Summer Special Sales Coupon - 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4s55disc

ANS-C00 PDF

$49.5

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

ANS-C00 PDF + Testing Engine

$79.2

$175.99

3 Months Free Update

  • Exam Name: AWS Certified Advanced Networking-Specialty
  • Last Update: Jun 27, 2022
  • Questions and Answers: 154
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

ANS-C00 Engine

$59.4

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

ANS-C00 AWS Certified Advanced Networking-Specialty Questions and Answers

Question # 6

An organization will be extending its existing on-premises infrastructure into the cloud. The design consists of a transit VPC that contains stateful firewalls that will be deployed in a highly available configuration across two Availability Zones for automatic failover.

What MUST be configured for this design to work? (Select two.)

A.

A different Autonomous System Number (ASN) for each firewall.

B.

Border Gateway Protocol (BGP) routing

C.

Autonomous system (AS) path prepending

D.

Static routing

E.

Equal-cost multi-path routing (ECMP)

Full Access
Question # 7

A logistics company has deployed a hybrid environment that has multiple VPCs in both the us-east-1 Region and the af-south-1 Region The on-premises data center is connected to us-east-1 through an AWS Direct Connect connection The Direct Connect connection is connected to a Direct Connect gateway that is associated with a transit gateway The transit gateway is attached to all the VPCs in us-east-1

An application that is deployed in af-south-1 requires access to a database in the data center The application also requires access to file storage in a VPC in us-east-1

Which solution will meet these requirements with the LOWEST latency?

A.

Create a transit gateway in af-south-1, and attach the VPCs Create a transit gateway peering connection between the transit gateways

B.

Create a Direct Connect connection in af-south-1, and attach the VPCs with a Direct Connect gateway and a transit gateway Create an AWS Site-to-Site VPN connection over the internet between the Direct Connect connections.

C.

Create a transit gateway in af-south-1 and attach the VPCs Associate the transit gateway in af-south-1 with the Direct Connect gateway tn us-east-1

D.

Create inter-Region VPC peering connections between the VPCs in each Region Use the transit gateway attachments in us-east-1 to access the database in the data center

Full Access
Question # 8

Your company’s policy requires that all VPCs peer with a “common services: VPC. This VPC contains a fleet of layer 7 proxies and an Internet gateway. No other VPC is allowed to provision an Internet gateway. You configure a new VPC and peer with the common service VPC as required by policy. You launch an Amazon EC2. Windows instance configured to forward all traffic to the layer 7 proxies in the common services VPC. The application on this server should successfully interact with Amazon S3 using its properly configured AWS Identity and Access Management (IAM) role. However, Amazon S3 is returning 403 errors to the application.

Which step should you take to enable access to Amazon S3?

A.

Update the S3 bucket policy with the private IP address of the instance.

B.

Exclude 169.254.169.0/24 from the instance’s proxy configuration.

C.

Configure a VPC endpoint for Amazon S3 in the same subnet as the instance.

D.

Update the CORS configuration for Amazon S3 to allow traffic from the proxy.

Full Access
Question # 9

A company is connecting to a VPC over an AWS Direct Connect using a private VIF, and a dynamic VPN connection as a backup. The company's Reliability Engineering team has been running failover and resiliency tests on the network and the existing VPC by simulating an outage situation on the Direct Connect connection. During the resiliency tests, traffic failed to switch over to the backup VPN connection.

How can this failure be troubleshot?

A.

Ensure that Bidirectional Forwarding Detection is enabled on the Direct Connect connection

B.

Confirm that the same routes are being advertised over both the VPN and Direct Connect.

C.

Reconfigure the Direct Connect session from static routes to Border Gateway Protocol (BGP) peering.

D.

Configure a virtual private gateway for the VPN and another virtual private gateway for Direct Connect.

Full Access
Question # 10

A company is delivering web content from an Amazon EC2 instance in a public subnet with address 2001 db8 1 100 1 Users report they are unable to access the web content The VPC Flow Logs tor the subnet contain the following entries.

Which action will restore network reachability to the EC2 instance1?

A.

Update the security group associated with eni-0596e500l23456789 to permit inbound traffic

B.

