AWS ANS-C00 Certified Advanced Networking Practical Exam Set 4

Your company has many remote branch offices that need to connect with your AWS VPC. Which of the following can help achieve this connectivity in an easy manner?


Options are :

  • VPC Peering
  • AWS Direct Connect with a Public VIF
  • VPN Cloud hub (Correct)
  • AWS Direct Connect with a Private VIF

Answer : VPN Cloud hub

A company has an application that needs to be moved to an AWS VPC network. This application is based on multicast and needs to be moved with the least amount of effort. What can be done to fulfill this requirement?


Options are :

  • Consider creating an overlay network between EC2 Instances and then port the application. (Correct)
  • Create EC2 Instances in the subnet and then migrate the application on to the EC2 Instance.
  • The application needs to be changed to support uni cast before moving it to AWS.
  • Consider enabling encryption on the underlying EBS volumes which will be used to support the EC2

Answer : Consider creating an overlay network between EC2 Instances and then port the application.

When creating an AWS workspace , which of the following is required for the creation of the workspace?


Options are :

  • A User directory (Correct)
  • A VPC with a private and public subnet
  • A NAT Instance on the customer side
  • An AWS Direct Connect connection

Answer : A User directory

Your company has the following setup in AWS a. A set of EC2 Instances hosting a web application b. An application load balancer placed in front of the EC2 Instances There seems to be a set of malicious requests coming from a set of IP addresses. Which of the following can be used to protect against these requests?


Options are :

  • Use Security Groups to block the IP addresses
  • Use AWS Inspector to block the IP addresses
  • Use AWS WAF to block the PP addresses (Correct)
  • Use VPC Flow Logs to block the lP addresses

Answer : Use AWS WAF to block the PP addresses

Your company is planning on delivering content via an application hosted on a set of EC2 Instances. The end devices can be laptops, mobile devices , tablets etc. The content needs to be customized based on the type of end user device. Which of the following can help fulfill this requirement and also ensure that cost is MINIMIZED and MAXIMUM ease of deployment?


Options are :

  • Network Load Balancers
  • Cloud front with Lambda @Edge (Correct)
  • App stream
  • Application Load Balancers (Correct)

Answer : Cloud front with Lambda @Edge Application Load Balancers

You have configured a hosted zone in Route 53. You need to have the ability to see the types of records being requested to the zone. How can you configure this?


Options are :

  • Configure Cloud watch metrics
  • Configure VPC Flow Logs
  • Configure Cloud trail
  • Configure Amazon Route 53 logging (Correct)

Answer : Configure Amazon Route 53 logging

You are planning on using VPC Flow logs to monitor the traffic to EC2 Instances in your VPC. Which of the following types of traffic will not get monitored by VPC Flow logs. Choose 2 answers from the options given below


Options are :

  • Instances that have Elastic IP?s assigned to the ENI
  • Instances which have multiple ENrs
  • Requests for Instance metadata (Correct)
  • Traffic that flow to Amazon DNS servers

Answer : Requests for Instance metadata

Your company has a 3 tier application that consists of a Web , Application and Database Tier. The application is based on delivering REST ful services. They have Auto scaling Groups for the EC2 Instances for the Web and Application Tier. You now want to add high availability to the Tiers, but it needs to ensured that each tier can be scaled independently. How would you architect. Choose the most PREFERRED option.


Options are :

  • Create separate Classic Load Balancers for the Web and Application Tiers.
  • Create an Application Load Balancer and add separate target groups for the Web and Application Tier (Correct)
  • Create an Application Load Balancer for the Application Tier and a classic load balancer for the Web Tier
  • Create a Classic Load Balancer and add multiple targets for the Web and Application Tier.

Answer : Create an Application Load Balancer and add separate target groups for the Web and Application Tier

You?ve setup a Cloud front distribution in AWS. You?re planning on conducting a primary load test to see the performance of the Cloud front distribution. Which of the following factors must you keep in mind when performing the load test. Choose 2 answers from the options given below ?


Options are :

  • Ensure to initiate client requests from multiple geographic regions (Correct)
  • Ensure that SSL is turned on for the distribution
  • Configure your test so each client makes an independent DNS request (Correct)
  • Ensure that client requests hit the origin server

Answer : Ensure to initiate client requests from multiple geographic regions Configure your test so each client makes an independent DNS request

You need to setup a Cross Connect with AWS Direct Connect. You already have the necessary equipment in place. You now need to complete the connection process. How can you achieve this?


