AWS ANS-C00 Certified Advanced Networking Practical Exam Set 2

You have a Lambda function that is designed to probe for events on an EC2 Instance. After the probe is complete, the lambda function needs to send requests to an SQS queue. How can this be achieved? Select 2 Answers.


Options are :

  • Create a NAT instance in the VPC (Correct)
  • Ensure that IpV6 is enabled for the subnet hosting the Lambda function
  • Ensure that the VPC configuration Is added to the Lambda function (Correct)
  • Ensure that the Lambda function details are added to the VPC configuration

Answer : Create a NAT instance in the VPC Ensure that the VPC configuration Is added to the Lambda function

You have an EC2 Instance which will be responsible for processing a lot of video and audio. There is a requirement to ensure that the EC2 Instance has the maximum performance when it comes to the network packet processing. How can this be achieved? Choose 2 answers from the options given below


Options are :

  • Ensure that the MTU is set to 9001 on the Instance (Correct)
  • Ensure that the instance supports single root I/O virtualization (Correct)
  • Ensure that the MTU is set to 9001 for the VPC
  • Choose a t2.medlum instance type

Answer : Ensure that the MTU is set to 9001 on the Instance Ensure that the instance supports single root I/O virtualization

You have been put in charge for setting up a network architecture for a company. The architecture consists of an application that will exchange a lot of information and hence will need a high bandwidth consideration. There will be other B2B customers that will access this application as separate tenants. What consideration will you provide in the design?


Options are :

  • Consider using AWS VPN for each customer. But this will also depend on the availability of an AWS partner in that location of the customer.
  • Consider using a Virtual private gateway for each customer as this will provide the least latency!
  • Consider using AWS Direct Connect for each customer. But this will also depend on the availability of an AWS partner in that location of the customer. (Correct)
  • Allow each customer to connect via the Internet. Setup the right security groups and NACL?s for the application.

Answer : Consider using AWS Direct Connect for each customer. But this will also depend on the availability of an AWS partner in that location of the customer.

An organization is planning to setup a management network on the AWS VPC. The organization is trying to secure the web server on a single VPC instance such that it allows the internet traffic as well as the back-end management traffic. The organization wants to make so that the back-end management network interface can receive the SSH traffic only from a selected IP range, while the internet facing web server will have an IP address which can receive traffic from all the internet IPs. How can the organization achieve this by running web server on a single Instance?


Options are :

  • It is not possible to have 2 IP addresses for a single instance
  • This Is not possible
  • The organization should create 2 network Interfaces, one for the internet traffic and the other for the backend traffic (Correct)
  • The organization should create 2 EC2 instances as this is not possible with one EC2 instance

Answer : The organization should create 2 network Interfaces, one for the internet traffic and the other for the backend traffic

Your company is planning on hosting an Active Directory Domain server in a VPC. Resources in other VPC? will need to access the domain server for authentication and DNS routing. What Is the core implementation steps you would consider In such a design? Choose 2 answers from the options given below ?


Options are :

  • Consider a Hub and Spoke Model VPC Design (Correct)
  • Make use of a VPN connection
  • Consider a Transit VPC Design
  • Make use of VPC peering (Correct)

Answer : Consider a Hub and Spoke Model VPC Design Make use of VPC peering

Your company has a department that has set their own AWS account that is not part of the consolidating billing process for the company. They have setup a AWS Direct connect connection to a VPC via a Private VI They are downloading data from an EC2 Instance in the VPC. How would the charges come across?


Options are :

  • The department would be charged for data transfer out via AWS Direct Connect (Correct)
  • The department would be charged for data transfer out via the Internet gateway
  • The company would be charged for data transfer out via AWS Direct Connect
  • The company would be charged for data transfer out via the Internet gateway

Answer : The department would be charged for data transfer out via AWS Direct Connect

Your current web application is hosted on a set of EC2 Instances which are placed behind an application load balancer. All the Security groups and NACL?s have been put into place for tight security. What extra measure can be taken to ensure blocking of DDS attacks from malicious P addresses


Options are :

  • Consider placing the WAF service in front of the Application Load balancer v? (Correct)
  • Consider placing an AWS Shield service in front of the Application Load balancer
  • Consider adding the more restrictive rules to the Network ACL?s
  • Consider placing an AWS Private Link service In front of the Application Load balancer

Answer : Consider placing the WAF service in front of the Application Load balancer v?

