nextchevron right