Options are :

  • Raise a support ticket with AWS
  • Raise a AWS Direct Connect request In the AWS Console
  • Contact your provider (Correct)
  • Contact an AWS Partner

Answer : Contact your provider

A company currently has acquired another smaller company. Both companies have their presence in AWS. There is a requirement to ensure traffic flows from VPC A in the parent company to a security VPC B in the same parent company. And then the traffic can flow to VPC C in the acquired company. How can you accomplish this transit flow?


Options are :

  • Create a VPC Peering connection between VPC A and VPC C. Create a VPN connection between VPC A and VPC
  • Create a VPC Peering connection between VPC A and VPC C. Create another VPC peering connection between VPC B and VPC C
  • Create a VPC Peering connection between VPC A and VPC B. Create a VPN connection between VPC B and VPC (Correct)
  • Create a VPC Peering connection between VPC A and VPC B. Create another VPC peering connection between VPC Band VPCC

Answer : Create a VPC Peering connection between VPC A and VPC B. Create a VPN connection between VPC B and VPC

Your company currently has a VPC hosted in AWS. There is a private hosted zone in place for the instances in this VPC. You need your On-premise servers to be able to resolve DNS requests for Instances in the VPC. You need to do this with the least amount of effort. What steps would you. Choose 2 answers from the options given below.


Options are :

  • Setup a Simple AD Instance in AWS. (Correct)
  • Make your On-premise servers point to the Simple AD Instance (Correct)
  • Setup an Active Directory Domain Controller in the AWS VPC
  • Make your On-premise servers point to the new Domain Controller

Answer : Setup a Simple AD Instance in AWS. Make your On-premise servers point to the Simple AD Instance

You are setting up a VPN software on an EC2 Instance which will be used for VPN connections. Which of the following Is an important aspect that should be set on the EC2 Instance?


Options are :

  • Enable route propagation in a Virtual Private Cloud (VPC) subnet route table.
  • Enable source destination check on the Amazon EC2 instance.
  • Disable source destination check on the Amazon EC2 instance (Correct)
  • Enable enhanced networking mode on the Amazon EC2 instance.

Answer : Disable source destination check on the Amazon EC2 instance

Your planning on setting up a VPC with Subnets. The EC2 Instances hosted in the VPC needs to get the time from a custom NTP server. How can you accomplish this?


Options are :

  • Define a resource record in Route 53 and provide the NTP server name
  • Create a DHCP Options set and provide the NTP server name (Correct)
  • Assign the NTP server in the Subnet configuration
  • Use an Application Load Balancer and then provide the NW server as part of the ALB configuration.

Answer : Create a DHCP Options set and provide the NTP server name

You need to have a managed threat detection service that continuously monitors for malicious or unauthorized behavior against your EC2 Instances. Which of the following can help in such a requirement?


Options are :

  • Amazon Cloud Trail
  • Amazon Guard Duty (Correct)
  • Amazon VPC Flow Logs
  • Amazon Cloud watch Logs

Answer : Amazon Guard Duty

There is a requirement to see all port scans which are occurring on a couple of EC2 instances. Which of the following can be used for such a requirement?


Options are :

  • AWS VPC Flow Logs (Correct)
  • AWS Trusted Advisor
  • AWS Cloud watch Events
  • AWS Inspector

Answer : AWS VPC Flow Logs

Your company has setup a Classic Load Balancer with EC2 Instances behind them. These EC2 Instances are spun up via an Auto scaling group. In your company there is normally a spike in traffic in the beginning and end of the day. The ELB and Auto scaling Groups have been created with the default settings. It has been noticed that there are timeouts or partially rendered pages at times. How can this be resolved?


Options are :

  • Change the Connection Draining timeout in the ELB (Correct)
  • Enable Cross Zone Load Balancing
  • Change the maximum number of instances setting in the Auto scaling Group
  • Add another Auto scaling group to the ELB

Answer : Change the Connection Draining timeout in the ELB

You have established a VPN connection between your on-premise and an AWS VPC. You need to also ensure that instances in the VPC can reach the Internet so you have also attached an Internet gateway. How would you setup the route tables to ensure traffic can flow via the VPN and the Internet?


