Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors

Amazon AWS Certified Advanced Networking - Specialty ANS-C01 AWS Certified Advanced Networking - Specialty ANS-C01 Dumps in PDF

Free Amazon AWS Certified Advanced Networking - Specialty ANS-C01 Real Questions (page: 11)

AWS Certified Advanced Networking - Specialty ANS-C01 PDF — 296 Questions

A real estate company is building an internal application so that real estate agents can upload photos and videos of various properties. The application will store these photos and videos in an Amazon S3 bucket as objects and will use Amazon DynamoDB to store corresponding metadata. The S3 bucket will be configured to publish all PUT events for new object uploads to an Amazon Simple Queue Service (Amazon SQS) queue.

A compute cluster of Amazon EC2 instances will poll the SQS queue to find out about newly uploaded objects. The cluster will retrieve new objects, perform proprietary image and video recognition and classification update metadata in DynamoDB and replace the objects with new watermarked objects. The company does not want public IP addresses on the EC2 instances.

Which networking design solution will meet these requirements MOST cost-effectively as application usage increases?

  1. Place the EC2 instances in a public subnet. Disable the Auto-assign Public IP option while launching the EC2 instances. Create an internet gateway. Attach the internet gateway to the VPC. In the public subnet's route table, add a default route that points to the internet gateway.
  2. Place the EC2 instances in a private subnet. Create a NAT gateway in a public subnet in the same Availability Zone. Create an internet gateway. Attach the internet gateway to the VPC. In the public subnet's route table, add a default route that points to the internet gateway
  3. Place the EC2 instances in a private subnet. Create an interface VPC endpoint for Amazon SQS. Create gateway VPC endpoints for Amazon S3 and DynamoDB.
  4. Place the EC2 instances in a private subnet. Create a gateway VPC endpoint for Amazon SQS. Create interface VPC endpoints for Amazon S3 and DynamoDB.

Answer(s): D



A company has an AWS Direct Connect connection between its on-premises data center in the United States (US) and workloads in the us-east-1 Region. The connection uses a transit VIF to connect the data center to a transit gateway in us-east-1.

The company is opening a new office in Europe with a new on-premises data center in England. A Direct Connect connection will connect the new data center with some workloads that are running in a single VPC in the eu-west-2 Region. The company needs to connect the US data center and us-east-1 with the Europe data center and eu-west-2. A network engineer must establish full connectivity between the data centers and Regions with the lowest possible latency.

How should the network engineer design the network architecture to meet these requirements?

  1. Connect the VPC in eu-west-2 with the Europe data center by using a Direct Connect gateway and a private VIF. Associate the transit gateway in us-east-1 with the same Direct Connect gateway. Enable SiteLink for the transit VIF and the private VIF.
  2. Connect the VPC in eu-west-2 to a new transit gateway. Connect the Europe data center to the new transit gateway by using a Direct Connect gateway and a new transit VIF. Associate the transit gateway in us-east- 1 with the same Direct Connect gateway. Enable SiteLink for both transit VIFs. Peer the two transit gateways.
  3. Connect the VPC in eu-west-2 to a new transit gateway. Connect the Europe data center to the new transit gateway by using a Direct Connect gateway and a new transit VIF. Create a new Direct Connect gateway.
    Associate the transit gateway in us-east-1 with the new Direct Connect gateway. Enable SiteLink for both transit VIFs. Peer the two transit gateways.
  4. Connect the VPC in eu-west-2 with the Europe data center by using a Direct Connect gateway and a private
    VIF. Create a new Direct Connect gateway. Associate the transit gateway in us-east-1 with the new Direct Connect gateway. Enable SiteLink for the transit VIF and the private VIF.

Answer(s): B



A network engineer has deployed an Amazon EC2 instance in a private subnet in a VPC. The VPC has no public subnet. The EC2 instance hosts application code that sends messages to an Amazon Simple Queue Service (Amazon SQS) queue. The subnet has the default network ACL with no modification applied. The EC2 instance has the default security group with no modification applied.

The SQS queue is not receiving messages.

Which of the following are possible causes of this problem? (Choose two.)

  1. The EC2 instance is not attached to an IAM role that allows write operations to Amazon SQS.
  2. The security group is blocking traffic to the IP address range used by Amazon SQS
  3. There is no interface VPC endpoint configured for Amazon SQS
  4. The network ACL is blocking return traffic from Amazon SQS
  5. There is no route configured in the subnet route table for the IP address range used by Amazon SQS

Answer(s): A,C



A network engineer needs to standardize a company's approach to centralizing and managing interface VPC endpoints for private communication with AWS services. The company uses AWS Transit Gateway for inter- VPC connectivity between AWS accounts through a hub-and-spoke model. The company's network services team must manage all Amazon Route 53 zones and interface endpoints within a shared services AWS account. The company wants to use this centralized model to provide AWS resources with access to AWS Key Management Service (AWS KMS) without sending traffic over the public internet.

What should the network engineer do to meet these requirements?

