• Home
  • Articles
  • [2024] Use Valid New Free AWS-Advanced-Networking-Specialty Exam Dumps & Answers [Q47-Q68]

[2024] Use Valid New Free AWS-Advanced-Networking-Specialty Exam Dumps & Answers [Q47-Q68]

Share

[2024] Use Valid New Free AWS-Advanced-Networking-Specialty Exam Dumps & Answers

AWS-Advanced-Networking-Specialty Braindumps PDF, Amazon AWS-Advanced-Networking-Specialty Exam Cram


The ANS-C00 exam covers a wide range of topics related to networking on AWS, including designing and implementing hybrid IT network architectures, implementing and managing AWS Direct Connect, configuring and optimizing network performance, and securing network traffic. AWS-Advanced-Networking-Specialty exam also covers advanced topics such as implementing advanced routing policies and leveraging advanced network services such as AWS Transit Gateway and AWS Global Accelerator. The ANS-C00 exam is designed to test an individual's deep understanding of network design and implementation on AWS.


Amazon AWS-Advanced-Networking-Specialty (ANS-C00) Certification Exam is designed for IT professionals who specialize in advanced networking tasks and operations on the Amazon Web Services (AWS) platform. AWS-Advanced-Networking-Specialty exam is intended to validate the candidate’s skills and knowledge in designing and implementing complex networking solutions on AWS infrastructure. AWS Certified Advanced Networking Specialty (ANS-C00) Exam certification is globally recognized and highly respected in the industry, demonstrating the candidate’s expertise in the field of advanced networking.

 

NEW QUESTION # 47
An organization will be extending its existing on-premises infrastructure into the cloud. The design consists of a transit VPC that contains stateful firewalls that will be deployed in a highly available configuration across two Availability Zones for automatic failover.
What MUST be configured for this design to work? (Select two.)

  • A. Equal-cost multi-path routing (ECMP)
  • B. Static routing
  • C. Autonomous system (AS) path prepending
  • D. A different Autonomous System Number (ASN) for each firewall.
  • E. Border Gateway Protocol (BGP) routing

Answer: C,E

Explanation:
https://docs.aws.amazon.com/solutions/latest/cisco-based-transit-vpc/appendix-a.html


NEW QUESTION # 48
Your company operates a single AWS account. A common services VPC is deployed to provide shared services, such as network scanning and compliance tools. Each AWS workload uses its own VPC, and each VPC must peer with the common services VPC. You must choose the most efficient and cost effective approach.
Which approach should be used to automate the required VPC peering?

  • A. An AWS CloudFormation template that includes a peering request.
  • B. An OpsWorks Chef recipe to execute a command-line peering request.
  • C. Cfn-init with AWS CloudFormation to execute a command-line peering request.
  • D. AWS CloudTrail integration with Amazon CloudWatch Logs to trigger a Lambda function.

Answer: A

Explanation:
Explanation
https://cloakable.irdeto.com/2017/10/11/how-to-implement-vpc-peering-between-2-vpcs-in-the-same-aws-accou


NEW QUESTION # 49
Your application server instances reside in the private subnet of your VPC. These instances need to access a Git repository on the Internet. You create a NAT gateway in the public subnet of your VPC. The NAT gateway can reach the Git repository, but instances in the private subnet cannot.
You confirm that a default route in the private subnet route table points to the NAT gateway. The security group for your application server instances permits all traffic to the NAT gateway.
What configuration change should you make to ensure that these instances can reach the patch server?

  • A. Configure an inbound rule on the application server instance security group for the Git repository.
  • B. Configure an outbound rule on the application server instance security group for the Git repository.
  • C. Configure inbound network access control lists (network ACLs) to allow traffic from the Git repository to the public subnet.
  • D. Assign public IP addresses to the instances and route 0.0.0.0/0 to the Internet gateway.

Answer: B

Explanation:
The traffic leaves the instance destined for the Git repository; at this point, the security group must allow it through. The route then directs that traffic (based on the IP) to the NAT gateway. A is wrong because it removes the private aspect of the subnet and would have no effect on the blocked traffic anyway. C is wrong because the problem is that outgoing traffic is not getting to the NAT gateway. D is wrong because to allow outgoing traffic to the Git repository requires an outgoing security group rule.


NEW QUESTION # 50
An organization is replacing a tape backup system with a storage gateway. there is currently no connectivity to AWS. Initial testing is needed.
What connection option should the organization use to get up and running at minimal cost?

  • A. Set up an AWS VPN connection.
  • B. Use an internet connection.
  • C. Provision a Direct Connect public virtual interface.
  • D. Provision an AWS Direct Connection private virtual interface.

