AWS Certified Advanced Networking Specialty (ANS-C00) Exam (AWS-Advanced-Networking-Specialty) Free Practice Test

Question 1

A company wants to migrate its workloads to the AWS Cloud. The company has two web applications and wants to run them in separate, isolated VPCs. The company needs to use Elastic Load Balancing to distribute requests between application instances.
For security reasons, internet gateways must not be attached to the application VPCs. Inbound HTTP requests to the application must be routed through a centralized VPC. and the application VPCs must not be exposed to any other inbound traffic The application VPCs cannot be allowed to initiate any outbound connections What should a network engineer do to meet these requirements?

A. Run the applications behind private Application Load Balancers (ALBs) in separate VPCs. Create a public Network Load Balancer (NLB) in the centralized VPC. Create target groups for the private IP addresses of the ALBs Configure host-based routing to route application traffic to the corresponding target group through the NLB.

B. Run the applications behind private Network Load Balancers (NLBs) in separate VPCs. Create VPC peering connections between the application VPCs and the centralized VPC. Create a public Application Load Balancer (ALB) in the centralized VPC. Create target groups for the private DNS names of the NLBs. Configure host-based routing to route application traffic between individual applications though the ALB.

C. Run the applications behind private Network Load Balancers (NLBs) in

D. Run the applications behind private Application Load Balancers (ALBs) in separate VPCs. Create a public Network Load Balancer (NLB) in the centralized VPC. Create target groups for the private DNS names of the ALBs Configure host-based routing to route application traffic to the corresponding target group through the NLB.

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

A company has an application running in an Amazon VPC that must be able to communicate with on-premises resources in a data center. Network traffic between AWS and the data center will initially be minimal, but will increase to more than 10 Gbps over the next few months. The company's goal is to launch the application as quickly as possible.
The Network Engineer has been asked to design a hybrid IT connectivity solution.
What should be done to meet these requirements?

A. Allocate elastic IPs to Amazon EC2 instances for temporary access to on-premises resources, then provision AWS VPN connections between an Amazon VPC and the data center.

B. Provision a 100 Mbps AWS Direct Connect connection between an Amazon VPC and the data center, then submit a Direct Connect connection request. Later, cut over from the hosted connection to one or more Direct Connect connections, as needed.

C. Provision an AWS VPN connection between an Amazon VPC and the data center, then submit an AWS Direct Connect connection request. Later, cut over from the VPN connection to one or more Direct Connect connections, as needed.

D. Submit a 1 Gbps AWS Direct Connect connection request, then increase the number of Direct Connect connections, as needed.

Correct Answer: C

Question 3

A company uses a newly provisioned 1-Gbps AWS Direct Connect connection to configure a virtual interface for access to Amazon S3 Which configuration values is the network engineer required to provide? (Select TWO.)

A. IP prefixes to advertise

B. Connection speed

C. Direct Connect location

D. VLAN ID

E. Virtual private gateway

Correct Answer: D,E

Question 4

You need to set up an Amazon Elastic Compute Cloud (EC2) instance for an application that requires the lowest latency and the highest packet-per-second network performance. The application will talk to other servers in a peered VPC.
Which two of the following components should be part of the design? (Select two.)

A. Select an instance with support for single root I/O virtualization.

B. Ensure that proper OS drivers are installed.

C. Select an instance that has support for multiple ENIs.

D. Select an instance with Amazon Elastic Block Store (EBS)-optimization.

E. Ensure that the instance supports jumbo frames and set 9001 MTU.

Correct Answer: A,B

Question 5

An organization processes consumer information submitted through its website. The organization's security policy requires that personally identifiable information (PII) elements are specifically encrypted at all times and as soon as feasible when received. The front-end Amazon EC2 instances should not have access to decrypted PII. A single service within the production VPC must decrypt the PII by leveraging an iAM role.
Which combination of services will support these requirement? (Select two.)

A. Amazon CloudFront using AWS Lambda@Edge

B. AWS Key Management Services

C. Application Load Balancer using HTTPS listeners and targets

D. Customer-managed MySQL with Transparent Data Encryption

E. Amazon Aurora in a private subnet

Correct Answer: A,B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

A VPC is deployed with a 10 0 0.0/16 CIDR block. The engineering team is reviewing DHCP options and there is disagreement about the valid DNS addresses available for the VPC Which addresses are valid IP addresses provided by Amazon for this subnet' (Select TWO.)

