Latest ANS-C01 Actual Free Exam Updated 221 Questions Online Questions - Valid Practice ANS-C01 Exam Dumps Test Questions Amazon ANS-C01 (AWS Certified Advanced Networking Specialty) exam is designed for IT professionals who have advanced knowledge and skills in networking on the AWS (Amazon Web Services) platform. AWS Certified Advanced Networking Specialty Exam certification validates the candidate's [...]

All Products Contact now

Latest ANS-C01 Actual Free Exam Updated 221 Questions [Q105-Q123]

Share

Latest ANS-C01 Actual Free Exam Updated 221 Questions

Online Questions - Valid Practice ANS-C01 Exam Dumps Test Questions


Amazon ANS-C01 (AWS Certified Advanced Networking Specialty) exam is designed for IT professionals who have advanced knowledge and skills in networking on the AWS (Amazon Web Services) platform. AWS Certified Advanced Networking Specialty Exam certification validates the candidate's expertise in designing and implementing complex networking solutions using AWS services and tools. With the ever-increasing demand for cloud computing and networking professionals, obtaining the ANS-C01 certification can enhance your career prospects and open up new opportunities.


Amazon ANS-C01 (AWS Certified Advanced Networking Specialty) Exam is a certification exam designed for individuals who are interested in advancing their skills and knowledge in networking with Amazon Web Services (AWS). ANS-C01 exam focuses on advanced networking concepts and skills required to design and deploy AWS networking solutions. It is one of the most in-demand certifications in the IT industry and is highly valued by employers who are looking for professionals with advanced networking skills.


Amazon ANS-C01 certification is a valuable credential for IT professionals who want to demonstrate their expertise in advanced networking on AWS. By achieving this certification, candidates can demonstrate their knowledge and skills to potential employers, and advance their careers in the rapidly growing field of cloud computing.

 

NEW QUESTION # 105
A company installed an AWS Site-to-Site VPN and configured it to use two tunnels. The company has learned that the VPN connectivity is unstable. During a ping test from the on-premises data center to AWS,a network engineer notices that the first few ICMP replies time out but that subsequent requests are successful.
The AWS Management Console shows that the status for both tunnels last changed at the same time the ping responses were successfully received. Which steps should the network engineer take to resolve the instability?
(Choose two.)
Response:

  • A. Use AS PATH prepending on one path to cause all traffic to prefer that tunnel
  • B. Use a higher multi-exit discriminator (MED) value on the preferred path to prefer that tunnel
  • C. Enable dead peer detection (DPD) on the customer gateway device
  • D. Change the tunnel configuration to active/standby on the virtual private gateway
  • E. Send ICMP requests to an instance in the VPC every 5 seconds from the on-premises network

Answer: A,B


NEW QUESTION # 106
A media company that is based in Los Angeles, California, closed all of its on-premises data centers due to rising costs and inconsistent utilization. The company has deployed its video editing applications on Amazon EC2 instances in the AWS Cloud.
The company has deployed to the us-west-1 Region and uses the internet for delivery of the applications. Users are reporting high latency from Los Angeles to us-west-1.
The company needs to reduce the latency to the EC2 instances while continuing to use the internet for delivery. Which solution meets these requirements?
Response:

  • A. Enable a Los Angeles-based AWS Local Zone. Continue to run the EC2 instances in us-west-1.
  • B. Order and deploy an AWS Direct Connect public VIF to us-west-2.
  • C. Enable a Los Angeles-based AWS Local Zone. Redeploy the EC2 instances in the Local Zone.
  • D. Order and deploy an AWS Direct Connect private VIF to us-west-1

Answer: D


NEW QUESTION # 107
Your company runs an application for the US market in the us-east-1 AWS region. This application uses proprietary TCP and UDP protocols on Amazon Elastic Compute Cloud (EC2) instances.
End users run a real-time, front-end application on their local PCs. This front-end application knows the DNS hostname of the service. You must prepare the system for global expansion. The end users must access the application with lowest latency.
How should you use AWS services to meet these requirements?
Response:

  • A. Register the IP addresses of the service hosts as "A" records with latency-based routing policy in Amazon Route 53, and set a Route 53 health check for these hosts.
  • B. Set Amazon CloudFront in front of the host of the service, and register the CloudFront name of the main service as an ALIAS record in Route 53.
  • C. Set the Elastic Load Balancing (ELB) load balancer in front of the hosts of the service, and register the ELB name of the main service host as an ALIAS record with a latency-based routing policy in Route 53.
  • D. Set the Amazon API gateway in front of the service, and register the API gateway name of the main service as an ALIAS record in Route 53.

