The latest AWS Certified Advanced Networking – Specialty ANS-C01 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Advanced Networking – Specialty ANS-C01 exam and earn AWS Certified Advanced Networking – Specialty ANS-C01 certification.
Table of Contents
- Question 91
- Exam Question
- Correct Answer
- Question 92
- Exam Question
- Correct Answer
- Question 93
- Exam Question
- Correct Answer
- Question 94
- Exam Question
- Correct Answer
- Question 95
- Exam Question
- Correct Answer
- Question 96
- Exam Question
- Correct Answer
- Question 97
- Exam Question
- Correct Answer
- Explanation
- Question 98
- Exam Question
- Correct Answer
- Explanation
- Question 99
- Exam Question
- Correct Answer
- Question 100
- Exam Question
- Correct Answer
Question 91
Exam Question
Your organization has a newly installed 1-Gbps AWS Direct Connect connection. You order the cross-connect from the Direct Connect location provider to the port on your router in the same facility. To enable the use of your first virtual interface, your router must be configured appropriately.
What are the minimum requirements for your router?
A. 1-Gbps Multi Mode Fiber Interface, 802.1Q VLAN, Peer IP Address, BGP Session with MD5.
B. 1-Gbps Single Mode Fiber Interface, 802.1Q VLAN, Peer IP Address, BGP Session with MD5.
C. IPsec Parameters, Pre-Shared key, Peer IP Address, BGP Session with MD5
D. BGP Session with MD5, 802.1Q VLAN, Route-Map, Prefix List, IPsec encrypted GRE Tunnel
Correct Answer
B. 1-Gbps Single Mode Fiber Interface, 802.1Q VLAN, Peer IP Address, BGP Session with MD5.
Question 92
Exam Question
A company is deploying a non-web application on an AWS load balancer. All targets are servers located on-premises that can be accessed by using AWS Direct Connect. The company wants to ensure that the source IP addresses of clients connecting to the application are passed all the way to the end server.
How can this requirement be achieved?
A. Use a Network Load Balancer to automatically preserve the source IP address.
B. Use a Network Load Balancer and enable the X-Forwarded-For attribute.
C. Use a Network Load Balancer and enable the ProxyProtocol v2 attribute.
D. Use an Application Load Balancer to automatically preserve the source IP address in the X-Forwarded-For header.
Correct Answer
C. Use a Network Load Balancer and enable the ProxyProtocol v2 attribute.
Question 93
Exam Question
A company has deployed a new web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group. Enterprise customers from around the world will use the application. Employees of these enterprise customers will connect to the application over HTTPS from office locations.
The company must configure firewalls to allow outbound traffic to only approved IP addresses. The employees of the enterprise customers must be able to access the application with the least amountof latency.
Which change should a network engineer make in the infrastructure to meet these requirements?
A. Create a new Network Load Balancer (NLB). Add the ALB as a target of the NLB.
B. Create a new Amazon CloudFront distribution. Set the ALB as the distribution’s origin.
C. Create a new accelerator in AWS Global Accelerator. Add the ALB as an accelerator endpoint.
D. Create a new Amazon Route 53 hosted zone. Create a new record to route traffic to the ALB.
Correct Answer
B. Create a new Amazon CloudFront distribution. Set the ALB as the distribution’s origin.
Question 94
Exam Question
A company has applications running in a single AWS Region and its on-premises data center in a hybrid mode. The company has a 1 Gbps AWS Direct Connect connection from the data center to AWS that is
65% utilized.
The company has an AWS Enterprise Support plan. The company is planning to deploy a new critical application on AWS that will connect with existing applications running in the data center.
The application SLA requires a minimum of 99.9% network uptime between the data center and AWS.
What is the MOST cost-effective way to meet this SLA requirement?
A. Terminate the existing 1 Gbps Direct Connect connection
B. Set up two new hosted Direct Connect connections of 500 Mbps each through an AWS Direct Connect partner. Provision two virtual interfaces (VIFs) to the existing VPC on both Direct Connect connections, and use BGP for load balancing.
C. Create a second virtual interface (VIF) on the existing Direct Connect connection, and terminate this VIF in the existing VPC. Use BGP for load balancing between the VIFs in active/active mode.