A. 10.1.0.2

B. 10.00.2

C. 169.254.169.253

D. 169.254.169.254

E. 8.8.8.8

Correct Answer: B,C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

A company has a VPC in the us-west-1 Region and another VPC in the ap-southeast-2 Region Network engineers set up an AWS Direct Connect connection from their data center to the us-east-1 Region They create a private virtual interface (VIF) that references a Direct Connect gateway, which is then connected to virtual private gateways in both VPCs When the setup is complete, the engineers cannot access resources in us-west-1 from ap-southeast-2 What should the network engineers do to resolve this issued

A. Establish a VPC peering connection between the VPCs in ap-southeast-2 and us-west-2 Add the subnet ranges to the routing tables

B. Add the subnet range for the VPCs in us-west-1 and ap-southeast-2 to the route tables for both VPCs Add the Direct Connect gateway as a target

C. Create static routes in each VPC that point to the destination VPC with the virtual private gateway as the route target

D. Configure the Direct Connect gateway to route traffic between the VPCs in ap-southeast-2 and us-west-2

Correct Answer: A

Question 8

An AWS CloudFormation template is being used to create a VPC peering connection between two existing operational VPCs, each belonging to a different AWS account. All necessary components in the 'Remote' (receiving) account are already in place.
The template below creates the VPC peering connection in the Originating account. It contains these components:
AWSTemplateFormation Version: 2010-09-09
Parameters:
Originating VCId:
Type: String
RemoteVPCId:
Type: String
RemoteVPCAccountId:
Type: String
Resources:
newVPCPeeringConnection:
Type: 'AWS::EC2::VPCPeeringConnection'
Properties:
VpcdId: !Ref OriginatingVPCId
PeerVpcId: !Ref RemoteVPCId
PeerOwnerId: !Ref RemoteVPCAccountId
Which additional AWS CloudFormation components are necessary in the Originating account to create an operational cross-account VPC peering connection with AWS CloudFormation? (Select two.)

A. Resources:NewEC2SecurityGroup:Type: AWS::EC2::SecurityGroup

B. Resources:newVPCPeeringConnection:Type: 'AWS::EC2VPCPeeringConnection'PeerRoleArn: !Ref PeerRoleArn

C. Resources:NetworkInterfaceToRemoteVPC:Type: "AWS::EC2NetworkInterface"

D. Resources:newEC2Route:Type: AWS::EC2::Route

E. Resources:VPCGatewayToRemoteVPC:Type: "AWS::EC2::VPCGatewayAttachment"

Correct Answer: B,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 9

A company uses a single connection to the internet when connecting its on-premises location to AWS. It has selected an AWS Partner Network (APN) Partner to provide a point-to-point circuit for its first-ever 10 Gbps AWS Direct Connect connection.
What steps must be taken to order the cross-connect at the Direct Connect location?

A. Obtain the LOA/CFA from the APN Partner when ordering connectivity. Upload it to the AWS Management Console when creating a new Direct Connect connection. AWS will ensure that the cross-connect is installed.

B. Obtain the LOA/CFA each from the AWS Management Console and the APN Partner. Provide both to the Facility Operator of the Direct Connect location. The Facility Operator will ensure that the cross-connect is installed.

C. Identify the APN Partner in the AWS Management Console when creating the Direct Connect connection. Provide the resulting Connection ID to the APN Partner, who will ensure that the cross-connect is installed.

D. Obtain the LOA/CFA from the AWS Management Console when ordering the Direct Connect connection. Provide it to the APN Partner when ordering connectivity. The Direct Connect partner will ensure that the cross-connect is installed.

Correct Answer: D

Question 10

An organization is replacing a tape backup system with a storage gateway. there is currently no connectivity to AWS. Initial testing is needed.
What connection option should the organization use to get up and running at minimal cost?