Answer: A


NEW QUESTION # 108
Which service is used by default to store the CloudTrail log files?
Note: Answers to this question are not verified by our experts, please study yourself and select the appropriate answers.
Contribute: Please send the correct answers with reference text/link on [email protected] to get up to 50% cashback.
Response:

  • A. Redshift
  • B. Glacier
  • C. Simple Storage Service (S3)
  • D. Elastic Block Store (EBS)

Answer: C


NEW QUESTION # 109
A company's network engineer is designing an active-passive connection to AWS from two on-premises data centers. The company has set up AWS Direct Connect connections between the on-premises data centers and AWS. From each location, the company is using a transit VIF that connects to a Direct Connect gateway that is associated with a transit gateway.
The network engineer must ensure that traffic from AWS to the data centers is routed first to the primary data center. The traffic should be routed to the failover data center only in the case of an outage.
Which solution will meet these requirements?

  • A. Set the BGP community tag for all prefixes from the primary data center to 7224:7100. Set the BGP community tag for all prefixes from the failover data center to 7224:7300
  • B. Set the BGP community tag for all prefixes from the primary data center to 7224:9300. Set the BGP community tag for all prefixes from the failover data center to 7224:9100
  • C. Set the BGP community tag for all prefixes from the primary data center to 7224:9100. Set the BGP community tag for all prefixes from the failover data center to 7224:9300
  • D. Set the BGP community tag for all prefixes from the primary data center to 7224:7300. Set the BGP community tag for all prefixes from the failover data center to 7224:7100

Answer: D


NEW QUESTION # 110
A company recently migrated its Amazon EC2 instances to VPC private subnets to satisfy a security compliance requirement. The EC2 instances now use a NAT gateway for internet access. After the migration, some long-running database queries from private EC2 instances to a publicly accessible third-party database no longer receive responses. The database query logs reveal that the queries successfully completed after 7 minutes but that the client EC2 instances never received the response. Which configuration change should a network engineer implement to resolve this issue?

  • A. Close idle TCP connections through the NAT gateway.
  • B. Configure the NAT gateway timeout to allow connections for up to 600 seconds.
  • C. Enable TCP keepalive on the client EC2 instances with a value of less than 300 seconds.
  • D. Enable enhanced networking on the client EC2 instances.

Answer: C

Explanation:
When a TCP connection is idle for a long time, it may be terminated by network devices, including the NAT gateway. By enabling TCP keepalive, the client EC2 instances can periodically send packets to the third-party database to indicate that the connection is still active, preventing it from being terminated prematurely.


NEW QUESTION # 111
AWS Config flags a resource as ____ if a resource violates any conditions of an AWS Config rule that it evaluates on the resource in question.
Response:

  • A. misconfigured
  • B. noncompliant
  • C. invalid
  • D. corrupted

Answer: B


NEW QUESTION # 112
You want to send a broadcast message to your 10.0.0.0/24 subnet, which one of these addresses should you use?
Response:

  • A. 10.0.0.2
  • B. 10.0.0.1
  • C. 10.0.0.255
  • D. You cannot send a broadcast in an AWS VPC.

Answer: D


NEW QUESTION # 113
You currently use a single security group assigned to all nodes in a clustered NoSQL database. Only your cluster members in one region must be able to connect to each other.
This security group uses a self-referencing rule using the cluster security group's group-id to make it easier to add or remove nodes from the cluster.
You need to make this database comply with out-of-region disaster recovery requirements and ensure that the network traffic between the nodes is encrypted when travelling between regions.
How should you enable secure cluster communication while deploying additional cluster members in another AWS region?
Response:

  • A. Use public IP addresses and TLS to securely communicate between cluster nodes in each AWS region, and create cluster security group rules that reference each other's security group-id in each region.
  • B. Create an IPsec VPN between AWS regions, use private IP addresses to route traffic, and create cluster security group CIDR-based rules that correspond with the VPC CIDR in the other region.
  • C. Use public IP addresses and TLS to securely communicate between cluster nodes in each AWS region, and create cluster security group CIDR-based rules that correspond with the VPC CIDR in the other region.
  • D. Create an IPsec VPN between AWS regions, use private IP addresses to route traffic, and create cluster security group rules that reference each other's security group-id in each region.