Update the security group associated with eni-059€«500i234 56~89 to permit outbound traffic

C.

Update the network ACL associated with the subnet to permit inbound traffic

D.

Update the network ACL associated with the subnet to permit outbound traffic

Full Access
Question # 11

A company’s Network Engineering team is solely responsible for deploying VPC infrastructure using AWS CloudFormation. The company wants to give its Developers the ability to launch applications using CloudFormation templates so that subnets can be created using available CIDR ranges.

What should be done to meet these requirements?

A.

Create a CloudFormation templates with Amazon EC2 resources that rely on cfn-init and cfn-signals to inform the stack of available CIDR ranges.

B.

Create a CloudFormation template with a custom resource that analyzes traffic activity in VPC Flow Logs and reports on available CIDR ranges.

C.

Create a CloudFormation template that references the Fn::Cidr intrinsic function within a subnet resource to select an available CIDR range.

D.

Create a CloudFormation template with a custom resource that uses AWS Lambda and Amazon DynamoDB to manage available CIDR ranges.

Full Access
Question # 12

A company uses a single connection to the internet when connecting its on-premises location to AWS. It has selected an AWS Partner Network (APN) Partner to provide a point-to-point circuit for its first-ever 10 Gbps AWS Direct Connect connection.

What steps must be taken to order the cross-connect at the Direct Connect location?

A.

Obtain the LOA/CFA from the APN Partner when ordering connectivity. Upload it to the AWS Management Console when creating a new Direct Connect connection. AWS will ensure that the cross-connect is installed.

B.

Obtain the LOA/CFA from the AWS Management Console when ordering the Direct Connect connection. Provide it to the APN Partner when ordering connectivity. The Direct Connect partner will ensure that the cross-connect is installed.

C.

Obtain the LOA/CFA each from the AWS Management Console and the APN Partner. Provide both to the Facility Operator of the Direct Connect location. The Facility Operator will ensure that the cross-connect is installed.

D.

Identify the APN Partner in the AWS Management Console when creating the Direct Connect connection. Provide the resulting Connection ID to the APN Partner, who will ensure that the cross-connect is installed.

Full Access
Question # 13

A Systems Administrator is designing a hybrid DNS solution with spilt-view. The apex-domain “example.com” should be served through name servers across multiple top-level domains (TLDs). The name server for subdomain “dev.example.com” should reside on-premises. The administrator has decided to use Amazon Route 53 to achieve this scenario.

What procedurals steps must be taken to implement the solution?

A.

Use a Route 53 public hosted zone for example.com and a private hosted zone for dev.example.com

B.

Use a Route 53 public and private hosted zone for example.com and perform subdomain delegation for dev.example.com

C.

Use a Route 53 public hosted zone for example.com and perform subdomain delegation for dev.example.com

D.

Use a Route 53 private hosted zone for example.com and perform subdomain delegation for dev.example.com

Full Access
Question # 14

You have been asked to monitor traffic flows on your Amazon EC2 instance. You will be performing deep packet inspection, looking for atypical patterns.

Which tool will enable you to look at this data?

A.

Wireshark

B.

VPC Flow Logs

C.

AWS CLI

D.

CloudWatch Logs

Full Access
Question # 15

All IP addresses within a 10.0.0.0/16 VPC are fully utilized with application servers across two Availability Zones. The application servers need to send frequent UDP probes to a single central authentication server on the Internet to confirm that is running up-to-date packages. The network is designed for application servers to use a single NAT gateway for internal access. Testing reveals that a few of the servers are unable to communicate with the authentication server.

A.

The NAT gateway does not support UDP traffic.

B.

The authentication server is not accepting traffic.

C.

The NAT gateway cannot allocate more ports.

D.

The NAT gateway is launched in a private subnet.

Full Access
Question # 16

Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution. A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location.

Which solution will meet this requirement, while minimizing downtime and costs?

A.

Deploy a third-party vendor solution to perform deep packet inspection in a transit VPC.

B.

Enable VPC Flow Logs on each VPC. Set up a stream of the flow logs to a central Amazon Elasticsearch cluster.

C.

Enable Amazon Macie on each AWS account and configure central reporting.