You have been requested to use Cloud Formation to maintain version control and achieve automation for the applications In your organization. The environment will consist of several networking components and application services. What Is the best way to design the template.


Options are :

  • Combine all resources into one template for version control 3nc1 3utrr3tI
  • Create separate templates based on functionality, create nested stacks with Cloud formation. (Correct)
  • Create multiple templates in one Cloud Formation stack.
  • Use Cloud Formation custom resources to handle dependencies between stacks

Answer : Create separate templates based on functionality, create nested stacks with Cloud formation.

Which one of the following is not true about Amazon Cloud Front cache behaviors?


Options are :

  • Forward query strings to the origin, and cache based on all parameters in the query string.
  • Don?t forward query strings to the origin at all then Cloud Front doesn?t cache based on query string parameters.
  • For RTMP distributions, you can configure Cloud Front to forward query string parameters to your origin. (Correct)
  • Forward query strings to the origin, and cache based on specified parameters in the query string.

Answer : For RTMP distributions, you can configure Cloud Front to forward query string parameters to your origin.

You have a VPC and EC2 Instances hosted in the subnet. You need to diagnose layer 7 traffic and see which requests are ACCEPTED and REJECTED. Which of the following would help in fulfilling this requirement?


Options are :

  • Using Cloud watch logs
  • Enabling VPC Flow Logs (Correct)
  • Enabling Cloud Trail
  • Installing IDS on each Instance

Answer : Enabling VPC Flow Logs

A company is planning on using a Cloud front Distribution. The origin will be an 53 bucket They want to ensure that users cannot access the objects in the 53 bucket via the public URL of the bucket objects. How can you accomplish this? Please select:


Options are :

  • Create a Cloud front Origin identity which has access via the AM policy
  • Place an IAM policy which ensures that users cannot access the objects
  • Create a Cloud front Origin identity which has access via the bucket policy (Correct)
  • Create a separate lAM user that has access via the bucket policy

Answer : Create a Cloud front Origin identity which has access via the bucket policy

You?re planning on hosting an application on an Amazon Linux EC2 Instance. You have a requirement to reduce the amount of time it takes to process packets on the EC2 instance. Which of the following can be used for this requirement?


Options are :

  • Consider using Jumbo frames for packet transmission
  • Consider using an MTU of 12.000
  • Consider using the Data Plane Development Kit (Correct)
  • Use an Instance which supports the Windows AMI

Answer : Consider using the Data Plane Development Kit

Your IT Security department has deployed a firewall on an AWS EC2 Instance. They have mandated at all traffic from certain applications needs to move through the firewall. In such a case what considerations should be made for the EC2 instance for maximum performance?


Options are :

  • Driver support for the Intel Virtual function and Elastic Network Adapter (ENA)
  • Consider using an Amazon Linux AMI only
  • Consider using NACL?s
  • The underlying Instance type (Correct)

Answer : The underlying Instance type

You currently manage a set of web servers hosted on EC2 Servers with public IP addresses. These IP addresses are mapped to domain names. There was an urgent maintenance activity that had to be carried out on the servers and the servers had to be restarted. Now the web application hosted on these EC2 Instances is not accessible via the domain names configured earlier. Which of the following could be a reason for this?


Options are :

  • The Route53 hosted zone needs to be restarted.
  • The network interfaces need to be initialized again.
  • The public IP addresses need to be associated to the ENI again.
  • The public IP addresses have changed after the instance was stopped and started (Correct)

Answer : The public IP addresses have changed after the instance was stopped and started

Your company is planning on using an EC2 instance for handling voice related traffic. A custom application will be installed on a Linux based instance. Which of the following is an ideal implementation step to ensure Quality of Service for the voice based software


Options are :

  • Use a placement group for the EC2 Instance
  • Use a Network load balancer In front of the EC2 Instance
  • Use an Application load balancer in front of the EC2 instance
  • Enable Enhanced networking on the instance (Correct)

Answer : Enable Enhanced networking on the instance

You are using a Windows Server 2012 in your on-premise location as a customer gateway. You?ve setup the Virtual Private gateway and the VPN connection. You have also setup the VPN configuration on the Windows Server 2012 machine. But when you check the status of the tunnel in the AWS Console, it still shows as down. What needs to be done to ensure that the tunnel is in the UP state. ?