Answer: B


NEW QUESTION # 51
You need to set up a VPN between AWS VPC and your on-premises network. You create a VPN connection in the AWS Management Console, download the configuration file, and install it on your on-premises router. The tunnel is not coming up because of firewall restrictions on your router. Which two network traffic options should you allow through the firewall? (Select two.)

  • A. TCP port 500
  • B. IP protocol 50
  • C. TCP port 50
  • D. UDP port 500
  • E. IP protocol 5

Answer: B,D

Explanation:
References: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_VPN.html


NEW QUESTION # 52
What is the minimum number of subnets for an RDS subnet group? Choose the correct answer:

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A

Explanation:
This allows for high availability and failover in case an RDS instance goes down.


NEW QUESTION # 53
Your company was recently acquired and a Direct Connection connection was extended from your new parent corporation to your AWS VPC using a hosted VIF. What data charges are billed to your account for that connection?
Choose the correct answer:

  • A. You are responsible for all data transfer in.
  • B. You are responsible for all data transfer out.
  • C. You are not charged anything.
  • D. You are only responsible for the port hours of the VIF.

Answer: B

Explanation:
You are only responsible for the data transfer out. The port hours are the responsibility of the owner of the connection.


NEW QUESTION # 54
You currently use a single security group assigned to all nodes in a clustered NoSQL database. Only your cluster members in one region must be able to connect to each other. This security group uses a selfreferencing rule using the cluster security group's group-id to make it easier to add or remove nodes from the cluster. You need to make this database comply with out-of-region disaster recovery requirements and ensure that the network traffic between the nodes is encrypted when travelling between regions. How should you enable secure cluster communication while deploying additional cluster members in another AWS region?

  • A. Create an IPsec VPN between AWS regions, use private IP addresses to route traffic, and create cluster security group CIDR-based rules that correspond with the VPC CIDR in the other region.
  • B. Use public IP addresses and TLS to securely communicate between cluster nodes in each AWS region, and create cluster security group CIDR-based rules that correspond with the VPC CIDR in the other region.
  • C. Use public IP addresses and TLS to securely communicate between cluster nodes in each AWS region, and create cluster security group rules that reference each other's security group-id in each region.
  • D. Create an IPsec VPN between AWS regions, use private IP addresses to route traffic, and create cluster security group rules that reference each other's security group-id in each region.

Answer: C


NEW QUESTION # 55
You currently use a single security group assigned to all nodes in a clustered NoSQL database.
Only your cluster members in one region must be able to connect to each other. This security group uses a self- referencing rule using the cluster security group's group-id to make it easier to add or remove nodes from the cluster. You need to make this database comply with out-of-region disaster recovery requirements and ensure that the network traffic between the nodes is encrypted when travelling between regions.
How should you enable secure cluster communication while deploying additional cluster members in another AWS region?

  • A. Use public IP addresses and TLS to securely communicate between cluster nodes in each AWS region, and create cluster security group CIDR-based rules that correspond with the VPC CIDR in the other region.
  • B. Create an IPsec VPN between AWS regions, use private IP addresses to route traffic, and create cluster security group rules that reference each other's security group-id in each region.
  • C. Create an IPsec VPN between AWS regions, use private IP addresses to route traffic, and create cluster security group CIDR-based rules that correspond with the VPC CIDR in the other region.
  • D. Use public IP addresses and TLS to securely communicate between cluster nodes in each AWS region, and create cluster security group rules that reference each other's security group-id in each region.

Answer: C

Explanation:
https://aws.amazon.com/blogs/database/how-to-configure-a-private-network-environment-for- amazon-dynamodb-using-vpc-endpoints/ So, it's possible to create a more secure environment using private routing, and CDIR based security group references can be created:
https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html


NEW QUESTION # 56
Which other AWS service is used to track `Related Events' within the Configuration Item?

  • A. AWS CloudTrail
  • B. SQS
  • C. AWS WAF
  • D. S3

Answer: A

Explanation:
`Related Events' displays the AWS CloudTrail event ID that is related to the change that triggered the creation of the CI. There is a new CI made for every change made against a resource. As a result a different CloudTrail event IDs will be created. This allows you you to deep-dive into who or what and when made the change that triggered this CI. A great feature allowing for some great analysis to be taken, specifically when this affects security resources.
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#config- item-table


NEW QUESTION # 57
What two items are required for all AWS VPNs?
Choose the 2 correct answers:

  • A. A hardware router
  • B. Virtual Private Gateway
  • C. Customer Gateway
  • D. ASN

Answer: B,C

Explanation:
An ASN is only required for dynamic VPNs and hardware routers are not required.


