The latest AWS Certified Advanced Networking – Specialty ANS-C01 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Advanced Networking – Specialty ANS-C01 exam and earn AWS Certified Advanced Networking – Specialty ANS-C01 certification.
Table of Contents
Question 161
Exam Question
A company has developed a new web application that processes confidential data that is hosted on Amazon EC2 instances. The application needs to scale and must use certificates to authenticate clients. The application is configured to request a client’s certificate and will validate the certificate as part of the initial handshake.
Which Elastic Load Balancing (ELB) solution will meet these requirements?
A. Configure an Application Load Balancer (ALB) that includes an HTTPS listener on port 443. Create an Auto Scaling group for the EC2 instances. Configure the Auto Scaling group as the target group of the ALB. Configure HTTPS as the protocol for the target group.
B. Configure a Network Load Balancer (NLB) that includes a TLS listener on port 443. Create an Auto Scaling group for the EC2 instances. Configure the Auto Scaling group as the target group of the NLB. Configure the NLB to terminate TLS. Configure TLS as the protocol for the target group.
C. Configure a Network Load Balancer (NLB) that includes a TCP listener on port 443. Create an Auto Scaling group for the EC2 instances. Configure the Auto Scaling group as the target group of the NLB. Configure TCP as the protocol for the target group.
D. Configure an Application Load Balancer (ALB) that includes a TLS listener on port 443. Create an Auto Scaling group for the EC2 instances. Configure the Auto Scaling group as the target group of the ALB. Configure TLS as the protocol for the target group.
Correct Answer
C. Configure a Network Load Balancer (NLB) that includes a TCP listener on port 443. Create an Auto Scaling group for the EC2 instances. Configure the Auto Scaling group as the target group of the NLB. Configure TCP as the protocol for the target group.
Explanation
The application must scale to handle load and must use client certificates to authenticate directly with a web server. The solution requires the TLS sessions to be connected to the underlying web server or web servers. The need to scale requires the use of an Auto Scaling group with a load balancer. The load balancer must pass the TLS sessions to the Amazon EC2 instances. This architecture is supported by a Network Load Balancer (NLB) with a TCP listener on port 443. The NLB operates at the transport layer of the stack to pass the connection through to the web servers.
The other answer options will end the TLS connection from the client at the load balancer. These options will not allow the client certificate to be visible to the web servers. The NLB with a TCP listener on port 443 is the only option that will maintain the session all the way from the client to the web servers in the Auto Scaling group.
Question 162
Exam Question
A company has multiple VPCs in the us-east-1 Region. The company has deployed a website in one of the VPCs. The company wants to implement split-view DNS so that the website is accessible internally from the VPCs and externally over the internet with the same domain name, example.com.
Which solution will meet these requirements?
A. Change the DHCP options for each VPC to use the IP address of an on-premises DNS server. Create a private hosted zone and a public hosted zone for example.com. Map the private hosted zone to the website’s internal IP address. Map the public hosted zone to the website’s external IP address.
B. Create Amazon Route 53 private hosted zones and public hosted zones that have the same name, example.com. Associate the VPCs with the private hosted zone. Create records in each hosted zone that determine how traffic is routed.
C. Create an Amazon Route 53 Resolver inbound endpoint for resolving example.com internally. Create a Route 53 public hosted zone for routing external DNS queries.
D. Create an Amazon Route 53 Resolver outbound endpoint for resolving example.com externally. Create a Route 53 private hosted zone for routing internal DNS queries.
Correct Answer
B. Create Amazon Route 53 private hosted zones and public hosted zones that have the same name, example.com. Associate the VPCs with the private hosted zone. Create records in each hosted zone that determine how traffic is routed.
Explanation
The solution requires split-view DNS, which is directly supported by Amazon Route 53. You can configure split-view DNS by creating public hosted zones and private hosted zones in Route 53 with the same name. If the private hosted zones are associated with VPCs, Route 53 Resolver will use the private hosted zones to answer queries from those VPCs and will use the public hosted zones to answer public queries.
The other answer options will not work. An on-premises DNS server will not be able to replace Route 53 Resolver for operations within the VPC. A Resolver inbound endpoint will allow on-premises queries from on-premises networks to be resolved. A Resolver outbound endpoint is used to resolve queries from the VPC for on-premises addresses. Neither of those Resolver endpoints will provide the necessary public and internal resolution.
Question 163
Exam Question
A gaming company is planning to launch a globally available game that is hosted in one AWS Region. The game backend is hosted on Amazon EC2 instances that are part of an Auto Scaling group. The game uses the gRPC protocol for bidirectional streaming between game clients and the backend. The company needs to filter incoming traffic based on the source IP address to protect the game.
Which solution will meet these requirements?
A. Configure an AWS Global Accelerator accelerator with an Application Load Balancer (ALB) endpoint. Attach the ALB to the Auto Scaling group. Configure an AWS WAF web ACL for the ALB to filter traffic based on the source IP address.
B. Configure an AWS Global Accelerator accelerator with a Network Load Balancer (NLB) endpoint. Attach the NLB to the Auto Scaling group. Configure security groups for the EC2 instances to filter traffic based on the source IP address.
C. Configure an Amazon CloudFront distribution with an Application Load Balancer (ALB) endpoint. Attach the ALB to the Auto Scaling group. Configure an AWS WAF web ACL for the ALB to filter traffic based on the source IP address.
D. Configure an Amazon CloudFront distribution with a Network Load Balancer (NLB) endpoint. Attach the NLB to the Auto Scaling group. Configure security groups for the EC2 instances to filter traffic based on the source IP address.
Correct Answer
A. Configure an AWS Global Accelerator accelerator with an Application Load Balancer (ALB) endpoint. Attach the ALB to the Auto Scaling group. Configure an AWS WAF web ACL for the ALB to filter traffic based on the source IP address.
Explanation
The accelerator in AWS Global Accelerator will project low-latency endpoints to the global users of the game. The accelerator also will route the traffic over the AWS network backbone to the AWS Region that is hosting the game. The Application Load Balancer (ALB) will support the use of the gRPC protocol and client IP address preservation. The ALB will distribute traffic to the Amazon EC2 instances in the Auto Scaling group to support the game’s load and will provide an endpoint that will support the accelerator. The association of an AWS WAF web ACL with the ALB will provide the required IP filtering.
The other answer options do not meet the requirements. A Network Load Balancer does not support client IP address preservation, and Amazon CloudFront does not support the gRPC protocol.