  1. In the shared services account, create an interface endpoint for AWS KMS. Modify the interface endpoint by disabling the private DNS name. Create a private hosted zone in the shared services account with an alias record that points to the interface endpoint. Associate the private hosted zone with the spoke VPCs in each AWS account.
  2. In the shared services account, create an interface endpoint for AWS KMS. Modify the interface endpoint by disabling the private DNS name. Create a private hosted zone in each spoke AWS account with an alias record that points to the interface endpoint. Associate each private hosted zone with the shared services AWS account.
  3. In each spoke AWS account, create an interface endpoint for AWS KMS. Modify each interface endpoint by disabling the private DNS name. Create a private hosted zone in each spoke AWS account with an alias record that points to each interface endpoint. Associate each private hosted zone with the shared services AWS account.
  4. In each spoke AWS account, create an interface endpoint for AWS KMS. Modify each interface endpoint by disabling the private DNS name. Create a private hosted zone in the shared services account with an alias record that points to each interface endpoint. Associate the private hosted zone with the spoke VPCs in each AWS account.

Answer(s): A



A development team is building a new web application in the AWS Cloud. The main company domain, example.com, is currently hosted in an Amazon Route 53 public hosted zone in one of the company's production AWS accounts.

The developers want to test the web application in the company's staging AWS account by using publicly resolvable subdomains under the example.com domain with the ability to create and delete DNS records as needed. Developers have full access to Route 53 hosted zones within the staging account, but they are prohibited from accessing resources in any of the production AWS accounts.

Which combination of steps should a network engineer take to allow the developers to create records under the example com domain? (Choose two.)

  1. Create a public hosted zone for example.com in the staging account
  2. Create a staging example.com NS record in the example.com domain. Populate the value with the name servers from the staging.example.com domain. Set the routing policy type to simple routing.
  3. Create a private hosted zone for staging.example.com in the staging account.
  4. Create an example.com NS record in the staging.example.com domain. Populate the value with the name servers from the example.com domain. Set the routing policy type to simple routing.
  5. Create a public hosted zone for staging.example.com in the staging account.

Answer(s): B,E



A company plans to deploy a two-tier web application to a new VPC in a single AWS Region. The company has configured the VPC with an internet gateway and four subnets. Two of the subnets are public and have default routes that point to the internet gateway. Two of the subnets are private and share a route table that does not have a default route.

The application will run on a set of Amazon EC2 instances that will be deployed behind an external Application Load Balancer. The EC2 instances must not be directly accessible from the internet. The application will use an Amazon S3 bucket in the same Region to store data. The application will invoke S3 GET API operations and S3 PUT API operations from the EC2 instances. A network engineer must design a VPC architecture that minimizes data transfer cost.

Which solution will meet these requirements?

  1. Deploy the EC2 instances in the public subnets. Create an S3 interface endpoint in the VPC. Modify the application configuration to use the S3 endpoint-specific DNS hostname.
  2. Deploy the EC2 instances in the private subnets. Create a NAT gateway in the VPC. Create default routes in the private subnets to the NAT gateway. Connect to Amazon S3 by using the NAT gateway.
  3. Deploy the EC2 instances in the private subnets. Create an S3 gateway endpoint in the VP Specify die route table of the private subnets during endpoint creation to create routes to Amazon S3.
  4. Deploy the EC2 instances in the private subnets. Create an S3 interface endpoint in the VPC. Modify the application configuration to use the S3 endpoint-specific DNS hostname.

Answer(s): C



A company has two AWS accounts one for Production and one for Connectivity. A network engineer needs to connect the Production account VPC to a transit gateway in the Connectivity account. The feature to auto accept shared attachments is not enabled on the transit gateway.

Which set of steps should the network engineer follow in each AWS account to meet these requirements?

  1. 1. In the Production account: Create a resource share in AWS Resource Access Manager for the transit gateway. Provide the Connectivity account ID. Enable the feature to allow external accounts
    2. In the Connectivity account: Accept the resource.
    3. In the Connectivity account: Create an attachment to the VPC subnets.
    4. In the Production account: Accept the attachment. Associate a route table with the attachment.
  2. 1. In the Production account: Create a resource share in AWS Resource Access Manager for the VPC subnets. Provide the Connectivity account ID. Enable the feature to allow external accounts.
    2. In the Connectivity account: Accept the resource.
    3. In the Production account: Create an attachment on the transit gateway to the VPC subnets.
    4. In the Connectivity account: Accept the attachment. Associate a route table with the attachment.
  3. 1. In the Connectivity account: Create a resource share in AWS Resource Access Manager for the VPC subnets. Provide the Production account ID. Enable the feature to allow external accounts.
    2. In the Production account: Accept the resource.
    3. In the Connectivity account: Create an attachment on the transit gateway to the VPC subnets.
    4. In the Production account: Accept the attachment. Associate a route table with the attachment.
  4. 1. In the Connectivity account: Create a resource share in AWS Resource Access Manager for the transit gateway. Provide the Production account ID Enable the feature to allow external accounts.
    2. In the Production account: Accept the resource.
    3. In the Production account: Create an attachment to the VPC subnets.
    4. In the Connectivity account: Accept the attachment. Associate a route table with the attachment.

