Share Amazon ANS-C00 exam practice questions and answers from exam2pass latest updated ANS-C00 dumps free of charge.
Get the latest uploaded ANS-C00 dumps pdf from google driver online. To get the full Amazon ANS-C00 dumps PDF or dumps
VCE visit: https://www.exam2pass.com/aws-certified-advanced-networking-specialty.html (Q&As: 348). all Amazon ANS-C00 exam questions have been updated, the answer has been corrected!
Make sure your exam questions are real and effective to help you pass your first exam!

[Amazon ANS-C00 Dumps pdf] Latest Amazon ANS-C00 Dumps PDF collected by exam2pass Google Drive:
https://drive.google.com/file/d/1kTs1bNqgoh1cFvHpTQiYZ7RO2IAV1qyD/

[Amazon ANS-C00 Youtube] Amazon ANS-C00 exam questions and answers are shared free of charge from Youtube watching uploads from exam2pass

https://youtube.com/watch?v=IxXsE9aqwe8

Latest Update Amazon ANS-C00 Exam Practice Questions and Answers Online Test

QUESTION 1
The IPsec protocol suite is made up of various components covering aspects such as confidentiality, encryption, and
integrity.
Select the correct statement below regarding the correct configuration options to ensure IPsec confidentiality:
A. The following protocols may be used to configure IPsec confidentiality, DES, 3DES, MD5
B. The following protocols may be used to configure IPsec confidentiality, DES, 3DES, AES
C. The following protocols may be used to configure IPsec confidentiality, PSK, RSA
D. The following protocols may be used to configure IPsec confidentiality, PSK, MD5
E. The following protocols may be used to configure IPsec confidentiality, PSK, RSA
Correct Answer: B
Answer A is incorrect – as MD5 is a hashing protocol (data integrity) Answer C is incorrect – as PSK is short for PreShared Keys (key exchange) – and again MD5 is a hashing protocol (data integrity) Answer D is incorrect – as both MD5
and SHA are hashing protocols (data integrity) Answer E is incorrect – as both PSK and RSA are used for key
exchanges This leaves Answer B is the only correct IPsec configuration covering confidentiality. DES, 3DES, and AES
are all encryption protocols.
Reference: https://en.wikipedia.org/wiki/IPsec

 

QUESTION 2
You have configured a dynamic VPN between your datacenter and your VPC. Your router says the tunnel is up and
BGP is active, but for some reason, you are not seeing your routes propagate. What is most likely the issue?
A. You need to configure the firewall for BGP.
B. Your router does not support BFD.
C. You need to obtain a new BGP MD5 key.
D. You forgot to set route propagation to “yes” in the routeing table.
Correct Answer: D
You forgot to set route propagation to “yes” in the routeing table. If the routeing table says BGP is active and the tunnel is up,
then you do not have a firewall issue. BFD has nothing to do with route propagation. You do not need a BGP MD5 key
for VPN.

 

QUESTION 3
Which of the following physical layer standards is required for connection to AWS Direct Connect over a standard 1
gigabit or 10 gigabit Ethernet fiber-optic cable?
A. Single-mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-ER for 10 gigabit Ethernet
B. Multimode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-ER for 10 gigabit Ethernet
C. Single-mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-LR for 10 gigabit Ethernet
D. Multimode fiber, 1000BASE-SX for 1 gigabit Ethernet, or 10GBASE-SR for 10 gigabit Ethernet
Correct Answer: C
Connections to AWS Direct Connect require single-mode fiber, 1000BASE-LX (1310nm) for 1 gigabit Ethernet, or
10GBASE-LR (1310nm) for 10 gigabit Ethernet. Reference:
http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

 

QUESTION 4
What are two reasons to have multiple IP addresses or interfaces on one server? (Choose two.)
A. You can host multiple SSLs
B. Create management networks
C. Direct Connect connections
D. Teaming multiple NICs for more throughput
Correct Answer: AB
You cannot bind multiple interfaces for faster speeds on AWS

 

QUESTION 5
Your company runs an application for the US market in the us-east-1 AWS region. This application uses proprietary
TCP and UDP protocols on Amazon Elastic Compute Cloud (EC2) instances. End users run a real-time, front-end
application on their local PCs. This front-end application knows the DNS hostname of the service.
You must prepare the system for global expansion. The end users must access the application with the lowest latency.
How should you use AWS services to meet these requirements?
A. Register the IP addresses of the service hosts as “A” records with latency-based routing policy in Amazon Route 53,
and set a Route 53 health check for these hosts.
B. Set the Elastic Load Balancing (ELB) load balancer in front of the hosts of the service, and register the ELB name of
the main service host as an ALIAS record with a latency-based routing policy in Route 53.
C. Set Amazon CloudFront in front of the host of the service, and register the CloudFront name of the main service as
an ALIAS record in Route 53.
D. Set the Amazon API gateway in front of the service, and register the API gateway name of the main service as an
ALIAS record in Route 53.
Correct Answer: B


QUESTION 6
What two items are required for all AWS VPNs? (Choose two.)
A. Virtual Private Gateway
B. ASN
C. A hardware router
D. Customer Gateway
Correct Answer: AD
An ASN is only required for dynamic VPNs and hardware routers are not required.

 

QUESTION 7
A team implements a highly available solution using Amazon AppStream 2.0. The AppStream 2.0 fleet needs to
communicate with resources both in an existing VPC and on-premises. The VPC is connected to the on-premises
environment using an AWS Direct Connect private virtual interface.
What implementation enables on-premises users to connect to AppStream and existing VPC resources?
A. Deploy two subnets into the existing VPC. Add a public virtual interface to the Direct Connect connection for users to
access the AppStream endpoint
B. Deploy two subnets into the existing VPC. Add a private virtual interface on the Direct Connect connection for users
to access the AppStream endpoint.
C. Deploy a new VPC with two subnets. Create a VPC peering connection between the two VPCs for users to access
the AppStream endpoint.
D. Deploy one subnet into the existing VPC. Add a private virtual interface on the Direct Connect connection for users to
access the AppStream endpoint.
Correct Answer: A

 

QUESTION 8
An organization wants to process sensitive information using the Amazon EMR service. The information is stored in onpremises databases. The output of processing will be encrypted using AWS KMS before it is uploaded to a customer-owned Amazon S3 bucket. The current configuration includes a VPS with public and private subnets, with VPN
connectivity to the on-premises network. The security organization does not allow Amazon EC2 instances to run in the
public subnet.
What is the MOST simple and secure architecture that will achieve the organization\\’s goal?
A. Use the existing VPC and configure Amazon EMR in a private subnet with an Amazon S3 endpoint.
B. Use the existing VPS and a NAT gateway and configure Amazon EMR in a private subnet with an Amazon S3
endpoint.
C. Create a new VPS without an IGW and configure the VPN and Amazon EMR in a private subnet with an Amazon S3
endpoint.
D. Create a new VPS without an IGW and configure the VPN and Amazon EMR in a private subnet with an Amazon S3
endpoint and a NAT gateway.
Correct Answer: B

 

QUESTION 9
An organization has three AWS accounts with each containing VPCs in Virginia, Canada, and the Sydney regions. The
organization wants to determine whether all available Elastic IP addresses (EIPs) in these accounts are attached to
Amazon EC2 instances or in use elastic network interfaces (ENIs) in all of the specified regions for compliance and costoptimization purposes.
Which of the following meets the requirements with the LEAST management overhead?
A. Use an Amazon CloudWatch Events rule to schedule an AWS Lambda function in each account in all three regions
to find the unattached and unused EIPs.
B. Use a CloudWatch event bus to schedule Lambda functions in each account in all three regions to find the
unattached and unused EIPs.
C. Add an AWS managed, EIP-attached AWS Config rule in each region in all three accounts to find unattached and
unused EIPs.
D. Use AWS CloudFormation StackSets to deploy an AWS Config EIP-attached rule in all accounts and regions to find
the unattached and unused EIPs.
Correct Answer: C

 

QUESTION 10
Your organization has a newly installed 1-Gbps AWS Direct Connect connection. You order the cross-connect from the
Direct Connect location provider to the port on your router in the same facility. To enable the use of your first virtual
interface, your router must be configured appropriately.
What are the minimum requirements for your router?
A. 1-Gbps Multi-Mode Fiber Interface, 802.1Q VLAN, Peer IP Address, BGP Session with MD5.
B. 1-Gbps Single-Mode Fiber Interface, 802.1Q VLAN, Peer IP Address, BGP Session with MD5.
C. IPsec Parameters, Pre-Shared key, Peer IP Address, BGP Session with MD5
D. BGP Session with MD5, 802.1Q VLAN, Route-Map, Prefix List, IPsec encrypted GRE Tunnel
Correct Answer: B


QUESTION 11
To allow all traffic to access an instance in “Subnet 1” that uses “Security Group 1”, what two options need to be
configured? (Choose two.)
A. NACL rule allowing 0.0.0.0/0 to access “Subnet 1”
B. Security Group rule in “Security Group 1” that allows 0.0.0.0/0 inbound
C. Security Group rule in “Security Group 1” that allows outbound traffic to 0.0.0.0/0
D. NACL rule allowing 0.0.0.0/0 to access “Security Group 1”
Correct Answer: AB
You must allow traffic through the NaCl and through the Security Group to access the instance. If there is not an
Outbound allows setup in the NaCl, you may need to set that, but an outbound rule for Security Group 1 is not
necessary as security groups are stateful.

 

QUESTION 12
Your company just deployed a WAF to protect its resources. You need to create a baseline before you start blocking
traffic. How will you achieve this?
A. Set the WAF to Monitor mode.
B. Set the WAF to its defaults and let it do its job.
C. Setup a Lambda function to monitor Flow Logs and analyze the traffic using Elasticsearch.
D. A WAF is default deny and does not allow this. You need to use an IDS instead.
Correct Answer: A
Monitor mode is the only good choice.

 

QUESTION 13
What are two routing methods used by Route 53? (Choose two.)
A. RIP
B. Failover
C. Latency
D. AS_PATH
Correct Answer: BC
RIP is used for network routing and AS_PATH is used for BGP path manipulation.


For the full Amazon ANS-C00 exam dumps from exam2pass ANS-C00 Dumps pdf or Dumps VCE visit: https://www.exam2pass.com/aws-certified-advanced-networking-specialty.html (Q&As: 348 dumps)

ps.
Get free Amazon ANS-C00 dumps PDF online: https://drive.google.com/file/d/1kTs1bNqgoh1cFvHpTQiYZ7RO2IAV1qyD/

Related Posts