Options are :

  • Setup one route table. Add one route of 0.0.0.0/0 to the Internet and another route of 0.0.0.0/0 route for the Virtual Private gateway. Attach the Route table to the subnets In the VPC.
  • Setup 2 Route tables. One route table with a default route to the Internet and another one with the default route to the Virtual Private gateway. Attach the Route tables to the sub nets In the VPC.
  • Setup one route table. Add one route of 0.0.0.0/0 to the Internet and one specific prefix route for the Virtual Private gateway. Attach the Route table to the subnets in the VPC. (Correct)
  • Setup 2 Route tables. One route table with a default route to the Internet and another one with the s prefix route to the Virtual Private gateway. Attach the Route tables to the subnets in the VPC.

Answer : Setup one route table. Add one route of 0.0.0.0/0 to the Internet and one specific prefix route for the Virtual Private gateway. Attach the Route table to the subnets in the VPC.

You have configured a hosted zone in Route 53. You need to have the ability to see the types of records being requested to the zone. How can you configure this?


Options are :

  • Configure Cloud trail
  • Configure VPC Flow Logs
  • Configure Cloud watch metrics
  • Configure Amazon Route 53 logging (Correct)

Answer : Configure Amazon Route 53 logging

Your company is planning on setting up an AWS Direct Connect connection along with a private VIF. The company ahs 169 IP prefixes that will be advertised via the private VIF. The company has raised the request and ensured that the equipment is in place. What is an implementation step that they need to consider to ensure the connection works as desired?


Options are :

  • Create a VPN connection
  • Ensure a VPC Peering connection is in place
  • Ensure to also create a public VIF to access the resources in the VPC
  • Summarise the routes into a default route (Correct)

Answer : Summarise the routes into a default route

You are planning on setting up an AWS VPN managed connection. You have a customer gateway that is behind a NAT device. In such a case what steps should be taken to ensure proper connectivity. Choose 2 answers from the options given below?


Options are :

  • Use the public lP address of the NAT device (Correct)
  • Ensure the on-premise firewall has UDP port 4500 unblocked (Correct)
  • Ensure the on-premise firewall has TCP port 4500 unblocked
  • Use the private IP address of the customer gateway

Answer : Use the public lP address of the NAT device Ensure the on-premise firewall has UDP port 4500 unblocked

Your company is planning on setting up an AWS Direct connect connection to an AWS VPC. They want to achieve maximum fault tolerance have maximum bandwidth at all times. How can this be achieved?


Options are :

  • Two Virtual Private gateway One AWS Direct Connect Location One Customer gateway
  • Two Virtual Private gateway Two AWS Direct Connect Locations One Customer gateway
  • One Virtual Private gateway One AWS Direct Connect Location One VPN connection
  • One Virtual Private gateway Two AWS Direct Connect Locations Two Customer gateways (Correct)

Answer : One Virtual Private gateway Two AWS Direct Connect Locations Two Customer gateways

Your company is planning on setting up a Direct Connect connection to AWS. But they don?t require or have the facility to accommodate a 1Gbps connection. How can they achieve a sub 1 G connection? Choose 2 answers from the options given below.


Options are :

  • They can consider contacting an AWS Partner for a Hosted Connection (Correct)
  • They can consider contacting an AWS Partner for a Hosted Virtual Interface
  • If they have a parent AWS Account which can accommodate a 1 G connection. look at having a Hosted Virtual Interface (Correct)
  • If they have a parent AWS Account which can accommodate a 1 G connection, look at having a Hosted Connection

Answer : They can consider contacting an AWS Partner for a Hosted Connection If they have a parent AWS Account which can accommodate a 1 G connection. look at having a Hosted Virtual Interface

Your company has the requirement of connecting their on-premise location to an AWS VPC. The On-premise servers should have the capabilities of resolving custom DNS domain names in the VPC. The Instances in the VPC need to have the ability to resolve the DNS names of the on-premise servers. How can you achieve this?


