• Home
  • Articles
  • AWS-Advanced-Networking-Specialty Free Certification Exam Material from NewPassLeader with 155 Questions [Q17-Q39]

AWS-Advanced-Networking-Specialty Free Certification Exam Material from NewPassLeader with 155 Questions [Q17-Q39]

Share

AWS-Advanced-Networking-Specialty Free Certification Exam Material from NewPassLeader with 155 Questions

Use Real AWS-Advanced-Networking-Specialty - 100% Cover Real Exam Questions 

NEW QUESTION 17
Which statement is NOT true about accessing remote AWS region in the US by your AWS Direct Connect which is located in the US?

  • A. Any data transfer out of a remote region is billed at the location of your AWS Direct Connect data transfer rate.
  • B. To access public resources in a remote region, you must set up a public virtual interface and establish a border gateway protocol (BGP) session.
  • C. To connect to a VPC in a remote region, you can use a virtual private network (VPN) connection over your public virtual interface.
  • D. If you have a public virtual interface and established a BGP session to it, your router learns the routes of the other AWS regions in the US.

Answer: A

Explanation:
AWS Direct Connect locations in the United States can access public resources in any US region.
You can use a single AWS Direct Connect connection to build multi-region services. To connect to a VPC in a remote region, you can use a virtual private network (VPN) connection over your public virtual interface.
To access public resources in a remote region, you must set up a public virtual interface and establish a border gateway protocol (BGP) session. Then your router learns the routes of the other AWS regions in the US. You can then also establish a VPN connection to your VPC in the remote region.
Any data transfer out of a remote region is billed at the remote region data transfer rate.
Reference:
http://docs.aws.amazon.com/directconnect/latest/UserGuide/remote_regions.html

 

NEW QUESTION 18
What is the name of the label applied to packets to allow routers to know where to forward in an MPLS network?
Choose the correct answer:

  • A. FEC
  • B. BFD
  • C. ABC
  • D. BGP

Answer: A

Explanation:
Forward Equivalency Class is how routers know where to send packets.

 

NEW QUESTION 19
A company is about to migrate an application from its on-premises data center to AWS. As part of the planning process, the following requirements involving DNS have been identified.
The organization's VPC uses the CIDR block 172.16.0.0/16.
Assuming that there is no DNS namespace overlap, how can these requirements be met?

  • A. Change the DHCP options set for the VPC to use both the on-premises DNS systems. Configure the on-premises DNS systems with a stub-zone, delegating the Route 53 private hosted zone's name servers as authoritative for the Route 53 private hosted zone.
  • B. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to the Amazon-provided DNS server (172.16.0.2). Change the DHCP options set for the VPC to use the new DNS proxies. Configure the on-premises DNS systems with a stub-zone, delegating the proxies as authoritative for the Route 53 private hosted zone.
  • C. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to 172.16.0.2. Change the DHCP options set for the VPC to use the new DNS proxies.
    Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.
  • D. Change the DHCP options set for the VPC to use both the Amazon-provided DNS server and the on-premises DNS systems. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.

Answer: B

 

NEW QUESTION 20
Considering the rules of IPv4 subnetting, how many subnets and hosts per subnet are possible given the following network 192.168.130.130/28? (in this question ignore the fact that AWS reserves 5 IP addresses)

  • A. 32 subnets and 30 hosts per subnet
  • B. 8 subnets and 14 hosts per subnet
  • C. 16 subnets and 14 hosts per subnet
  • D. 8 subnets and 30 hosts per subnet

Answer: C

Explanation:
16 subnets and 14 hosts per subnet are possible in the CIDR
Reference: https://en.wikipedia.org/wiki/IPv4_subnetting_reference

 

NEW QUESTION 21
You have just deployed a website that utilizes CloudFront, ELB, and S3 to serve content. When users access your site, they are seeing broken image links. What is most likely the problem?
Choose the correct answer:

  • A. There is no rule in your bucket policy allowing public access.
  • B. There is no record in Route 53 pointing cdn.yourdomain.com to the CloudFront ALIAS.
  • C. You need to create Origin Access Identity for CloudFront and add it to your bucket policy.
  • D. The images in S3 are saved as .png instead of .jpg.