D. Purchase an additional 1 Gbps Direct Connect connection from AWS in a different cross-connect location terminated in the associated Region. Provision a new virtual interface (VIF) to the existing VPC, and use BGP for load balancing
E. Purchase an additional 1 Gbps Direct Connect connection from AWS in the existing cross-connect location. Ask AWS to terminate this new connection in a different router. Provision two virtual interfaces (VIFs) to the same VPC on both Direct Connect connections, and use BGP for load balancing.
Correct Answer
A. Terminate the existing 1 Gbps Direct Connect connection
Question 95
Exam Question
A retail company has set up an AWS Site-to-Site VPN as well as an AWS Direct Connect connection between its on-premises data center and AWS Cloud. The VPN uses dynamic routing. The networking team wants all traffic to use the Direct Connect connection and configure the VPN as a backup.
What would you do to route the traffic through Direct Connect as a preferred connection?
(Select two)
A. Advertise the same prefix for Direct Connect and the VPN
B. Ensure that the Direct Connect connection AS_PATH is shorter than the VPN connection AS_PATH
C. Ensure that the Direct Connect connection AS_PATH is longer than the VPN connection AS_PATH
D. Use the same virtual private gateway for both Direct Connect and the VPN connection to the VPC
E. Add routes to the VPC route tables that specify the Direct Connect connection
Correct Answer
A. Advertise the same prefix for Direct Connect and the VPN
D. Use the same virtual private gateway for both Direct Connect and the VPN connection to the VPC
Question 96
Exam Question
AWS CloudTrail can be configured to ____ log files across multiple accounts and regions so that log files are delivered to a single bucket.
A. aggregate
B. replicate
C. encrypt
D. disperse
Correct Answer
A. aggregate
Question 97
Exam Question
A company is planning to create a service that requires encryption in transit. The traffic must not be decrypted between the client and the backend of the service. The company will implement the service by using the gRPC protocol over TCP port 443. The service will scale up to thousands of simultaneous connections. The backend of the service will be hosted on an Amazon Elastic Kubernetes Service (Amazon EKS) duster with the Kubernetes Cluster Autoscaler and the Horizontal Pod Autoscaler configured. The company needs to use mutual TLS for two-way authentication between the client and the backend.
Which solution will meet these requirements?
A. Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure a Network Load Balancer with a TCP listener on port 443 to forward traffic to the IP addresses of the backend service Pods.
B. Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure an Application Load Balancer with an HTTPS listener on port 443 to forward traffic to the IP addresses of the backend service Pods.
C. Create a target group. Add the EKS managed node group’s Auto Scaling group as a target Create an Application Load Balancer with an HTTPS listener on port 443 to forward traffic to the target group.
D. Create a target group. Add the EKS managed node group’s Auto Scaling group as a target. Create a Network Load Balancer with a TLS listener on port 443 to forward traffic to the target group.
Correct Answer
B. Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure an Application Load Balancer with an HTTPS listener on port 443 to forward traffic to the IP addresses of the backend service Pods.
Explanation
Only ALB supports the gRPC protocol, and the NGINX ingress controller can be used to configure mutual TLS authentication.
Question 98
Exam Question
An insurance company is planning the migration of workloads from its on-premises data center to the AWS Cloud. The company requires end-to-end domain name resolution. Bi-directional DNS resolution between AWS and the existing on-premises environments must be established. The workloads will be migrated into multiple VPCs. The workloads also have dependencies on each other, and not all the workloads will be migrated at the same time.
Which solution meets these requirements?
A. Configure a private hosted zone for each application VPC, and create the requisite records. Create a set of Amazon Route 53 Resolver inbound and outbound endpoints in an egress VPDefine Route 53 Resolver rules to forward requests for the on-premises domains to the on-premises DNS resolver. Associate the application VPC private hosted zones with the egress VPand s
B. Configure a private hosted zone for each application VPC, and create the requisite records. Create a set of Amazon Route 53 Resolver inbound and outbound endpoints in an egress VPC. Define Route 53 Resolver rules to forward requests for the on-premises domains to the on-premises DNS resolver. Associate the application VPC private hosted zones with the egress VPC, and share the Route 53 Resolver rules with the application accounts by using AWS Resource Access Manager. Configure the on-premises DNS servers to forward the cloud domains to the Route 53 inbound endpoints.