Answer: B


NEW QUESTION # 114
A company has an application that runs on a fleet of Amazon EC2 instances. A new company regulation mandates that all network traffic to and from the EC2 instances must be sent to a centralized third-party EC2 appliance for content inspection.
Which solution will meet these requirements?

  • A. Create a third-party EC2 appliance in an Auto Scaling group fronted by a Network Load Balancer (NLB). Configure a mirror session. Specify the NLB as the mirror target. Specify a mirror filter to capture inbound and outbound traffic. For the source of the mirror session, specify the EC2 elastic network interfaces for all the instances that host the application.
  • B. Configure VPC flow logs on each EC2 network interface. Send the logs to Amazon CloudWatch.Create a third-party EC2 appliance. Configure a CloudWatch filter to send the flow logs to Amazon Kinesis Data Firehose to load the logs into the appliance.
  • C. Configure a mirror session. Specify an Amazon Kinesis Data Firehose delivery stream as the mirror target. Specify a mirror filter to capture inbound and outbound traffic. For the source of the mirror session, specify the EC2 elastic network interfaces for all the instances that host the application. Create a third-party EC2 appliance. Send all traffic to the appliance through the Kinesis Data Firehose delivery stream for content inspection.
  • D. Configure VPC flow logs on each EC2 network interface. Publish the flow logs to an Amazon S3 bucket. Create a third-party EC2 appliance to acquire flow logs from the S3 bucket. Log in to the appliance to monitor network content.

Answer: A

Explanation:
You can use the following resources as traffic mirror targets:
- Network interfaces of type interface
- Network Load Balancers
- Gateway Load Balancer endpoints
https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-targets.html


NEW QUESTION # 115
A company has hundreds of Amazon EC2 instances that are running in two production VPCs across all Availability Zones in the us-east-1 Region. The production VPCs are named VPC A and VPC B.
A new security regulation requires all traffic between production VPCs to be inspected before the traffic is routed to its final destination. The company deploys a new shared VPC that contains a stateful firewall appliance and a transit gateway with a VPC attachment across all VPCs to route traffic between VPC A and VPC B through the firewall appliance for inspection. During testing, the company notices that the transit gateway is dropping the traffic whenever the traffic is between two Availability Zones.
What should a network engineer do to fix this issue with the LEAST management overhead?

  • A. In the shared VPC, configure one VPC peering connection to VPC A and another VPC peering connection to VPC B.
  • B. Enable transit gateway appliance mode on the VPC attachment in VPC A and VPC B.
  • C. In the shared VPC, replace the VPC attachment with a VPN attachment. Create a VPN tunnel between the transit gateway and the firewall appliance. Configure BGP.
  • D. Enable transit gateway appliance mode on the VPC attachment in the shared VPC.

Answer: D

Explanation:
https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-appliance-scenario.html


NEW QUESTION # 116
A company has deployed an AWS Network Firewall firewall into a VPC. A network engineer needs to implement a solution to deliver Network Firewall flow logs to the company's Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster in the shortest possible time.
Which solution will meet these requirements?

  • A. Create an Amazon Kinesis data stream that includes the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster as the destination. Configure flow logs for the firewall. Set the Kinesis data stream as the destination for the Network Firewall flow logs.
  • B. Create an Amazon Kinesis Data Firehose delivery stream that includes the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster as the destination. Configure flow logs for the firewall Set the Kinesis Data Firehose delivery stream as the destination for the Network Firewall flow logs.
  • C. Create an Amazon S3 bucket. Create an AWS Lambda function to load logs into the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster. Enable Amazon Simple Notification Service (Amazon SNS) notifications on the S3 bucket to invoke the Lambda function. Configure flow logs for the firewall. Set the S3 bucket as the destination.
  • D. Configure flow logs for the firewall. Set the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster as the destination for the Network Firewall flow logs.

Answer: B

Explanation:
https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-analyze-aws-network-firewall-logs-using-amazon-opensearch-service-part-1/


NEW QUESTION # 117
Your company currently has a LAG to AWS with two 1Gbps connections. What is the best way to increase throughput on this LAG?
Response:

  • A. Configure your router to use "jumbo frames" with an MTU of 9001.
  • B. Add one 10Gbps connections to the LAG.
  • C. Add two 1Gbps connections to the LAG.
  • D. Add three 1Gbps connections to the LAG.