Answer(s): B



A company is running multiple workloads on Amazon EC2 instances in public subnets. In a recent incident, an attacker exploited an application vulnerability on one of the EC2 instances to gain access to the instance. The company fixed the application and launched a replacement EC2 instance that contains the updated application.

The attacker used the compromised application to spread malware over the internet. The company became aware of the compromise through a notification from AWS. The company needs the ability to identify when an application that is deployed on an EC2 instance is spreading malware.

Which solution will meet this requirement with the LEAST operational effort?

  1. Use Amazon GuardDuty to analyze traffic patterns by inspecting DNS requests and VPC flow logs.
  2. Use Amazon GuardDuty to deploy AWS managed decoy systems that are equipped with the most recent malware signatures.
  3. Set up a Gateway Load Balancer. Run an intrusion detection system (IDS) appliance from AWS Marketplace on Amazon EC2 for traffic inspection.
  4. Configure Amazon Inspector to perform deep packet inspection of outgoing traffic.

Answer(s): A



PDF
Viewing page 11 of 38

Share your comments for Amazon AWS Certified Advanced Networking - Specialty ANS-C01 exam with other users:

J
John
8/29/2023 8:59:00 PM

very helpful

Anonymous
K
Kvana
9/28/2023 12:08:00 PM

good info about oml

UNITED STATES
C
Checo Lee
7/3/2023 5:45:00 PM

very useful to practice

UNITED STATES
D
dixitdnoh@gmail.com
8/27/2023 2:58:00 PM

this website is very helpful.

UNITED STATES
S
Sanjay
8/14/2023 8:07:00 AM

good content

INDIA
B
Blessious Phiri
8/12/2023 2:19:00 PM

so challenging

Anonymous
P
PAYAL
10/17/2023 7:14:00 AM

17 should be d ,for morequery its scale out

Anonymous
K
Karthik
10/12/2023 10:51:00 AM

nice question

Anonymous
G
Godmode
5/7/2023 10:52:00 AM

yes.

NETHERLANDS
B
Bhuddhiman
7/30/2023 1:18:00 AM

good mateial

Anonymous
K
KJ
11/17/2023 3:50:00 PM

good practice exam

Anonymous
S
sowm
10/29/2023 2:44:00 PM

impressivre qustion

Anonymous
C
CW
7/6/2023 7:06:00 PM

questions seem helpful

Anonymous
L
luke
9/26/2023 10:52:00 AM

good content

Anonymous
Z
zazza
6/16/2023 9:08:00 AM

question 21 answer is alerts

ITALY
A
Abwoch Peter
7/4/2023 3:08:00 AM

am preparing for exam

Anonymous
M
mohamed
9/12/2023 5:26:00 AM

good one thanks

EGYPT
M
Mfc
10/23/2023 3:35:00 PM

only got thru 5 questions, need more to evaluate

Anonymous
W
Whizzle
7/24/2023 6:19:00 AM

q26 should be b

Anonymous
S
sarra
1/17/2024 3:44:00 AM

the aaa triad in information security is authentication, accounting and authorisation so the answer should be d 1, 3 and 5.

UNITED KINGDOM
D
DBS
5/14/2023 12:56:00 PM

need to attend this

UNITED STATES
D
Da_costa
8/1/2023 5:28:00 PM

these are free brain dumps i understand, how can one get free pdf

Anonymous
V
vikas
10/28/2023 6:57:00 AM

provide access

EUROPEAN UNION
A
Abdullah
9/29/2023 2:06:00 AM

good morning

Anonymous
R
Raj
6/26/2023 3:12:00 PM

please upload the ncp-mci 6.5 dumps, really need to practice this one. thanks guys

Anonymous
M
Miguel
10/5/2023 12:21:00 PM

question 16: https://help.salesforce.com/s/articleview?id=sf.care_console_overview.htm&type=5

SPAIN
H
Hiren Ladva
7/8/2023 10:34:00 PM

yes i m prepared exam

Anonymous
O
oliverjames
10/24/2023 5:37:00 AM

my experience was great with this site as i studied for the ms-900 from here and got 900/1000 on the test. my main focus was on the tutorials which were provided and practice questions. thanks!

GERMANY
B
Bhuddhiman
7/20/2023 11:52:00 AM

great course

UNITED STATES
A
Anuj
1/14/2024 4:07:00 PM

very good question

Anonymous
S
Saravana Kumar TS
12/8/2023 9:49:00 AM

question: 93 which statement is true regarding the result? sales contain 6 columns and values contain 7 columns so c is not right answer.

INDIA
L
Lue
3/30/2023 11:43:00 PM

highly recommend just passed my exam.

CANADA
D
DC
1/7/2024 10:17:00 AM

great practice! thanks

UNITED STATES
A
Anonymus
11/9/2023 5:41:00 AM

anyone who wrote this exam recently?

SOUTH AFRICA
AI Tutor 👋 I’m here to help!