D.

Enable Amazon GuardDuty on each account as members of a central account.

Full Access
Question # 17

Your company operates a single AWS account. A common services VPC is deployed to provide shared services, such as network scanning and compliance tools. Each AWS workload uses its own VPC, and each VPC must peer with the common services VPC. You must choose the most efficient and cost effective approach.

Which approach should be used to automate the required VPC peering?

A.

AWS CloudTrail integration with Amazon CloudWatch Logs to trigger a Lambda function.

B.

An OpsWorks Chef recipe to execute a command-line peering request.

C.

Cfn-init with AWS CloudFormation to execute a command-line peering request.

D.

An AWS CloudFormation template that includes a peering request.

Full Access
Question # 18

A network architect is designing an internet website. It has web, application, and database tiers that will run in AWS. The website uses Amazon DynamoDB.

Which architecture will minimize public exposure of the back-end instances?

A.

A VPC with public subnets for the NLB, public subnets for the web tier, private subnets for the application tier, and private subnets for DynamoDB.

B.

A VPC with public subnets for the ALB, private subnets for the web tier, and private subnets for the application tier. The application tier connects DynamoDB through a VPC endpoint.

C.

A VPC with public subnets for the ALB, public subnets for the web tier, private subnets for the application tier, and private subnets for DynamoDB.

D.

A VPC with public subnets for the NLB, private subnets for the web tier, and public subnets for the application tier. The application tier connects DynamoDB through a VPC endpoint.

Full Access
Question # 19

Your company runs an HTTPS application using an Elastic Load Balancing (ELB) load balancer/PHP on nginx server/RDS in multiple Availability Zones. You need to apply Geographic Restriction and identify the client’s IP address in your application to generate dynamic content.

How should you utilize AWS services in a scalable fashion to perform this task?

A.

Modify the nginx log configuration to record value in X-Forwarded-For and use CloudFront to apply the Geographic Restriction.

B.

Enable ELB access logs to store the client IP address and parse these to dynamically modify a blacklist.

C.

Use X-Forwarded-For with security groups to apply the Geographic Restriction.

D.

Modify the application code to use value of X-Forwarded-For and CloudFront to apply the Geographic Restriction.

Full Access
Question # 20

Your organization uses a VPN to connect to your VPC but must upgrade to a 1-G AWS Direct Connect connection for stability and performance. Your telecommunications provider has provisioned the circuit from your data center to an AWS Direct Connect facility and needs information on how to cross-connect (e.g., which rack/port to connect).

What is the AWS-recommended procedure for providing this information?

A.

Create a support ticket. Provide your AWS account number and telecommunications company’s name and where you need the Direct Connect connection to terminate.

B.

Create a new connection through your AWS Management Console and wait for an email from AWS with information.

C.

Ask your telecommunications provider to contact AWS through an AWS Partner Channel. Provide your AWS account number.

D.

Contact an AWS Account Manager and provide your AWS account number, telecommunications company’s name, and where you need the Direct Connect connection to terminate.

Full Access
Question # 21

You currently use a single security group assigned to all nodes in a clustered NoSQL database. Only your cluster members in one region must be able to connect to each other. This security group uses a self-referencing rule using the cluster security group’s group-id to make it easier to add or remove nodes from the cluster. You need to make this database comply with out-of-region disaster recovery requirements and ensure that the network traffic between the nodes is encrypted when travelling between regions. How should you enable secure cluster communication while deploying additional cluster members in another AWS region?

A.

Create an IPsec VPN between AWS regions, use private IP addresses to route traffic, and create cluster security group rules that reference each other’s security group-id in each region.

B.

Create an IPsec VPN between AWS regions, use private IP addresses to route traffic, and create cluster security group CIDR-based rules that correspond with the VPC CIDR in the other region.

C.

Use public IP addresses and TLS to securely communicate between cluster nodes in each AWS region, and create cluster security group CIDR-based rules that correspond with the VPC CIDR in the other region.

D.

Use public IP addresses and TLS to securely communicate between cluster nodes in each AWS region, and create cluster security group rules that reference each other’s security group-id in each region.

Full Access