A. Set up an AWS VPN connection.

B. Use an internet connection.

C. Provision an AWS Direct Connection private virtual interface.

D. Provision a Direct Connect public virtual interface.

Correct Answer: B

Question 11

An organization will be expanding its current network design. When fully built out, there will be 99 VPCs spread across 11 AWS accounts (9 VPCs per account). There is currently an AWS Direct Connect connection into one account with 9 VPCs, each with a virtual network interface (VIF) per VPC.
Which of the following designs will minimize cost while allowing the organization to expand?

A. Order 10 new Direct Connect connections, one from each of the accounts that will be provisioned. Create private VIFs in each account. Attach one private VIF per VPC.

B. Create hosted private VIFs in the existing account. Connect a private VIF to an AWS Direct Connect gateway in each account. Connect the gateway in each account to the VPCs.

C. Create a public VIF on the Direct Connect connection. Leverage the public VIF to create a VPN connection to each VPC.

D. Create a transit VPC in the existing account that consists of two routers in separate Availability Zones. Connect each VPC to the two routers in the transit VPC by using VPN.

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 12

A company wants to use thin clients running virtual desktops to replace 500 desktop computers used by its call center employees The company is evaluating Amazon Workspaces as a solution A network engineer who is testing with a thin client is unable to conned to Amazon Workspaces After entering credentials the network engineer receives the following error:
"An error occurred while launching your Workspace Please try again"
What should the network engineer do to resolve this issue?

A. Update the company's corporate firewall to allow outbound access to UDP on port 4172 and TCP on port 4172 Open inbound ephemeral ports explicitly to allow return communication

B. Update the inbound rules on the network ACL on the subnets used for Amazon Workspaces to allow UDP on port 4172 and TCP on port 4172

C. Update the company's corporate firewall to allow inbound access to UDP on port 4172 and TCP on port 4172 Open outbound ephemeral ports explicitly to allow return communication

D. Update the inbound rules on the security group assigned to Amazon Workspaces to allow UDP on port 4172 and TCP on port 4172

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 13

You are building an application in AWS that requires Amazon Elastic MapReduce (Amazon EMR). The application needs to resolve hostnames in your internal, on-premises Active Directory domain. You update your DHCP Options Set in the VPC to point to a pair of Active Directory integrated DNS servers running in your VPC.
Which action is required to support a successful Amazon EMR cluster launch?

A. Add a conditional forwarder to the Amazon-provided DNS server.

B. Enable seamless domain join for the Amazon EMR cluster.

C. Configure an Amazon Route 53 private zone for the EMR cluster.

D. Launch an AD connector for the internal domain.

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 14

You are configuring a virtual interface for access to your VPC on a newly provisioned 1-Gbps AWS Direct Connect connection. Which two configuration values do you need to provide? (Select two.)

A. IP prefixes to advertise

B. Public AS number

C. Direct Connect location

D. VLAN ID

E. Virtual private gateway

Correct Answer: D,E

Question 15

A company uses an Application Load Balancer (ALB) to provide access to a multi-tenant web application for 25 customers The company creates a unique hostname for each customer to use to access the application Hostnames use the format customer-name example.com.
Each customer has a dedicated group of Amazon EC2 instances that run their own version of the web application. When a customer visits customer-name example com, the ALB should route the request to the correct group of EC2 instances The company requires a highly available solution that is easy to maintain Which solution meets these requirements at the LOWEST cost?

A. Create one ALB for each customer Configure the listener to route requests to the customer target group Configure an NGINX proxy server to manage connections to each ALB Use Amazon Route 53 to create a CNAME record for each customer-name example com hostname that points to the NGINX proxy server

B. Create one ALB for all customers Create a listener rule that includes an HTTP header condition to match the URL Add a forward action to route the request to the customer target group Use Amazon Route 53 to create an alias record for each customer-name example com hostname that points to the ALB

C. Create one ALB for ail customers Create a listener rule that includes a Host header condition to match the hostname Add a forward action to route the request to the customer target group Use Amazon Route 53 to create an alias record for each customer-name example com hostname that points to the ALB

D. Create one ALB for each customer Configure the listener to route requests to the customer target group Create an Amazon CloudFront distribution Add each ALB to the distribution as a custom origin Use Amazon Route 53 to create an alias for each customer-name example com hostname that points to the CloudFront distribution

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

Amazon AWS Certified Advanced Networking Specialty (ANS-C00) (AWS-Advanced-Networking-Specialty) Free Practice Test