Answer: C


NEW QUESTION # 118
You have configured private subnets so that applications can download security updates. You have a Network Address Translation (NAT) instance in each Availability Zone as the default gateway to the Internet for each private subnet. You find that you cannot reach port 8080 of a server on the Internet from any of your private subnets.
Which are the most likely causes of the problem?
(Choose two)
Response:

  • A. The remote server is blocking access from your instances.
  • B. The NAT instances have run out of ports to NAT traffic.
  • C. The application instance security group does not allow inbound traffic on port 8080
  • D. The application instance subnet inbound network Access Control List (ACL) blocks traffic to port 8080.
  • E. The NAT instances are blocking traffic to port 8080.

Answer: A,E


NEW QUESTION # 119
A global company operates all its non-production environments out of three AWS Regions: eu- west-1, us-east-1, and us-west-1. The company hosts all its production workloads in two on- premises data centers. The company has 60 AWS accounts and each account has two VPCs in each Region. Each VPC has a virtual private gateway where two VPN connections terminate for resilient connectivity to the data centers. The company has 360 VPN tunnels to each data center, resulting in high management overhead. The total VPN throughput for each Region is 500 Mbps.
The company wants to migrate the production environments to AWS. The company needs a solution that will simplify the network architecture and allow for future growth. The production environments will generate an additional 2 Gbps of traffic per Region back to the data centers.
This traffic will increase over time.
Which solution will meet these requirements?

  • A. Set up an AWS Direct Connect connection from each data center to AWS in each Region. Create and attach private VIFs to a single Direct Connect gateway. Attach the Direct Connect gateway to all the VPCs. Remove the existing VPN connections that are attached directly to the virtual private gateways.
  • B. Peer all the VPCs in each Region to a new VPC in each Region that will function as a centralized transit VPC. Create new VPN connections from each data center to the transit VPCs. Terminate the original VPN connections that are attached to all the original VPCs. Retain the new VPN connection to the new transit VPC in each Region.
  • C. Create a single transit gateway with VPN connections from each data center. Share the transit gateway with each account by using AWS Resource Access Manager (AWS RAM). Attach the transit gateway to each VPC. Remove the existing VPN connections that are attached directly to the virtual private gateways.
  • D. Create a transit gateway in each Region with multiple newly commissioned VPN connections from each data center. Share the transit gateways with each account by using AWS Resource Access Manager (AWS RAM). In each Region, attach the transit gateway to each VPRemove the existing VPN connections that are attached directly to the virtual private gateways.

Answer: D

Explanation:
An AWS Transit Gateway provides the option of creating an IPsec VPN connection between your remote network and the Transit Gateway over the internet. A Transit Gateway is a regional resource.
https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-transit- gateway-vpn.html You can use AWS Resource Access Manager (RAM) to share a transit gateway for VPC attachments across accounts or across your organization in AWS Organizations. That helps reducing the VPN connections.
https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-share.html
AWS Transit Gateway can scale up to 50 Gbps throughput aggregating multiple VPN tunnels.
https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-quotas.html#bandwidth-quotas


NEW QUESTION # 120
Which AWS Identity and Access Management (IAM) entities are used when creating an environment?
(Select TWO.)
Response:

  • A. Profile role
  • B. Service role
  • C. User name and access keys
  • D. Instance profile
  • E. Federated role

Answer: B,D


NEW QUESTION # 121
What it means by Security group is stateful?
Response:

  • A. You should always have 0.0.0.0/0 outbound rule
  • B. You have to explicitly allow return outbound traffic for all incoming traffic
  • C. You should always have 0.0.0.0/0 inbound rule
  • D. You don't need to explicitly allow return outbound traffic for all incoming traffic

Answer: D


NEW QUESTION # 122
Amazon Route 53 cannot route queries to which AWS resources?
Response:

  • A. AWS CloudFormation
  • B. Amazon CloudFront distribution
  • C. Amazon Elastic Compute Cloud (Amazon EC2) instance
  • D. Elastic Load Balancing load balancer

Answer: A


NEW QUESTION # 123
......

ANS-C01 Exam PDF [2024] Tests Free Updated Today with Correct 221 Questions: https://www.braindumpsvce.com/ANS-C01_exam-dumps-torrent.html

100% Real ANS-C01 dumps  - Brilliant ANS-C01 Exam Questions PDF: https://drive.google.com/open?id=1NK-dPJKHh_5jqWUgmnZhddoTfL38ZwvX

Related Articles

more
Amazon ANS-C01 Certification Practice Exam