AWS ANS-C00 Certified Advanced Networking Speciality Exam Set 3

You have a number of instances in your VPC that communicate over IPv6. You need to ensure that traffic can flow Instances to the Internet, but not vice versa. How ca you achieve this?


Options are :

  • Use only the outlet of the Internet gateway (Correct)
  • Change NACLA YS would not be allowed incoming traffic is Instances
  • Change Security groups allow incoming traffic is Instances
  • Change the Internet gateway to only allow outbound traffic lPvG
  • None

Answer : Use only the outlet of the Internet gateway

Your company is using hosted virtual interface from the parent AWS account. You need to mention IT management company to buy what you download. Which of the following would you mention?


Options are :

  • data transfer
  • The number of hours that interface
  • Data transfer from the interface (Correct)
  • None
  • Ports hour costs

Answer : Data transfer from the interface

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 6

You have a set of EC2 instances are deployed in a VPC. The application is hosted in those cases. There are some things that need to be repeated application and you're going to inspect the packets sent from the application to trace the error. How can you achieve this?


Options are :

  • Use IDS (Correct)
  • Use the VPC Flow logs
  • Use the Cloud to watch Logs
  • Use the Cloud trail
  • None

Answer : Use IDS

You are currently setup AWS VPC and subnets. You have to setup routes in the route table CIDR block traffic 0.0.0.0/0. You just want to set up all the hosts of communication. But note that some applications do not work in the desired manner. These are IPv6-enabled applications that sit on the VPC subnets. What must be done to alleviate this issue?


Options are :

  • To ensure that the route 0.0.0.0/0 is removed and a more specific route has been added.
  • Add a default route to 172.132.0.0/16 route table
  • Add route :: / 0 route table as well (Correct)
  • Delete instead of the route 0.0.0.0/0 and to add route :: I0 that all communications.
  • None

Answer : Add route :: / 0 route table as well

Company planning to move its files on its own premises on the location of the S3. Services hosted on-premise channel environment would be a low latency access to these files. Which of the following is the safest way is this for?


Options are :

  • None
  • Create a Direct Connect connection, and a private VIF
  • VPN connection in a single VPC end point
  • VPN, which would allow the use of services S3 premise
  • Create a Direct Connect link together Public VIF (Correct)

Answer : Create a Direct Connect link together Public VIF

AWS Solutions Architect - Associate SAA-C01 Practice Exams Set 21

You currently have setup a VPN configuration on-premises location AWS. AWS VPC CIDR is 10.0.0.0/16 and subnet 10.0.1.0/24. The company's premises location is a network of CIDR block 10.0.37.0/24. Traffic is dropped when it is sent to the subnet manifestations of the company's premises location. Therefore, it could be the most likely cause in this case?


Options are :

  • You have not set the Enhanced networking Instances
  • Do not fragmenr is set in the IP header
  • MTU is not set to 9001
  • There is overlap between the prefixes (Correct)
  • None

Answer : There is overlap between the prefixes

The company has setup a VPN connection to the company's premises infrastructure and the AWS. They have a number of VPC defined. They must also ensure that all traffic passes through VPC their security infrastructure on-premise. How to architect the solution? Select 2 response options below


Options are :

  • Create a VPC traffic exchange agreements connection security VPC and other VPCS
  • between a VPN connection to all the other Security VPC VPC YS (Correct)
  • VPN access on-premise channel environment to all other VPC
  • VPN access on-premise channel environment and safety VPC (Correct)

Answer : between a VPN connection to all the other Security VPC VPC YS VPN access on-premise channel environment and safety VPC

The company currently uses NAT to route traffic cases Instances private subnet. They need to convert these NAT gateways to increase the amount of bandwidth required. They want to automate the provision. How can you do this?


Options are :

  • Use AWS Conflg change the settings of the NAT NAT gateway, for example,
  • None
  • Use the Cloud formatlon models to replace instances of NAT NAT gateways (Correct)
  • Use the AWS inspector to replace NAT NAT gateways cases
  • Use ops work for the holding cases NAT NAT gateways

Answer : Use the Cloud formatlon models to replace instances of NAT NAT gateways

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 9

You have to setup a VPN connection to the company's premises data center and AWS. You need to know how a VPN connection costs. What's Below is a factor to consider when looking to pay for VPN connections?


Options are :

  • VPN access hours (Correct)
  • Virtual Private Gateway transfer out
  • Communication
  • None
  • data transfer

Answer : VPN access hours

You are now set up health checks on Route 53. These medical examinations are used on-premise 2 their own web servers. Health inspections are not working as hoped. Health checks continuously failed. Which of the following could be the possible reason? Please choose:


Options are :

  • That the level of safety Groups of instances allowing inbound traffic
  • Make sure the firewall on-premises environment for allowing inbound traffic (Correct)
  • Make sure that the YS is NACLA subnets are allowing inbound traffic
  • This is not possible. You can not take the health surveillance of non-AWS resources
  • None

Answer : Make sure the firewall on-premises environment for allowing inbound traffic

The company plans to set up an application that consists of EC2 instances, and Application Load Balancer in front of Cloud. Your management is concerned about DDoS attacks. Which of the following can help protect against such network attacks? Select 3 response options below?