C. Configure a public hosted zone for each application VPC, and create the requisite records. Create a set of Amazon Route 53 Resolver inbound and outbound endpoints in an egress VPC. Define Route 53 Resolver rules to forward requests for the on-premises domains to the on-premises DNS resolver. Associate the application VPC private hosted zones with the egress VPC. and share the Route 53 Resolver rules with the application accounts by using AWS Resource Access Manager. Configure the on-premises DNS servers to forward the cloud domains to the Route 53 inbound endpoints.
Correct Answer
B. Configure a private hosted zone for each application VPC, and create the requisite records. Create a set of Amazon Route 53 Resolver inbound and outbound endpoints in an egress VPC. Define Route 53 Resolver rules to forward requests for the on-premises domains to the on-premises DNS resolver. Associate the application VPC private hosted zones with the egress VPC, and share the Route 53 Resolver rules with the application accounts by using AWS Resource Access Manager. Configure the on-premises DNS servers to forward the cloud domains to the Route 53 inbound endpoints.
Explanation
Creating a private hosted zone for each application VPC and creating the requisite records would enable end-to-end domain name resolution for the resources. Creating a set of Amazon Route 53 Resolver inbound and outbound endpoints in an egress VPC would enable bi-directional DNS resolution between AWS and the existing on-premises environments. Defining Route 53 Resolver rules to forward requests for the on-premises domains to the on-premises DNS resolver would enable DNS queries from AWS resources to on-premises resources. Associating the application VPC private hosted zones with the egress VPC and sharing the Route 53 Resolver rules with the application accounts by using AWS Resource Access Manager would enable DNS queries among different VPCs and accounts. Configuring the on-premises DNS servers to forward the cloud domains to the Route 53 inbound endpoints would enable DNS queries from on-premises resources to AWS resources1.
Question 99
Exam Question
A company delivers applications over the internet. An Amazon Route 53 public hosted zone is the authoritative DNS service for the company and its internet applications, all of which are offered from the same domain name.
A network engineer is working on a new version of one of the applications. All the application’s components are hosted in the AWS Cloud. The application has a three-tier design. The front end is delivered through Amazon EC2 instances that are deployed in public subnets with Elastic IP addresses assigned. The backend components are deployed in private subnets from RFC1918.
Components of the application need to be able to access other components of the application within the application’s VPC by using the same host names as the host names that are used over the public internet. The network engineer also needs to accommodate future DNS changes, such as the introduction of new host names or the retirement of DNS entries.
Which combination of steps will meet these requirements? (Choose three.)
A. Add a geoproximity routing policy in Route 53.
B. Create a Route 53 private hosted zone for the same domain name Associate the application’s VPC with the new private hosted zone.
C. Enable DNS hostnames for the application’s VP
D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that runs when AWS CloudTrail logs a Route 53 API call to the public hosted zone. Create an AWS Lambda function as the target of the rule. Configure the function to use the event information to update the private hosted zone.
E. Add the private IP addresses in the existing Route 53 public hosted zone.
F. Create entries in the private hosted zone for each name in the public hosted zone by using the corresponding private IP addresses.
Correct Answer
B. Create a Route 53 private hosted zone for the same domain name Associate the application’s VPC with the new private hosted zone.
C. Enable DNS hostnames for the application’s VP
F. Create entries in the private hosted zone for each name in the public hosted zone by using the corresponding private IP addresses.
Question 100
Exam Question
A Network Engineer is provisioning a subnet for a load balancer that will sit in front of a fleet of application servers in a private subnet. There is limited IP space left in the VPC CIDR. The application has few users now but is expected to grow quickly to millions of users.
What design will use the LEAST amount of IP space, while allowing for this growth?
A. Use two /29 subnets for an Application Load Balancer in different Availability Zones.
B. Use one /28 subnet for an Application Load Balancer. Add another VPC CIDR to the VPC to allow for future growth.
C. Use two /28 subnets for a Network Load Balancer in different Availability Zones.
D. Use one /29 subnet for the Network Load Balancer. Add another VPC CIDR to the VPC to allow for future growth.
Correct Answer
C. Use two /28 subnets for a Network Load Balancer in different Availability Zones.