NEW QUESTION # 58
You currently use a single security group assigned to all nodes in a clustered NoSQL database. Only your cluster members in one region must be able to connect to each other. This security group uses a self- referencing rule using the cluster security group's group-id to make it easier to add or remove nodes from the cluster. You need to make this database comply with out-of-region disaster recovery requirements and ensure that the network traffic between the nodes is encrypted when travelling between regions. How should you enable secure cluster communication while deploying additional cluster members in another AWS region?

  • A. Create an IPsec VPN between AWS regions, use private IP addresses to route traffic, and create cluster security group CIDR-based rules that correspond with the VPC CIDR in the other region.
  • B. Use public IP addresses and TLS to securely communicate between cluster nodes in each AWS region, and create cluster security group CIDR-based rules that correspond with the VPC CIDR in the other region.
  • C. Use public IP addresses and TLS to securely communicate between cluster nodes in each AWS region, and create cluster security group rules that reference each other's security group-id in each region.
  • D. Create an IPsec VPN between AWS regions, use private IP addresses to route traffic, and create cluster security group rules that reference each other's security group-id in each region.

Answer: C


NEW QUESTION # 59
Non-compliant resources identified through the use of AWS Config Rules are automatically removed from operational service.

  • A. False
  • B. True
  • C. It depends on the Rule configuration
  • D. Only if it remains non-compliant for more than 6 hours

Answer: A

Explanation:
Each time a change is made to one of your supported resources, AWS config will check its compliance against any Config Rules that you have in place. If there is a violation against these rules then AWS Config will send a message to the Configuration Stream via SNS and the resource will be marked as `noncompliant'.
It's important to note that this does not mean the resource will be taken out of service or it will stop working. It will continue to operate exactly as it is with its new configuration. AWS Config simply alerts you that there is a violation and it's up to you to take the appropriate action.
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_view-compliance.html


NEW QUESTION # 60
A company is delivering web content from an Amazon EC2 instance in a public subnet with address 2001:db8:1:100::1. Users report they are unable to access the web content. The VPC Flow Logs for the subnet contain the following entries:
2 012345678912 eni-0596e500123456789 2001:db8:2:200::2
2001:db8:1:100::1 0 0 58 234 24336 1551299195 1551299434 ACCEPT OK
2 012345678912 eni-0596e500123456789 2001:db8:1:100::1
2001:db8:2:200::2 0 0 58 234 24336 1551299195 1551299434 REJECT OK
Which action will restore network reachability to the EC2 instance?

  • A. Update the network ACL associated with the subnet to permit inbound traffic.
  • B. Update the network ACL associated with the subnet to permit outbound traffic.
  • C. Update the security group associated with eni-0596e500123456789 to permit outbound traffic.
  • D. Update the security group associated with eni-0596e500123456789 to permit inbound traffic.

Answer: B


NEW QUESTION # 61
A company is deploying a non-web application on an AWS load balancer. All targets are servers located on- premises that can be accessed by using AWS Direct Connect. The company wants to ensure that the source IP addresses of clients connecting to the application are passed all the way to the end server.
How can this requirement be achieved?

  • A. Use an Application Load Balancer to automatically preserve the source IP address in the X-Forwarded- Forheader.
  • B. Use a Network Load Balancer and enable the ProxyProtocolv2 attribute.
  • C. Use a Network Load Balancer and enable the X-Forwarded-Forattribute.
  • D. Use a Network Load Balancer to automatically preserve the source IP address.

Answer: A


NEW QUESTION # 62
A company has a hybrid architecture with dual AWS Direct Connect connections and applications running in the AWS Cloud and on premises The company uses its on-premises DNS servers to provide name resolution tor its internal domain company com The company uses an Amazon Route 53 private hosted zone, aws company com for resolution of AWS resource records A new application that runs on Amazon EC2 in the company's VPC needs to resolve records in the company.com domain and on other AWS resources What should the company do to meet these requirements?

  • A. Create Route 53 Resolver outbound endpoints in each subnet in the VPC Configure a Route 53 forwarding rule with a rule type of Forward for company com that points to the on-premises DNS servers Configure a Route 53 forwarding rule with a rule type of System for aws company com
  • B. Create Route 53 Resolver outbound endpoints in each subnet in the VPC Configure conditional forwarding rules on the on-premises DNS servers to forward queries for the domain aws company com to the Route 53 Resolver endpoints Modify the DHCP options set to configure instances to resolve hostnames using the on-premises DNS servers D. Create a private hosted zone for company com within the AWS account Create Route 53 Resolver inbound endpoints in each subnet in the VPC Configure the on-premises DNS servers to send outbound zone transfers for company com to the Route 53 Resolver endpoints
  • C. Create a new DHCP options set Configure the DHCP options set name servers to be the on-premises DNS servers, and configure the domain name to be company com Assign the DHCP options set to the VPC with the EC2 instances

Answer: B


NEW QUESTION # 63
A computing team is evaluating whether to place a high performance computing (HPC) application in AWS.
The team is concerned about application performance and wants to know what options are available to increase networking performance.
Which of the following changes would increase performance for this application? (Choose two.)