Options are :

  • Consider AWS Shield Advanced (Correct)
  • Set in front of the AWS Cloud WAF in front of the Distribution. (Correct)
  • Place the AWS EC2 Instances in front of the WAF
  • Set AWS WAF in front of the Application Load Balancer (Correct)

Answer : Consider AWS Shield Advanced Set in front of the AWS Cloud WAF in front of the Distribution. Set AWS WAF in front of the Application Load Balancer

AWS SAP-C00 Certified Solution Architect Professional Exam Set 1

The company plans to try workspaces AWS 100 users. They want to use the directory service along with AWS workspaces. Which of the following would be an ideal option which will be not less than the need for management and also cost-effective?


Options are :

  • Select the AWS directory service used in conjunction with AWS Workspaces
  • Choose Easy AD used in conjunction with AWS Workspaces (Correct)
  • Use AD domain servers and configure VPC AWS Workspace to use the new AD Domain server
  • None
  • Opt AD connector used in conjunction with the AWS workspaces

Answer : Choose Easy AD used in conjunction with AWS Workspaces

The company has setup a load balancer and application to various destinations in the back of ALB. But, there are continuing problems from time to time where clients can not connect to ALB because the white list, which is needed to make the IT Security Department. What changes can be made architecture to alleviate this problem.


Options are :

  • None
  • Network Load balancer in front of the ALB (Correct)
  • The public IP application screen Load Balancer
  • Determine the Elastic IP Application Load Balancer
  • Network Load balancer behind the ALB

Answer : Network Load balancer in front of the ALB

When configured with the Public VIF AWS Direct Connect, which of the following is not needed in the configuration


Options are :

  • Peer IP Router
  • None
  • Virtual Private Gateway (Correct)
  • VLAN
  • BGPASN

Answer : Virtual Private Gateway

AWS SAP-C00 Certified Solution Architect Professional Exam Set 4

You have 2 VPC VPCA (1 72.16.0.0/16) and VPCB (10.0.0.0/16). You are going to set up a VPC connecting peering. What must be added to the route table as well as the VPC of the following routes: To assure communication all over the VPC Select 2 response options below.. It is assumed that the target VPC peering agreements connection ID is one PCX-122


Options are :

  • The route table VPCB add a route to 10.0.0.0/16 and Target PCX-one 122
  • The route table VPCA add a route to 172.16.0.0/16 and Target PCX-one 122
  • The route table VPCB add a route to 172.16.0.0/16 and Target PCX-one 122 (Correct)
  • The route table VPCA add a route to 10.0,0.0 / 16 and Target pcx1 122 (Correct)

Answer : The route table VPCB add a route to 172.16.0.0/16 and Target PCX-one 122 The route table VPCA add a route to 10.0,0.0 / 16 and Target pcx1 122

The company plans to experiment with Amazon workspaces account. They will show a set of workstations fixed IP addresses for this purpose. They have to ensure that only those IP addresses have access to the Amazon Workspaces. How can you achieve this?


Options are :

  • None
  • Specify P addresses the security group
  • Place the front of the WAF Amazon Workspaces
  • Specify P addresses NaCl
  • Create access control P group (Correct)

Answer : Create access control P group

You have created a NAT gateway, so that cases of private subnet can download updates from the Internet. But the cases are still not able to reach beyond the Internet gateway is created. Which of the following could be the one in the background?


Options are :

  • The NAT gateway is created in the public subnet
  • NAT gateway is created in the private subnet (Correct)
  • The NAT gateway is created with the wrong type Instance
  • The NAT gateway is not created false AMI
  • None

Answer : NAT gateway is created in the private subnet

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 9

You have to setup a VPC subnet ENI Flow logs of your EC2 instance. You can see below REJECT record VPC Flow logs. What this shows 2123456789911 ENL-abcl23de 172.31.9.69172.31.9.1249761 3389620424914185300101418530070 REJECT OK


Options are :

  • None
  • The request was made on port 80 Instance
  • Someone tried to log into SSH Instance
  • The request was made port 443 expression
  • Someone tried to log on via RDP Instance (Correct)

Answer : Someone tried to log on via RDP Instance

The company is currently VPC spot us by the West and the East for us. The company is AWS Direct Connect connection with the US East region. They want to have the ability to connect us to expand to the west. They must also minimize the time and effort that this place. How can this be achieved?


Options are :

  • Take advantage of Direct Connect gateway (Correct)
  • Make the use of P Sec VPN
  • Create a second AWS Direct Connect link
  • Create a private VIF using the current connection
  • None

Answer : Take advantage of Direct Connect gateway

You have a requirement to ensure that the hosted zones created Route 53 is the name servers that will resonate with your domain name. How can you achieve this? Select 2 response options below


Options are :

  • Specify the domain name when creating the record set the name servers
  • Create a delegation to the set Reusable Route 53 Apia YS (Correct)
  • Create removal for re-use set of AWS Console
  • Create a Reusable delegation of the set AWS CLI (Correct)

Answer : Create a delegation to the set Reusable Route 53 Apia YS Create a Reusable delegation of the set AWS CLI

AWS Solutions Architect - Associate SAA-C01 Practice Exams Set 3

Company planning on using Cloud in front with 53 origin. There is a requirement to serve the private content is 53. The requirement to ensure that access is restricted to certain individual files. How do you deliver private content.