Options are :

  • Setup a DNS forwarder In your VPC. Ensure the DNS forwarder points to the P address of the VPN tunnel. Change the Option Set for the VPC for the IP address of the DNS forwarder. Configure a DNS forwarder in the Onp remise location
  • Setup a DNS forwarder in your VPC. Ensure the DNS forwarder points to the Name server for the Route 53 hosted zone. Also ensure the forwarder is configured with the on-premise DNS server, Change the Option Set for the VPC for the lP address of the DNS forwarder. Configure a DNS forwarder in the On-premise location
  • Setup a DNS forwarder in your VPC. Ensure the DNS forwarder points to the Amazon DNS resolver for the VPC. Also ensure the forwarder is configured with the on-premise DNS server. Change the Option Set for the VPC for the IP address of the DNS forwarder, Configure a DNS forwarder in the On-premise location. (Correct)
  • Setup a DNS forwarder in your VPC. Ensure the DNS forwarder points to the IP address of the On-premise DNS server. Change the Option Set for the VPC for the IP address of the DNS forwarder. Configure a DNS forwarder in the On-premise location

Answer : Setup a DNS forwarder in your VPC. Ensure the DNS forwarder points to the Amazon DNS resolver for the VPC. Also ensure the forwarder is configured with the on-premise DNS server. Change the Option Set for the VPC for the IP address of the DNS forwarder, Configure a DNS forwarder in the On-premise location.

Your company has many remote branch offices that need to connect with your AWS VPC. Which of the following can help achieve this connectivity In an easy manner?


Options are :

  • AWS Direct Connect with a Private VIF
  • AWS Direct Connect with a Public V1F
  • VPC Peering
  • VPN Cloud hub (Correct)

Answer : VPN Cloud hub

You?ve setup a private hosted zone in Route 53. You?ve setup a VPN connection between the AWS VPC and your on-premise network. You need to ensure that you can resolve DNS names from on-premise to the resources records defined in the Private hosted zone. How can you accomplish this?


Options are :

  • Create a DNS forwarder server in your on-premise location. Configure the VPC with a new DHCP options s which uses this DNS forwarder.
  • Configure a DNS resolver in the VPC which will resolve DNS requests to the Route 53 private hosted zone.
  • Configure a DNS forwarder In the VPC which will forward DNS requests to the Route 53 private hosted zone (Correct)
  • Create a DNS resolver server in your on-premise location. Configure the VPC with a new DHCP options set which uses this DNS resolver.

Answer : Configure a DNS forwarder In the VPC which will forward DNS requests to the Route 53 private hosted zone

Your company is planning on using AWS EC2 and ELB for deployment for their web applications. The security policy mandates that all traffic should be encrypted. Which of the following options will ensure that this requirement is met. Choose 2 answers from the options below.


Options are :

  • Ensure the load balancer listens on port 80
  • Ensure the hTTPS listener sends requests to the Instances on port 80
  • Ensure the HTTPS listener sends requests to the instances on port 443 (Correct)
  • Ensure the load balancer listens on port 443 (Correct)

Answer : Ensure the HTTPS listener sends requests to the instances on port 443 Ensure the load balancer listens on port 443

You are planning on creating a VPC endpoint for your SaaS product hosted in AWS. You will provide this link to a customer who will access the link from their application. The application works on the UDP protocol. You plan on providing the DNS name for the link to them. But the customer is not able to use the link from within their application. What could be the issue?


Options are :

  • The gateway endpoint has a policy that denies access. This should be modified accordingly.
  • The customer needs to use a NAT device to access the endpoint service
  • The service endpoint only works on the TCP protocol (Correct)
  • The customer needs to create a Network load balancer to access the endpoint service

Answer : The service endpoint only works on the TCP protocol

Your company currently hosts an application that consists of a NGINX web server that is hosted behind a load balancer. You need to ensure that you restrict access to certain locations for the content hosted on the Web server. How can you accomplish this?


Options are :

  • Use the IP addresses in the X-Forwarded-For HTTP header and then restrict content via Cloud front geor estrictions. (Correct)
  • Use the ELB itself to restrict content via geo-restrictions
  • Use the ELB logs to create a blacklist for restrictions
  • Use the NGINX logs to get the web server variable and then use the IP address to restrict content via Cloud front geo-restrictions.

Answer : Use the IP addresses in the X-Forwarded-For HTTP header and then restrict content via Cloud front geor estrictions.

A Company currently uses the Net Flow software to monitor and get the details of the traffic that flows between systems in their On-premise network. They want to have the same ability when they start moving their servers to AWS. Which of the following service can help them meet this requirement?


Options are :

  • AWS Cloud watch logs
  • AWS Config
  • AWS Cloud watch metrics
  • AWS VPC Flow Logs (Correct)

Answer : AWS VPC Flow Logs

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions