The latest Amazon ANS-C00 dumps by exam2pass helps you pass the ANS-C00 exam for the first time! exam2pass
Latest Update Amazon ANS-C00 VCE Dump and ANS-C00 PDF Dumps, exam2pass ANS-C00 Exam Questions Updated, Answers corrected!
Get the latest exam2pass ANS-C00 dumps with Vce and PDF: https://www.exam2pass.com/aws-certified-advanced-networking-specialty.html (Q&As: 348 dumps)
[Free ANS-C00 PDF] Latest Amazon ANS-C00 Dumps PDF collected by exam2pass Google Drive:
https://drive.google.com/file/d/11gbD1OLisiL-US_zlAa9a0bwyFyqpZHC/
[exam2pass ANS-C00 Youtube] Amazon ANS-C00 Dumps can be viewed on Youtube shared by exam2pass
Latest Amazon ANS-C00 Exam Practice Questions and Answers
QUESTION 1
Your company has just completed a transition to IPv6 and has deployed a website on a server. You were able to
download software on the instance without an issue. This website is deployed using IPv6, but the public is not able to
access it. What should you do to fix this problem?
A. Add an internet gateway for the instance.
B. Add an egress-only internet gateway.
C. Add an inbound rule to your security group that allows inbound traffic on port 80 for ::/0.
D. Add an inbound rule to your security group that allows inbound traffic on port 80 for 0.0.0.0/0.
Correct Answer: C
Your instance can reach the internet if it was able to download sofftware, so an IGW is not needed. 0.0.0.0/0 is for IPv4.
QUESTION 2
You can use the ____ command of the AWS Config service CLI to see the compliance state of each of your rules.
A. get-compliance-details-by-resource
B. describe-compliance-by-config-rule
C. get-compliance-details-by-config-rule
D. describe-compliance-by-resource
Correct Answer: B
You can use the describe-compliance-by-config-rule command of the AWS Config CLI to see the compliance state of
each of your rules. For each rule that has a compliance type of NON_COMPLIANT, AWS Config returns the number of
noncompliant resources for the CappedCount parameter.
Reference: http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_view-compliance.html
QUESTION 3
You need to set up an Amazon Elastic Compute Cloud (EC2) instance for an application that requires the lowest latency
and the highest packet-per-second network performance. The application will talk to other servers in a peered VPC.
Which two of the following components should be part of the design? (Choose two.)
A. Select an instance with support for single root I/O virtualization.
B. Select an instance that has support for multiple ENAs.
C. Ensure that the instance supports jumbo frames and set 9001 MTU.
D. Select an instance with Amazon Elastic Block Store (EBS)-optimization.
E. Ensure that proper OS drivers are installed.
Correct Answer: AB
References: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html
QUESTION 4
What is the minimum number of subnets for an RDS subnet group?
A. 3
B. 4
C. 1
D. 2
Correct Answer: D
This allows for high availability and failover in case an RDS instance goes down.
QUESTION 5
You need to set up a VPN between AWS VPC and your on-premises network. You create a VPN connection in the
AWS Management Console, download the configuration file and install it on your on-premises router. The tunnel is not
coming up because of firewall restrictions on your router. Which two network traffic options should you allow through the
firewall? (Choose two.)
A. UDP port 500
B. IP protocol 50
C. IP protocol 5
D. TCP port 50
E. TCP port 500
Correct Answer: AB
References: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_VPN.html
QUESTION 6
You wish to access all European regions using your Direct Connect connection. How should you accomplish this?
A. Peer VPCs in the different regions and connect DX to one of the regions to communicate with the other.
B. Use a DX Gateway.
C. Find the prefix-list for the other region and add it to your route table.
D. One DX connection will connect you to all regions.
Correct Answer: B
The DX Gateway will allow access to multiple regions.
QUESTION 7
You can use the ____ command of the AWS Config service CLI to see the compliance state of each resource that AWS
Config evaluates for a specific rule.
A. describe-compliance-by-resource
B. describe-compliance-by-config-rule
C. get-compliance-details-by-config-rule
D. get-compliance-details-by-resource
Correct Answer: C
You can use the get-compliance-details-by-config-rule command of the AWS Config CLI to see the compliance state of
each resource that AWS Config evaluates for a specific rule. Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_view-compliance.html
QUESTION 8
You need to find the public IP address of an instance that you\\’re logged in to. What command would you use?
A. curl ftp://169.254.169.254/latest/meta-data/public-ipv4
B. scp localhost/latest/meta-data/public-ipv4
C. curl http://127.0.0.1/latest/meta-data/public-ipv4
D. curl http://169.254.169.254/latest/meta-data/public-ipv4
Correct Answer: D
curl http://169.254.169.254/latest/meta-data/public-ipv4
QUESTION 9
Which port range must be allowed through an NACL to ensure all return traffic is successful?
A. 1024 – 65,535
B. 22
C. 65,000 – 65,535
D. 80 – 443
Correct Answer: A
1024 – 65,535 is the full “ephemeral port” range.
QUESTION 10
Which of these metrics cannot help detect a DDoS?
A. EC2 CPUUtilization
B. ELB SurgeQueueLength
C. EMR EMRspersecond
D. CloudFront Requests
Correct Answer: C
EMR EMRspersecond doesn\\’t exist.
QUESTION 11
You have just configured an Elastic Load Balancer. Assuming all settings are configured properly, how long will it
take an instance to become healthy with a 6-second HealthCheck Interval, an unhealthy threshold of 5, and a healthy
the threshold of 10?
A. 120 seconds
B. 30 seconds
C. 6 seconds
D. 60 seconds
Correct Answer: D
60 seconds. 10 health check successes with 6-second intervals.
QUESTION 12
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has
deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of
all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a
private VIF.
What additional configuration is required to enable the applications in VPCs to communicate with each other and access
on-premises resources?
A. Configure each application VPC with a static route entry pointing the on-premises CIDR block to the software VPN
instances.
B. Configure the central VPC with a static route entry pointing the on-premises CIDR block to local VGWs.
C. Advertise all application VPC CIDR blocks to on-premises resources via the VGW in the central VPC.
D. Configure IPSec tunnels from the on-premises router into the software VPN instances with dynamic routing.
Correct Answer: B
QUESTION 13
An organization with a growing e-commerce presence uses the AWS CloudHSM to offload the SSL/TLS processing of
its web server fleet. The company leverages Amazon EC2 Auto Scaling for web servers to handle the growth. What
the architectural approach is optimal to scale the encryption operation?
A. Use multiple CloudHSM instances, and load balances them using a Network Load Balancer.
B. Use multiple CloudHSM instances to the cluster; request to it will automatically load balance.
C. Enable Auto Scaling on the CloudHSM instance, with a similar configuration to the web tier Auto Scaling group.
D. Use multiple CloudHSM instances, and load balances them using an Application Load Balancer.
Correct Answer: A
latest updated Amazon ANS-C00 exam questions from the exam2pass ANS-C00 dumps! 100% pass the ANS-C00 exam!
Download exam2pass ANS-C00 VCE and PDF dumps: https://www.exam2pass.com/aws-certified-advanced-networking-specialty.html (Q&As: 348 dumps)
Get free Amazon ANS-C00 dumps PDF online: https://drive.google.com/file/d/11gbD1OLisiL-US_zlAa9a0bwyFyqpZHC/