  • A. Enable an MTU of 9001 in the application's operating system.
  • B. Increase the MTU of the VPC to 9001.
  • C. Place the application across many smaller instances to achieve higher total throughput.
  • D. Deploy the application in two Availability Zones and insert them in one placement group.
  • E. Enable enhanced networking on the instances.

Answer: B,E


NEW QUESTION # 64
A financial company is designing a secure AWS network architecture to support a hybrid cloud strategy. Systems deployed in the AWS Cloud are mission critical and have strict availability requirements. The company anticipates the need for hundreds of VPCs. Instances will be transient and rely heavily on DNS resolution. The applications must be designed to have Availability Zone isolation and tolerate the loss of an Availability Zone.
What is the MOST reliable way to implement DNS in this scenario?

  • A. Create a fleet of DNS proxy servers in a central VPC. Share the proxy fleet with each VPC using AWS PrivateLink.
  • B. Create a new DHCP options set with DNS settings with on-premises DNS servers that traverse an AWS Direct Connect connection.
  • C. Modify the default DHCP options set with a fleet of proxy DNS servers that are deployed in each VPC.
  • D. Create private hosted zones and share them with each VPC. Use Amazon Route 53 Resolver for hybrid DNS.

Answer: D

Explanation:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html


NEW QUESTION # 65
Your company maintains an Amazon Route 53 private hosted zone. DNS resolution is restricted to a single, pre-existing VPC. For a new application deployment, you create an additional VPC in the same AWS account. Both this new VPC and your on-premises DNS infrastructure must resolve records in the existing private hosted zone.
Which two activities are required to enable DNS resolution both within the new VPC and from the on- premises infrastructure? (Select two.)

  • A. Launch Amazon EC2-based DNS proxies in the new VPC. Specify the proxies as forwarders in the on- premises DNS.
  • B. Update the Route 53 private hosted zone's VPC associations to include the new VPC.
  • C. Update the on-premises DNS to include forwarders to the Route 53 nameserver IP addresses.
  • D. Update the DHCP options set for the new VPC with the Route 53 nameserver IP addresses.
  • E. Launch Amazon EC2-based DNS proxies in the new VPC. Specify the proxies in the DHCP options set.

Answer: B,D


NEW QUESTION # 66
Your organization has a newly installed 1-Gbps AWS Direct Connect connection. You order the cross- connect from the Direct Connect location provider to the port on your router in the same facility. To enable the use of your first virtual interface, your router must be configured appropriately.
What are the minimum requirements for your router?

  • A. BGP Session with MD5, 802.1Q VLAN, Route-Map, Prefix List, IPsec encrypted GRE Tunnel
  • B. IPsec Parameters, Pre-Shared key, Peer IP Address, BGP Session with MD5
  • C. 1-Gbps Multi Mode Fiber Interface, 802.1Q VLAN, Peer IP Address, BGP Session with MD5.
  • D. 1-Gbps Single Mode Fiber Interface, 802.1Q VLAN, Peer IP Address, BGP Session with MD5.

Answer: D


NEW QUESTION # 67
A network engineer is managing two AWS Direct Connect connections. Each connection has a public virtual interface configured with a private ASN. The engineer wants to configure active/passive routing between the Direct Connect connections to access Amazon public endpoints. What BGP configuration is required for the on-premises equipment? (Select two.)

  • A. Use AS Prepending to control inbound traffic.
  • B. Use BGP Communities to control outbound traffic.
  • C. Use eBGP multi-hop between loopback interfaces.
  • D. Use Local Pref to control outbound traffic.
  • E. Advertise more specific prefixes over one Direct Connect connection.

Answer: C,E


NEW QUESTION # 68
......

Feel Amazon AWS-Advanced-Networking-Specialty Dumps PDF Will likely be The best Option: https://www.newpassleader.com/Amazon/AWS-Advanced-Networking-Specialty-exam-preparation-materials.html

New 2024 AWS-Advanced-Networking-Specialty Sample Questions Reliable AWS-Advanced-Networking-Specialty Test Engine: https://drive.google.com/open?id=1dM6OQVqebcmWMLtM9X9H9oq5lwnse6Ko

Related Articles

more
Amazon AWS-Advanced-Networking-Specialty Certification Practice Exam