Answer: C

Explanation:
You must have an OAI if the bucket policy does not allow public access, which is bad practice.

 

NEW QUESTION 22
The Web Application Development team is worried about malicious activity from 200 random IP addresses.
Which action will ensure security and scalability from this type of threat?

  • A. Use inbound security group rules to block the IP addresses.
  • B. Use inbound network ACL rules to block the IP addresses.
  • C. Write iptables rules on the instance to block the IP addresses.
  • D. Use AWS WAF to block the IP addresses.

Answer: B

 

NEW QUESTION 23
A computing team is evaluating whether to place a high performance computing (HPC) application in AWS. The team is concerned about application performance and wants to know what options are available to increase networking performance.
Which of the following changes would increase performance for this application? (Choose two.)

  • A. Enable an MTU of 9001 in the application's operating system.
  • B. Place the application across many smaller instances to achieve higher total throughput.
  • C. Enable enhanced networking on the instances.
  • D. Deploy the application in two Availability Zones and insert them in one placement group.
  • E. Increase the MTU of the VPC to 9001.

Answer: C,E

 

NEW QUESTION 24
You are configuring a virtual interface for access to your VPC on a newly provisioned 1-Gbps AWS Direct Connect connection. Which two configuration values do you need to provide? (Select two.)

  • A. VLAN ID
  • B. Direct Connect location
  • C. Virtual private gateway
  • D. Public AS number
  • E. IP prefixes to advertise

Answer: A,C

Explanation:
Explanation
References: https://aws.amazon.com/directconnect/faqs/

 

NEW QUESTION 25
An organization with a growing e-commerce presence uses the AWS CloudHSM to offload the SSL/TLS processing of its web server fleet. The company leverages Amazon EC2 Auto Scaling for web servers to handle the growth. What architectural approach is optimal to scale the encryption operation?

  • A. Use multiple CloudHSM instances, and load balance them using a Network Load Balancer.
  • B. Enable Auto Scaling on the CloudHSM instance, with similar configuration to the web tier Auto Scaling group.
  • C. Use multiple CloudHSM instances, and load balance them using an Application Load Balancer.
  • D. Use multiple CloudHSM instances to the cluster;request to it will automatically load balance.

Answer: D

Explanation:
https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html#cluster-high-availability-load-balancing

 

NEW QUESTION 26
A legacy, on-premises web application cannot be load balances effectively. There are both planned and unplanned events that cause usage spikes to millions of concurrent users. The existing infrastructure cannot handle the usage spikes. The CIO has mandated that the application be moved to the cloud to avoid further disruptions, with the additional requirement that source IP addresses be unaltered to support network traffic monitoring needs. Which of the following designs will meet these requirements?

  • A. Use an Auto Scaling group of EC2 instances in a target group behind a Network Load Balancer.
  • B. Use an Auto Scaling group of Amazon EC2 instances behind a Classic Load Balancer.
  • C. Use an Auto Scaling group of EC2 instances in a target group behind a Classic Load Balancer.
  • D. Use an Auto Scaling group of EC2 instances in a target group behind an Application Load Balancer.

Answer: A

 

NEW QUESTION 27
You want to send a broadcast message to your 10.0.0.0/24 subnet, which one of these addresses should you use?
Choose the correct answer:

  • A. 10.0.0.2
  • B. 10.0.0.1
  • C. 10.0.0.255
  • D. You cannot send a broadcast in an AWS VPC.

Answer: D

Explanation:
You cannot send a broadcast in an AWS VPC, but the address is still reserved.

 

NEW QUESTION 28
An organization launched an IPv6-only web portal to support IPv6-native mobile clients. Front- end instances launch in an Amazon VPC associated with an appropriate IPv6 CIDR. The VPC IPv4 CIDR is fully utilized. A single subnet exists in each of two Availability Zones with appropriately configured IPv6 CIDR associations. Auto Scaling is properly configured, and no Elastic Load Balancing is used.
Customers say the service is unavailable during peak load times. The network engineer attempts to launch an instance manually and receives the following message: "There are not enough free addresses in subnet `subnet-12345677' to satisfy the requested number of instances." What action will resolve the availability problem?

  • A. Create a new subnet using a VPC secondary IPv6 CIDR, and associate an IPv6 CIDR. Include the new subnet in the Auto Scaling group.
  • B. Add a secondary IPv4 CIDR to the Amazon VPC. Assign secondary IPv4 address space to each of the existing subnets.
  • C. Create a new subnet using a VPC secondary IPv4 CIDR, and associate an IPv6 CIDR. Include the new subnet in the Auto Scaling group.
  • D. Resize the IPv6 CIDR on each of the existing subnets. Modify the Auto Scaling group maximum number of instances.

Answer: C

 

NEW QUESTION 29
Which statement about Elastic IP addresses is incorrect? Choose the correct answer:

  • A. Additional EIPs associated with one instance incur a charge.
  • B. Once you associate an EIP with an instance, the original public IP is released.
  • C. Disassociated EIPs incur a charge.
  • D. Once an EIP is associated with an instance, you must manually change the hostname if you want it to match.

Answer: D

Explanation:
The hostname automatically changes to match the new EIP.

 

NEW QUESTION 30
Your company wishes to improve the performance of its EC2 instances. They require low latency and high throughput. They are currently deployed on T2.medium. It is imperative that you experience as little downtime as possible, but cost and performance are most important. How should you accomplish this?
Choose the correct answer:

  • A. Add an extra ENI to the instances and team them to provide greater throughput.
  • B. Stop the instances and restart them in a placement group.
  • C. Create AMIs from the instances, create new instances on t2.medium, and start those instances in a placement group.
  • D. Create AMIs from the instances, deploy the instances as i3.large, and start those instances in a placement group.

Answer: D

Explanation:
T2. medium is not compatible with placement groups. You cannot team ENIs to add more throughput on AWS.

 

NEW QUESTION 31
You ping an Amazon Elastic Compute Cloud (EC2) instance from an on-premises server. VPC Flow Logs record the following:
2 123456789010 eni-1235b8ca 10.123.234.78 172.11.22.33 0 0 1 8 672 1432917027
1432917142 ACCEPT OK
2 123456789010 eni-1235b8ca 172.11.22.33 10.123.234.78 0 0 1 4 336 1432917027
1432917082 ACCEPT OK
2 123456789010 eni-1235b8ca 172.11.22.33 10.123.234.78 0 0 1 4 336 1432917094
1432917142 REJECT OK
Why are ICMP responses not received by the on-premises system?

  • A. The outbound security group is blocking the traffic.
  • B. The outbound network access control list is blocking the traffic
  • C. The inbound network access control list is blocking the traffic
  • D. The inbound security group is blocking the traffic.

Answer: A

 

NEW QUESTION 32
A company wants to enforce a compliance requirement that its Amazon EC2 instances use only on-premises DNS servers tor name resolution Outbound DNS requests lo all other name servers must be denied. A network engineer configures the following set of outbound rules for a security group.

The network engineer discovers that the EC2 instances are still able to resolve DNS requests by using Amazon DNS servers inside the VPC Why is the solution tailing to meet the compliance requirement9

  • A. The security group cannot filter outbound traffic to destinations within the same VPC
  • B. The security group cannot filter outbound traffic to the Amazon DNS servers
  • C. The security group must have inbound rules to prevent DNS requests from coming back to EC2 instances.
  • D. The EC2 instances are using the HTTPS port to send DNS queries to Amazon DNS servers

Answer: B

 

NEW QUESTION 33
You would like to ensure that all Amazon S3 buckets going forward, current and newly created ones, have logging enabled. What type of trigger(s) should you use?

  • A. only a transitioning trigger
  • B. only a periodic trigger
  • C. only a configuration change trigger
  • D. both configuration change and periodic triggers

Answer: C

Explanation:
This case requires only a configuration change trigger because you only need to trigger when S3 buckets are created and changed. There is no time component to when the trigger needs to fire.
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config-rules.html

 

NEW QUESTION 34
With respect to Amazon CloudFront, which one of the following statements is correct?

  • A. For both HTTP and HTTPS web distributions, you can choose to forward cookies to your origin.
  • B. For Real Time Messaging Protocol (RTMP) distributions, you can configure CloudFront to process cookies.
  • C. For HTTP web distributions, you cannot forward cookies to your origin.
  • D. For HTTPS web distributions, you cannot forward cookies to your origin.

Answer: A

Explanation:
With respect to Amazon CloudFront, for HTTP and HTTPS web distributions, you can choose whether you want CloudFront to forward cookies to your origin. For RTMP distributions, you cannot configure CloudFront to process cookies.
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html

 

NEW QUESTION 35
A company uses AWS Direct Connect lo connect its corporate network to multiple VPCs in the same AWS account and the same AVVS Region Each VPC uses its own private VIF and its own virtual LAN on the Direct Connect connection The company has grown and will soon surpass the limit of VPCs and private VIFs for each connection What is the MOST scalable way to add VPCs with on-premises connectivity?

  • A. Provision a new Direct Connect connection to handle the additional VPCs Use the new connection to connect additional VPCs.
  • B. Create a Direct Connect gateway, and add virtual private gateway associations to the VPCs. Configure a private VIF to connect to the corporate network
  • C. Create virtual private gateways for each VPC that is over the service quota Use AWS Site-to-Site VPN to connect the virtual private gateways to the corporate network
  • D. Create a transit gateway and attach the VPCs Create a Direct Connect gateway, and associate it with the transit gateway Create a transit VIF to the Direct Connect gateway

Answer: D

 

NEW QUESTION 36
Your company has a high-availability hybrid solution that utilizes a two Direct Connect connections and a backup VPN connection. For some reason, traffic is preferring the VPN connection instead of the direct connection. You have prepended a longer AS_PATH on the VPN connection, but AWS still prefers it over the Direct Connect connections. What might you be able to do to fix this issue?
Choose the correct answer:

  • A. Advertise a less specific prefix on the VPN.
  • B. Reconfigure the VPN as a static VPN instead of dynamic.
  • C. Remove the prepended AS_PATH.
  • D. Increase the MED on the VPN.

Answer: A

Explanation:
The only reason a VPN would be preferred over Direct Connect is if it has a more specific prefix.
This was not discussed in the question but is assumed since it is the only criteria in the path selection process that supersedes Direct Connect.

 

NEW QUESTION 37
Your company maintains an Amazon Route 53 private hosted zone. DNS resolution is restricted to a single, pre-existing VPC. For a new application deployment, you create an additional VPC in the same AWS account. Both this new VPC and your on-premises DNS infrastructure must resolve records in the existing private hosted zone.
Which two activities are required to enable DNS resolution both within the new VPC and from the on-premises infrastructure? (Select two.)

  • A. Update the DHCP options set for the new VPC with the Route 53 nameserver IP addresses.
  • B. Update the on-premises DNS to include forwarders to the Route 53 nameserver IP addresses.
  • C. Launch Amazon EC2-based DNS proxies in the new VPC. Specify the proxies in the DHCP options set.
  • D. Launch Amazon EC2-based DNS proxies in the new VPC. Specify the proxies as forwarders in the on-premises DNS.
  • E. Update the Route 53 private hosted zone's VPC associations to include the new VPC.

Answer: B,E

 

NEW QUESTION 38
A company has an AWS Direct Connect connection between its on-premises data center and Amazon VPC.
An application running on an Amazon EC2 instance in the VPC needs to access confidential data stored in the on-premises data center with consistent performance For compliance purposes, data encryption is required.
What should the network engineer do to meet these requirements?

  • A. Configure a public virtual interface on the Direct Connect connection. Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.
  • B. Configure an internet gateway in the VPC Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.
  • C. Configure an internet gateway in the VPC Set up a software VPN between the customer gateway and an EC2 instance in the VPC.
  • D. Configure a private virtual interface on the Direct Connect connection. Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.

Answer: B

 

NEW QUESTION 39
......

Dumps Brief Outline Of The AWS-Advanced-Networking-Specialty Exam: https://www.newpassleader.com/Amazon/AWS-Advanced-Networking-Specialty-exam-preparation-materials.html

AWS-Advanced-Networking-Specialty Training & Certification Get Latest AWS Certified Advanced Networking Specialty : https://drive.google.com/open?id=1dM6OQVqebcmWMLtM9X9H9oq5lwnse6Ko

Related Articles

more
Amazon AWS-Advanced-Networking-Specialty Certification Practice Exam