Options are :

  • Use a Signed URL (Correct)
  • Use Security Groups
  • None
  • Use a Signed Cookies
  • Use private keys

Answer : Use a Signed URL

The company has set up the EC2 Cases VPC. In these cases, it is configured to obtain an on-premises data center DNS server. But cases do not come on-premise channel to the server. Which of the following could be the reason? Select 2 response options below?


Options are :

  • NaCl'S prevent outbound TCP port 53 (Correct)
  • Security groups EC2 instances to prevent incoming port 53
  • NACUs block incoming port 53 UDP
  • NACLA'S block outbound port 53 UDP (Correct)
  • NACL5 prevent incoming TCP port 53

Answer : NaCl'S prevent outbound TCP port 53 NACLA'S block outbound port 53 UDP

Your team is planning to create a number of cases VPC. They need to ensure the high performance of the network in the background cases, and enhanced communication instances. Which of the following take. Select 2 response options below?


Options are :

  • Enable Enhanced Networking background Instances (Correct)
  • Set the MTU moments of 1500
  • Create instances in separate Availability Zones, and put them in a cluster placement group
  • Create cases in the same Availability Zones and put them in a cluster placement group (Correct)

Answer : Enable Enhanced Networking background Instances Create cases in the same Availability Zones and put them in a cluster placement group

AWS SAP-C00 Certified Solution Architect Professional Exam Set 5

Active Passive configuring the VPN configuration, which of the following can be achieved in this configuration. Select 2 response options below


Options are :

  • Use a different ASN numbers
  • Use IPSec Routing
  • Use a more specific routes (Correct)
  • For use _PATH pre pending (Correct)

Answer : Use a more specific routes For use _PATH pre pending

You need to be created VPC instances that can support a network of up to 20 Gbps capacity. Which of the following would be part of the implementation of the steps? Select 2 answers below to select the options:


Options are :

  • For example, to create a derived instance that supports Intel's 82599 VF interface
  • Enable Enhanced Networking if not already done (Correct)
  • Set Cases placement group
  • For example, to create a derived instance that supports enhanced networking (Correct)

Answer : Enable Enhanced Networking if not already done For example, to create a derived instance that supports enhanced networking

The company plans to create a Direct Connect connection, and also a backup VPN connection. Which of the following is done to ensure that the AWS Direct Connect connection is the primary route?


Options are :

  • Make sure that the AS_PATH pre pending is set to AWS Direct Connect
  • None
  • Make sure that the prefixes advertised the same on both connections (Correct)
  • Make sure that the longest prefix advertised AWS Direct connect
  • Make sure that the shortest prefix advertised AWS Direct connect

Answer : Make sure that the prefixes advertised the same on both connections

AWS Solutions Architect Associate 2019 with Practice Test Set 6

The company is currently VPC defined 10.0.0.0/16. VPC subnets is defined in this together Instances created subnet. You need to ensure that resources VPC can solve the company's premises DNS resources. How can you achieve this? Select 2 response options below.


Options are :

  • Configure DHCP options for your VPC to show EC2 Instance. (Correct)
  • Create a private zone hosts the Route53
  • Create an EC2 instance in your VPC, which acts as a DNS server (Correct)
  • Configure DHCP options for subnet to show EC2 Instance.

Answer : Configure DHCP options for your VPC to show EC2 Instance. Create an EC2 instance in your VPC, which acts as a DNS server

You have two Direct Connect connections and two VPN connections to the network. The following information Site VPN 10.2.0.0/24 AS A 65,000 point B is a VPN 10.2.0.252/30 AS 65000 Site C DX 10.0.0.0/8 AS 65000 65000 Site D DX 10.0.0.0/16 AS 65000 65000 which site you choose to access AWS network?


Options are :

  • None
  • site C
  • site B (Correct)
  • website
  • D site

Answer : site B

What can be used to control the following, how far from the routes may be advertised using AWS Direct Connect and the public VIF?


Options are :

  • Use the MED
  • None
  • Use BGP communities (Correct)
  • Use AS_PATH pretense
  • Use BGP titles

Answer : Use BGP communities

AWS Certification

The company has setup AWS Direct Connect connection together with the public VIF. It is the problem of the loopholes in the security department for public or VIF. Which of the following is a valid concern, which could increase the security department?


Options are :

  • Oman VPC will be exposed to the Internet
  • Oman VPC will be exposed to the public through VIP
  • None
  • EC2 instance has its own IP you have the opportunity to reach the public through the VIF
  • EC2 public IP Instance are able to get you through the public VIF (Correct)

Answer : EC2 public IP Instance are able to get you through the public VIF

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions