Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Amazon
  3. ANS-C01

Amazon AWS Certified Advanced Networking - Specialty ANS-C01 ANS-C01 Exam Questions in PDF

Free Amazon ANS-C01 Dumps Questions (page: 1)

ANS-C01 PDF — 291 Questions

A company is planning to create a service that requires encryption in transit. The traffic must not be decrypted between the client and the backend of the service. The company will implement the service by using the gRPC protocol over TCP port 443. The service will scale up to thousands of simultaneous connections. The backend of the service will be hosted on an Amazon Elastic Kubernetes Service (Amazon EKS) duster with the Kubernetes Cluster Autoscaler and the Horizontal Pod Autoscaler configured. The company needs to use mutual TLS for two-way authentication between the client and the backend.
Which solution will meet these requirements?

  1. Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure a Network Load Balancer with a TCP listener on port 443 to forward traffic to the IP addresses of the backend service Pods.
  2. Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure an Application Load Balancer with an HTTPS listener on port 443 to forward traffic to the IP addresses of the backend service Pods.
  3. Create a target group. Add the EKS managed node group's Auto Scaling group as a target Create an Application Load Balancer with an HTTPS listener on port 443 to forward traffic to the target group.
  4. Create a target group. Add the EKS managed node group’s Auto Scaling group as a target. Create a Network Load Balancer with a TLS listener on port 443 to forward traffic to the target group.

Answer(s): D



A company is deploying a new application in the AWS Cloud. The company wants a highly available web server that will sit behind an Elastic Load Balancer. The load balancer will route requests to multiple target groups based on the URL in the request. All traffic must use HTTPS. TLS processing must be offloaded to the load balancer. The web server must know the user’s IP address so that the company can keep accurate logs for security purposes.
Which solution will meet these requirements?

  1. Deploy an Application Load Balancer with an HTTPS listener. Use path-based routing rules to forward the traffic to the correct target group. Include the X-Forwarded-For request header with traffic to the targets.
  2. Deploy an Application Load Balancer with an HTTPS listener for each domain. Use host-based routing rules to forward the traffic to the correct target group for each domain. Include the X-Forwarded-For request header with traffic to the targets.
  3. Deploy a Network Load Balancer with a TLS listener. Use path-based routing rules to forward the traffic to the correct target group. Configure client IP address preservation for traffic to the targets.
  4. Deploy a Network Load Balancer with a TLS listener for each domain. Use host-based routing rules to forward the traffic to the correct target group for each domain. Configure client IP address preservation for traffic to the targets.

Answer(s): A

Explanation:

An Application Load Balancer (ALB) can be used to route traffic to multiple target groups based on the URL in the request.

The ALB can be configured with an HTTPS listener to ensure all traffic uses HTTPS.

TLS processing can be offloaded to the ALB, which reduces the load on the web server.

Path-based routing rules can be used to route traffic to the correct target group based on the URL in the request.

The X-Forwarded-For request header can be included with traffic to the targets, which will allow the web server to know the user's IP address and keep accurate logs for security purposes.


Reference:

https://repost.aws/knowledge-center/elb-achieve-path-based-routing-alb
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/x-forwarded-headers.html



A company has developed an application on AWS that will track inventory levels of vending machines and initiate the restocking process automatically. The company plans to integrate this application with vending machines and deploy the vending machines in several markets around the world. The application resides in a VPC in the us-east-1 Region. The application consists of an Amazon Elastic Container Service (Amazon ECS) cluster behind an Application Load Balancer (ALB). The communication from the vending machines to the application happens over HTTPS.
The company is planning to use an AWS Global Accelerator accelerator and configure static IP addresses of the accelerator in the vending machines for application endpoint access. The application must be accessible only through the accelerator and not through a direct connection over the internet to the ALB endpoint.

Which solution will meet these requirements?

  1. Configure the ALB in a private subnet of the VPC. Attach an internet gateway without adding routes in the subnet route tables to point to the internet gateway. Configure the accelerator with endpoint groups that include the ALB endpoint. Configure the ALB’s security group to only allow inbound traffic from the internet on the ALB listener port.
  2. Configure the ALB in a private subnet of the VPC. Configure the accelerator with endpoint groups that include the ALB endpoint. Configure the ALB's security group to only allow inbound traffic from the internet on the ALB listener port.
  3. Configure the ALB in a public subnet of the VPAttach an internet gateway. Add routes in the subnet route tables to point to the internet gateway. Configure the accelerator with endpoint groups that include the ALB endpoint. Configure the ALB's security group to only allow inbound traffic from the accelerator's IP addresses on the ALB listener port.
  4. Configure the ALB in a private subnet of the VPC. Attach an internet gateway. Add routes in the subnet route tables to point to the internet gateway. Configure the accelerator with endpoint groups that include the ALB endpoint. Configure the ALB's security group to only allow inbound traffic from the accelerator's IP addresses on the ALB listener port.

Answer(s): A



A global delivery company is modernizing its fleet management system. The company has several business units. Each business unit designs and maintains applications that are hosted in its own AWS account in separate application VPCs in the same AWS Region. Each business unit's applications are designed to get data from a central shared services VPC.

The company wants the network connectivity architecture to provide granular security controls. The architecture also must be able to scale as more business units consume data from the central shared services VPC in the future.

Which solution will meet these requirements in the MOST secure manner?

  1. Create a central transit gateway. Create a VPC attachment to each application VPC. Provide full mesh connectivity between all the VPCs by using the transit gateway.
  2. Create VPC peering connections between the central shared services VPC and each application VPC in each business unit's AWS account.
  3. Create VPC endpoint services powered by AWS PrivateLink in the central shared services VPCreate VPC endpoints in each application VP
  4. Create a central transit VPC with a VPN appliance from AWS Marketplace. Create a VPN attachment from each VPC to the transit VPC. Provide full mesh connectivity among all the VPCs.

Answer(s): C



A company uses a 4 Gbps AWS Direct Connect dedicated connection with a link aggregation group (LAG) bundle to connect to five VPCs that are deployed in the us-east-1 Region. Each VPC serves a different business unit and uses its own private VIF for connectivity to the on-premises environment. Users are reporting slowness when they access resources that are hosted on AWS.

A network engineer finds that there are sudden increases in throughput and that the Direct Connect connection becomes saturated at the same time for about an hour each business day. The company wants to know which business unit is causing the sudden increase in throughput. The network engineer must find out this information and implement a solution to resolve the problem.
Which solution will meet these requirements?

  1. Review the Amazon CloudWatch metrics for VirtualInterfaceBpsEgress and VirtualInterfaceBpsIngress to determine which VIF is sending the highest throughput during the period in which slowness is observed. Create a new 10 Gbps dedicated connection. Shift traffic from the existing dedicated connection to the new dedicated connection.
  2. Review the Amazon CloudWatch metrics for VirtualInterfaceBpsEgress and VirtualInterfaceBpsIngress to determine which VIF is sending the highest throughput during the period in which slowness is observed. Upgrade the bandwidth of the existing dedicated connection to 10 Gbps.
  3. Review the Amazon CloudWatch metrics for ConnectionBpsIngress and ConnectionPpsEgress to determine which VIF is sending the highest throughput during the period in which slowness is observed. Upgrade the existing dedicated connection to a 5 Gbps hosted connection.
  4. Review the Amazon CloudWatch metrics for ConnectionBpsIngress and ConnectionPpsEgress to determine which VIF is sending the highest throughput during the period in which slowness is observed. Create a new 10 Gbps dedicated connection. Shift traffic from the existing dedicated connection to the new dedicated connection.

Answer(s): A



A software-as-a-service (SaaS) provider hosts its solution on Amazon EC2 instances within a VPC in the AWS Cloud. All of the provider's customers also have their environments in the AWS Cloud.
A recent design meeting revealed that the customers have IP address overlap with the provider's AWS deployment. The customers have stated that they will not share their internal IP addresses and that they do not want to connect to the provider's SaaS service over the internet.
Which combination of steps is part of a solution that meets these requirements? (Choose two.)