Options are :

  • From the AWS Console, choose the Virtual Private gateway. choose Actions->Bring up tunnel
  • Issue a ping command request from the Windows Server 2012 device
  • Ensure BGP routing protocol is setup on the Windows Server 2012 device
  • From the AWS Console, choose the VPN connection , choose Actions->Bring up tunnel (Correct)

Answer : From the AWS Console, choose the VPN connection , choose Actions->Bring up tunnel

Your company is planning on hosting their own VPN server in AWS. This will be hosted on an EC2 instance and using a software from the AWS Marketplace. You are tasked with ensuring optimal performance of the underlying VPN server. Which of the following aspects would you consider? Choose 2 answers from the options given below


Options are :

  • Understand the packet limitations In the infrastructure (Correct)
  • Ensure that the instance is using EBS optimized Volumes
  • Use a Network load balancer for scaling
  • Ensure that the instance is using Enhanced Networking (Correct)

Answer : Understand the packet limitations In the infrastructure Ensure that the instance is using Enhanced Networking

You?ve setup a set of EC2 Linux based instances in a placement group. You?ve chosen instances with Enhanced Networking enabled. You want to ensure that the maximum number of packets can be sent across the network interfaces. How could you achieve this.?


Options are :

  • Change the MTU setting on the ethernet interface for each instance (Correct)
  • Set the Placement Group settings to the maximum network packet size
  • Set the Network Access Control List to the maximum network packet size
  • Change the jumbo frame setting on the ethernet interface for each instance

Answer : Change the MTU setting on the ethernet interface for each instance

You work for an organization that has a Direct Connect Connection and a backup VPN connection. This has been setup Just recently. After setting it up, the traffic flow still prefers the VPN connection Instead of the Direct connection. You have pretended a longer AS_PATH on the VPN connection, but even then this connection is being preferred. Which of the below steps can be used to ensure the Direct Connect connection is used?.


Options are :

  • Reconfigure the VPN as a static VPN instead of dynamic.
  • Advertise a less specific prefix on the VPN connection (Correct)
  • Remove the pretended AS_PATH.
  • In crease the MED property on the VPN connection.

Answer : Advertise a less specific prefix on the VPN connection

Your architecture team has recommended the following for the VPC?s in your AWS Account A shared services VPC which would provide services to other VPCs A hosted VPC that will be accessible to the customer The hosted VPC will also interact with the shared services VPC. Which of the following should also be considered as part of the design. Choose 2 answers from the options given below. Each answer is an independent design solution?


Options are :

  • Use VPC peering between the shared services VPC and other VPC?s
  • Put the shared services VPC as public. Ensure the right security measures are in place for accessing the shared services. (Correct)
  • Create a VPN between each VPC. Ensure the Virtual private gateway is in place for the other VPCs
  • Ensure a virtual private link is available for accessing the Shared services VPC. (Correct)

Answer : Put the shared services VPC as public. Ensure the right security measures are in place for accessing the shared services. Ensure a virtual private link is available for accessing the Shared services VPC.

Your company is planning on deploying an EC2 instance which will be used to route VPN traffic to an on- premise data center. In such a scenario what is the responsibility of AWS?


Options are :

  • Ensuring high availability of the EC2 Instance
  • Ensuring the health of the underlying physical host
  • Ensuring high availability of the VPN connection (Correct)
  • Configuration of the IPSec protocol

Answer : Ensuring high availability of the VPN connection

Your company is planning on creating a private hosted zone in AWS. They need to ensure that on-premise devices can reach the resources defined in the private hosted zone. How can this be achieved , ensuring least effort Is put Into setting this up.


Options are :

  • Create an EC2 instance and install AD Domain services
  • Consider using Simple AD for resolving DNS requests (Correct)
  • Create an EC2 instance and install a DNS resolver
  • Convert the private hosted zone to a public one

Answer : Consider using Simple AD for resolving DNS requests

You have just recently set up a web and database tier in a VPC and hosted the application. When testing the application , you are not able to reach the home page for the app. You have verified the security groups. What can help you diagnose the issue,


Options are :

  • Use AWS Guard Duty to analyze the traffic
  • Use the AWS Trusted Advisor to see what can be done.
  • Use AWS WAF to analyze the traffic
  • Use VPC Flow logs to diagnose the traffic (Correct)

Answer : Use VPC Flow logs to diagnose the traffic

Your company is currently planning on using Route53 for managing Blue Green deployments. They have already setup an 80%-20% for a new deployment. How can you ensure to stop sending traffic to the older setup once all testing is complete?


Options are :

  • Change the resource record weight to 0 (Correct)
  • Delete the weighted resource record
  • Change the resource record weight to 100
  • Change the resource record to a simple routing policy

Answer : Change the resource record weight to 0

Your team is using applications that are hosted in 2 different regions in AWS. There are EC2 Instances that are performing a replication processes between the applications across regions via their respective Elastic IP?s. It is noticed that the current MTU Is 1500 and there is a need to increase the throughput for the replication traffic. How can this be achieved?


Options are :

  • This Is not possible (Correct)
  • Increase the MTU on the Instances
  • Install the Enhanced Networking modules on the instances
  • Create a VPN tunnel between the 2 VPCs and Increase the MTU on the instances

Answer : This Is not possible

Your management is planning on using AWS Cloud front to speed up distribution of contents to users from an S3 bucket. They are worried on the aspect on whether users will get the ideal response when they request for objects from Cloud front. What would you communicate to them as to how users would get content from Cloud front?


Options are :

  • If a user requests an object. the user is directed to the origin location for retrieval of the object.
  • As soon as the first byte arrives from the origin. Cloud Front begins to forward the files to the user (Correct)
  • If a user requests an object. only when the entire object is available, it is sent to the user. This is to ensure a correct end user experience
  • Amazon Cloud Front will respond with an HTTP 404 error.

Answer : As soon as the first byte arrives from the origin. Cloud Front begins to forward the files to the user

You have 2 VPC?s , VPC A and VPC B. Both the VPC?s have been peered. You have configured the route tables in VPC A so that traffic can flow from VPCA to VPCB. You try to ping an Instance In VPCB from VPCA, but are unable to do so. You have confirmed that the NACL?s and Security Groups have been configured property. What could be the reason for this issue?


Options are :

  • The VPC?s have overlapping CIDR blocks
  • Security Groups don?t work in peered VPC?S hence the requests will not work.
  • The route tables In VPCB have not been configured. (Correct)
  • NACL?s don?t work in peered VPC?S hence the requests will not work.

Answer : The route tables In VPCB have not been configured.

Your company has setup an AWS Direct Connect connection with the help of an AWS Partner. The customer gateway Is In an on-premise data center. Your operations department needs to be informed whenever the Direct Connect connection is down. How can you achieve this?


Options are :

  • Use Cloud watch logs to check for the state of the tunnel
  • Use the AWS Direct Connect tunnel logging facility to check for any failures
  • Use Cloud watch metrics to check for the state of the tunnel (Correct)
  • You will anyway be notified if the AWS Direct Connect connection is down.

Answer : Use Cloud watch metrics to check for the state of the tunnel

Your company is planning on setting up an AWS Direct Connect Connection and a VPN connection as a backup. Incase the AWS Direct Connect connection falls , then the traffic should be routed on the VPN line. What can be done to ensure this fall over happens as smoothly as possible.


Options are :

  • In AWS Direct Connect, make the VPN as the secondary device.
  • In AWS VPN , make AWS Direct Connect as the primary device
  • Enable BGP Routing
  • Enable Bidirectional Forwarding Detection (Correct)

Answer : Enable Bidirectional Forwarding Detection

You have created 3 VPC?s , VPC , VPC B and VPC C. There is a VPC peering connection between VPC A and VPC B and a separate peering connection between VPC B and VPC C. Which of the following is true with regards to this VPC peering arrangement?


Options are :

  • Instances launched In VPC A can reach Instances In VPC C
  • Instances launched in VPC A can reach instances in VPC C if the right Security Groups
  • Instances launched In VPC A can reach instances in VPC C via a proxy instance in VPC B (Correct)
  • Instances launched in VPC A can reach instances in VPC C if the right routing entries are present.

Answer : Instances launched In VPC A can reach instances in VPC C via a proxy instance in VPC B

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions