AWS Certified Advanced Networking - Specialty Demo Questions
Here you can find AWS Certified Advanced Networking - Specialty exam sample questions which will help you to prepare for your upcoming certification test. These questions will give you an idea of what to expect on the exam and help you review the ANS-C01 study material. Be sure to go over the Free ANS-C00 questions multiple times so that you are confident and comfortable with the material. You can always go to the full ANS-C01 dumps here.
These AWS Certified Advanced Networking - Specialty certification questions are designed to give you a feel for the material you'll be tested on. They cover a wide range of topics, so you can get a sense of what to expect on examination day.
These ANS-C01 dumps are updated regularly, so you can be confident that you're studying with the most up-to-date information available. We also provide answer keys so that students can check their work.
Additionally, going through AWS Certified Advanced Networking - Specialty practice questions can help you identify any areas where you need more review. Taking advantage of our ANS-C01 demo questions is a great way to set yourself up for success on the real thing.
These AWS Certified Advanced Networking - Specialty questions cover the material that will be on the test, and provide an opportunity for students to practice their skills. The questions are designed to be similar to those that will be on the actual AWS Certified Advanced Networking - Specialty exam, so that students can get a feel for what they will be facing. We believe that by providing these demo questions, students will be better prepared and more likely to succeed on their exams.
Good luck for the ANS-C01 exam!
AWS Certified Advanced Networking - Specialty Sample Questions:
1. All IP addresses within a 10.0.0.0/16 VPC are fully utilized with application servers across two Availability Zones. The application servers need to send frequent UDP probes to a single central authentication server on the Internet to confirm that is running up-to-date packages. The network is designed for application servers to use a single NAT gateway for internal access. Testing reveals that a few of the servers are unable to communicate with the authentication server.
A. The NAT gateway does not support UDP traffic.
B. The authentication server is not accepting traffic.
C. The NAT gateway cannot allocate more ports.
D. The NAT gateway is launched in a private subnet.
2. You run a well-architected, multi-AZ application in the eu-central-1 (Frankfurt) AWS region. The application is hosted in a VPC and is only accessed from the corporate network. To support large volumes of data transfer and administration of the application, you use a single 10-Gbps AWS Direct Connect connection with multiple private virtual interfaces. As part of a review, you decide to improve the resilience of your connection to AWS and make sure that any additional connectivity does not share the same Direct Connect routers at AWS. You need to provide the best levels of resilience to meet the application’s needs. Which two options should you consider? (Select two.)
A. Install a second 10-Gbps Direct Connect connection to the same Direct Connection location.
B. Deploy an IPsec VPN over a public virtual interface on a new 10-Gbps Direct Connect connection.
C. Install a second 10-Gbps Direct Connect connection to a Direct Connect location in eu-west-1.
D. Deploy an IPsec VPN over the Internet to the eu-west-1 region for diversity.
E. Install a second 10-Gbps Direct Connect connection to a second Direct Connect location for eu-central-1.
3. Your company maintains an Amazon Route 53 private hosted zone. DNS resolution is restricted to a single, pre-existing VPC. For a new application deployment, you create an additional VPC in the same AWS account. Both this new VPC and your on-premises DNS infrastructure must resolve records in the existing private hosted zone. Which two activities are required to enable DNS resolution both within the new VPC and from the on-premises infrastructure? (Select two.)
A. Update the DHCP options set for the new VPC with the Route 53 nameserver IP addresses.
B. Update the Route 53 private hosted zone’s VPC associations to include the new VPC.
C. Launch Amazon EC2-based DNS proxies in the new VPC. Specify the proxies as forwarders in the on-premises DNS.
D. Update the on-premises DNS to include forwarders to the Route 53 nameserver IP addresses.
E. Launch Amazon EC2-based DNS proxies in the new VPC. Specify the proxies in the DHCP options set.
4. Your company runs an HTTPS application using an Elastic Load Balancing (ELB) load balancer/PHP on nginx server/RDS in multiple Availability Zones. You need to apply Geographic Restriction and identify the client’s IP address in your application to generate dynamic content. How should you utilize AWS services in a scalable fashion to perform this task?
A. Modify the nginx log configuration to record value in X-Forwarded-For and use CloudFront to apply the Geographic Restriction.
B. Enable ELB access logs to store the client IP address and parse these to dynamically modify a blacklist. 4
C. Use X-Forwarded-For with security groups to apply the Geographic Restriction.
D. Modify the application code to use value of X-Forwarded-For and CloudFront to apply the Geographic Restriction.
5. A network architect is designing an internet website. It has web, application, and database tiers that will run in AWS. The website uses Amazon DynamoDB. Which architecture will minimize public exposure of the back-end instances?
A. A VPC with public subnets for the NLB, public subnets for the web tier, private subnets for the application tier, and private subnets for DynamoDB.
B. A VPC with public subnets for the ALB, private subnets for the web tier, and private subnets for the application tier. The application tier connects DynamoDB through a VPC endpoint.
C. A VPC with public subnets for the ALB, public subnets for the web tier, private subnets for the application tier, and private subnets for DynamoDB.
D. A VPC with public subnets for the NLB, private subnets for the web tier, and public subnets for the application tier. The application tier connects DynamoDB through a VPC endpoint.
6. A company has a hybrid IT architecture with two AWS Direct Connect connections to provide high availability. The services hosted on-premises are accessible using public IPs, and are also on the 172.16.0.0/16 range. The AWS resources are on the 192.168.0.0/18 range. The company wants to use Amazon Elastic Load Balancing for SSL offloading, health checks, and sticky sessions. What should be done to meet these requirements?
A. Create a Network Load Balancer pointing to the on-premises server's private IP address.
B. Create an Amazon CloudFront distribution for the on-premises service and use the public IPs of the on-premises servers as the origin.
C. Create a Network Load Balancer pointing to the on-premises server's public IP address.
D. Create an Application Load Balancer pointing to the on-premises server's private IP address.
7. A company uses an Application Load Balancer (ALB) to provide access to a multi-tenant web application for 25 customers The company creates a unique hostname for each customer to use to access the application Hostnames use the format customer-name example.com. Each customer has a dedicated group of Amazon EC2 instances that run their own version of the web application. When a customer visits customer-name example com, the ALB should route the request to the correct group of EC2 instances The company requires a highly available solution that is easy to maintain Which solution meets these requirements at the LOWEST cost?
A. Create one ALB for all customers Create a listener rule that includes an HTTP header condition to match the URL Add a forward action to route the request to the customer target group Use Amazon Route 53 to create an alias record for each customer-name example com hostname that points to the ALB
B. Create one ALB for each customer Configure the listener to route requests to the customer target group Configure an NGINX proxy server to manage connections to each ALB Use Amazon Route 53 to create a CNAME record for each customer-name example com hostname that points to the NGINX proxy server
C. Create one ALB for ail customers Create a listener rule that includes a Host header condition to match the hostname Add a forward action to route the request to the customer target group Use Amazon Route 53 to create an alias record for each customer-name example com hostname that points to the ALB
D. Create one ALB for each customer Configure the listener to route requests to the customer target group Create an Amazon CloudFront distribution Add each ALB to the distribution as a custom origin Use Amazon Route 53 to create an alias for each customer-name example com hostname that points to the CloudFront distribution
8. A company’s web application is deployed on Amazon EC2 instances behind a public Application Load Balancer. The application flags malicious requests and uses an AWS Lambda function to add the offending IP addresses to the network ACL to block any further request for 24 hours. Recently, the application has been receiving more malicious requests, which causes the network ACL to reach its limit of allowed entries. Which action should be taken to block more IP addresses, without compromising the existing security requirements?
A. Update the AWS Lambda function to remove blocked entries from the network ACL after 2 hours.
B. Update the AWS Lambda function to block malicious IPs in security groups rather than the network ACL.
C. Update the AWS Lambda function to block malicious IPs in AWS WAF attached to the Application Load Balancer.
D. Update the AWS Lambda function to add an additional network ACL to the subnets once the limit for the previous ones has been reached.
9. An application runs on a fleet of Amazon EC2 instances in a VPC. All instances can reach one another using private IP addresses. The application owner has a new requirement that the domain name received via DHCP should be different for a particular set of instances that are currently in one particular subnet. What changes should be made to meet this requirement while continuing to support the existing application requirements?
A. Modify the existing DHCP option set and specify the different domain name for the specified subnet.
B. Create a new DHCP option set with the different domain name, associate it with the specified subnet, and re-launch the Amazon EC2 instances.
C. Create a new subnet, configure the DHCP option set with the different domain name, and re-launch the required instances there.
D. Create a new peered VPC, configure the DHCP option set with the different domain name, and re-launch the required instances there.