  1. Deploy the SaaS service endpoint behind a Network Load Balancer.
  2. Configure an endpoint service, and grant the customers permission to create a connection to the endpoint service.
  3. Deploy the SaaS service endpoint behind an Application Load Balancer.
  4. Configure a VPC peering connection to the customer VPCs. Route traffic through NAT gateways.
  5. Deploy an AWS Transit Gateway, and connect the SaaS VPC to it. Share the transit gateway with the customers. Configure routing on the transit gateway.

Answer(s): A,B

Explanation:

Option A, deploying the SaaS service endpoint behind a Network Load Balancer (NLB), allows the provider to present a single IP address to customers, while maintaining a highly available and scalable architecture. This is achieved by mapping the NLB's IP address to the SaaS service endpoint.

Option B, configuring an endpoint service, enables customers to connect to the SaaS service endpoint using their own private IP addresses. This allows customers to avoid IP address overlap with the provider's AWS deployment and provides a secure, private connection to the SaaS service without traversing the internet.


Reference:

https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-access-saas.html



A network engineer is designing the architecture for a healthcare company's workload that is moving to the AWS Cloud. All data to and from the on-premises environment must be encrypted in transit. All traffic also must be inspected in the cloud before the traffic is allowed to leave the cloud and travel to the on-premises environment or to the internet.

The company will expose components of the workload to the internet so that patients can reserve appointments. The architecture must secure these components and protect them against DDoS attacks. The architecture also must provide protection against financial liability for services that scale out during a DDoS event.

Which combination of steps should the network engineer take to meet all these requirements for the workload? (Choose three.)

  1. Use Traffic Mirroring to copy all traffic to a fleet of traffic capture appliances.
  2. Set up AWS WAF on all network components.
  3. Configure an AWS Lambda function to create Deny rules in security groups to block malicious IP addresses.
  4. Use AWS Direct Connect with MACsec support for connectivity to the cloud.
  5. Use Gateway Load Balancers to insert third-party firewalls for inline traffic inspection.
  6. Configure AWS Shield Advanced and ensure that it is configured on all public assets.

Answer(s): D,E,F



A retail company is running its service on AWS. The company’s architecture includes Application Load Balancers (ALBs) in public subnets. The ALB target groups are configured to send traffic to backend Amazon EC2 instances in private subnets. These backend EC2 instances can call externally hosted services over the internet by using a NAT gateway.

The company has noticed in its billing that NAT gateway usage has increased significantly. A network engineer needs to find out the source of this increased usage.

Which options can the network engineer use to investigate the traffic through the NAT gateway? (Choose two.)

  1. Enable VPC flow logs on the NAT gateway's elastic network interface. Publish the logs to a log group in Amazon CloudWatch Logs. Use CloudWatch Logs Insights to query and analyze the logs.
  2. Enable NAT gateway access logs. Publish the logs to a log group in Amazon CloudWatch Logs. Use CloudWatch Logs Insights to query and analyze the logs.
  3. Configure Traffic Mirroring on the NAT gateway's elastic network interface. Send the traffic to an additional EC2 instance. Use tools such as tcpdump and Wireshark to query and analyze the mirrored traffic.
  4. Enable VPC flow logs on the NAT gateway's elastic network interface. Publish the logs to an Amazon S3 bucket. Create a custom table for the S3 bucket in Amazon Athena to describe the log structure. Use Athena to query and analyze the logs.
  5. Enable NAT gateway access logs. Publish the logs to an Amazon S3 bucket. Create a custom table for the S3 bucket in Amazon Athena to describe the log structure. Use Athena to query and analyze the logs.

Answer(s): A,D



Viewing page 1 of 29

Share your comments for Amazon ANS-C01 exam with other users:

B
Bella
7/22/2023 2:05:00 AM

not able to see questions

Anonymous
S
Scott
9/8/2023 7:19:00 AM

by far one of the best sites for free questions. i have pass 2 exams with the help of this website.

CANADA
D
donald
8/19/2023 11:05:00 AM

excellent question bank.

Anonymous
A
Ashwini
8/22/2023 5:13:00 AM

it really helped

Anonymous
S
sk
5/13/2023 2:07:00 AM

excelent material

INDIA
C
Christopher
9/5/2022 10:54:00 PM

the new versoin of this exam which i downloaded has all the latest questions from the exam. i only saw 3 new questions in the exam which was not in this dump.

CANADA
S
Sam
9/7/2023 6:51:00 AM

question 8 - can cloudtrail be used for storing jobs? based on aws - aws cloudtrail is used for governance, compliance and investigating api usage across all of our aws accounts. every action that is taken by a user or script is an api call so this is logged to [aws] cloudtrail. something seems incorrect here.

UNITED STATES
T
Tanvi Rajput
8/14/2023 10:55:00 AM

question 13 tda - c01 answer : quick table calculation -> percentage of total , compute using table down

UNITED KINGDOM
P
PMSAGAR
9/19/2023 2:48:00 AM

pls share teh dump

UNITED STATES
Z
zazza
6/16/2023 10:47:00 AM

question 44 answer is user risk

ITALY
P
Prasana
6/23/2023 1:59:00 AM

please post the questions for preparation

Anonymous
T
test user
9/24/2023 3:15:00 AM

thanks for the questions

AUSTRALIA
D
Draco
7/19/2023 5:34:00 AM

please reopen it now ..its really urgent

UNITED STATES
M
Megan
4/14/2023 5:08:00 PM

these practice exam questions were exactly what i needed. the variety of questions and the realistic exam-like environment they created helped me assess my strengths and weaknesses. i felt more confident and well-prepared on exam day, and i owe it to this exam dumps!

UNITED KINGDOM
A
abdo casa
8/9/2023 6:10:00 PM

thank u it very instructuf

Anonymous
D
Danny
1/15/2024 9:10:00 AM

its helpful?

INDIA
H
hanaa
10/3/2023 6:57:00 PM

is this dump still valid???

Anonymous
G
Georgio
1/19/2024 8:15:00 AM

question 205 answer is b

Anonymous
M
Matthew Dievendorf
5/30/2023 9:37:00 PM

question 39, should be answer b, directions stated is being sudneted from /21 to a /23. a /23 has 512 ips so 510 hosts. and can make 4 subnets out of the /21

Anonymous
A
Adhithya
8/11/2022 12:27:00 AM

beautiful test engine software and very helpful. questions are same as in the real exam. i passed my paper.

UNITED ARAB EMIRATES
S
SuckerPumch88
4/25/2022 10:24:00 AM

the questions are exactly the same in real exam. just make sure not to answer all them correct or else they suspect you are cheating.

UNITED STATES
S
soheib
7/24/2023 7:05:00 PM

question: 78 the right answer i think is d not a

Anonymous
S
srija
8/14/2023 8:53:00 AM

very helpful

EUROPEAN UNION
T
Thembelani
5/30/2023 2:17:00 AM

i am writing this exam tomorrow and have dumps

Anonymous
A
Anita
10/1/2023 4:11:00 PM

can i have the icdl excel exam

Anonymous
B
Ben
9/9/2023 7:35:00 AM

please upload it

Anonymous
A
anonymous
9/20/2023 11:27:00 PM

hye when will post again the past year question for this h13-311_v3 part since i have to for my test tommorow…thank you very much

Anonymous
R
Randall
9/28/2023 8:25:00 PM

on question 22, option b-once per session is also valid.

Anonymous
T
Tshegofatso
8/28/2023 11:51:00 AM

this website is very helpful

SOUTH AFRICA
P
philly
9/18/2023 2:40:00 PM

its my first time exam

SOUTH AFRICA
B
Beexam
9/4/2023 9:06:00 PM

correct answers are device configuration-enable the automatic installation of webview2 runtime. & policy management- prevent users from submitting feedback.

NEW ZEALAND
R
RAWI
7/9/2023 4:54:00 AM

is this dump still valid? today is 9-july-2023

SWEDEN
A
Annie
6/7/2023 3:46:00 AM

i need this exam.. please upload these are really helpful

PAKISTAN
S
Shubhra Rathi
8/26/2023 1:08:00 PM

please upload the oracle 1z0-1059-22 dumps

Anonymous
AI Tutor 👋 I’m here to help!