AWS ANS-C00 Certified Advanced Networking Practical Exam Set 3

Your company is planning on deploying an application to AWS. There is a requirement for high availability and low latency between the underlying instances that support the application. Which of the following would you not consider In your design?


Options are :

  • Place the instances in a placement group (Correct)
  • Enable Enhanced Networking on the instances
  • Use a Network load balancer in front of the instances
  • Deploy instances across multiple availability zones

Answer : Place the instances in a placement group

A company currently hosts their architecture in the US region. They now need to duplicate that architecture to the Europe region and extend the application hosted on this architecture to the new region. In order to ensures that users across the globe get the same seamless experience from either setup, what needs to be done?


Options are :

  • Create an Application Elastic Load Balancer is setup to route traffic to both locations
  • Create a geolocation RouteS3 policy to route the policy based on the location. (Correct)
  • Create a classic Elastic Load Balancer is setup to route traffic to both locations
  • Create a weighted Route53 policy to route the policy based on the weight age for each location

Answer : Create a geolocation RouteS3 policy to route the policy based on the location.

You have launched a couple of EC2 Instances in separate subnets. You are transferring data via the Public IP?s of the EC2 Instances. Both Instances are located in the same AZ. Instances are located in the us-east-i region. What would the data transfer charges?


Options are :

  • There are no data transfer charges for instances In the same AZ
  • There are no data transfer charges for instances in the same region
  • There will be a data transfer charge of $0.01/GB (Correct)
  • There is no data transfer charge for the internet

Answer : There will be a data transfer charge of $0.01/GB

Your company has a set of AWS Direct Connect connections. They want to aggregate the bandwidth of these connections to ensure that a large amount of data can be sent through the pipe. So a decision has been made to set up a link aggregation group. What are the factors that need to be considered when setting up the LAG group? Choose 2 answers from the options given below.


Options are :

  • You have to ensure that a VPN connection is also in place to attach to the LAG group
  • You have to ensure that all AWS Direct connect connections terminate at different AWS endpoint
  • You have to ensure that all AWS Direct connect connections terminate at the same AWS endpoint (Correct)
  • You have to ensure that the existing AWS Direct connect connections have the same bandwidth (Correct)

Answer : You have to ensure that all AWS Direct connect connections terminate at the same AWS endpoint You have to ensure that the existing AWS Direct connect connections have the same bandwidth

A company has a set of resources hosted in a VPC. They have acquired another company and they have their own set of resources hosted in AWS. The requirement now is to ensure that resources in the VPC of the parent company can access the resources In the VPC of the child company. What Is the best way to accomplish this with minimum costing involved?


Options are :

  • Establish a NAT gateway to establish communication across VPCs (Correct)
  • Use a VPN connection to peer both VPCS
  • Use VPC Peering to peer both VPC?s
  • Use a Direct Connect connection with a private V1F

Answer : Establish a NAT gateway to establish communication across VPCs

You?re in charge for setting up the AWS Direct Connect connection between your onpremise data center and an AWS Partner location. You need to ensure that your network can support the connection. What needs to be In check for this. Choose 3 answers from the options given below


Options are :

  • The network must have support for 802.1Q VLAN (Correct)
  • Auto-negotiation for the port must be disabled for the network device (Correct)
  • The network device must support BGP (Correct)
  • The network device must support Static Routing

Answer : The network must have support for 802.1Q VLAN Auto-negotiation for the port must be disabled for the network device The network device must support BGP

Your company is planning on setting up a VPN connection between a VPC hosted in AWS and their on premise data center. There is a need to ensure the VPN connection is highly available and at the same time to ensure cost is kept to a minimum. What would you do to ensure these requirements are kept?


Options are :

  • Create an additional Direct connect connection
  • Create 2 VPN connections for high availability
  • Create an additional VPC peering connection
  • VPN connections are already high available (Correct)

Answer : VPN connections are already high available

You have a database that is running on a large instance type. From a monitoring perspective it seems that the packets are getting lost and the instance is not delivering requests as desired. Initially a test was done to check the capacity of the server. At that time, the database server was able to take on the load. What could be the issue at this point in time?


Options are :

  • The right AMI was not chosen for the underlying instance
  • The instance was using accumulated network credits during the testing phase
  • The instance is not using a VPN tunnel for communication
  • There are internal database errors which are causing the timeouts. (Correct)

Answer : There are internal database errors which are causing the timeouts.

Your company has the requirement to host a set of High performance computing nodes. These nodes will be used to process images and videos. Which of the following should be considered during the implementation process? Choose 2 answers from the options given below. Please select:


Options are :

  • Consider using C5 instances (Correct)
  • Consider using t2.large Instances
  • Consider placing the instances in a placement group.
  • Consider using Linux based AMls Your answer is partially correct.

Answer : Consider using C5 instances

You have a set of instances setup in an AWS VPC. You need to ensure that instances in the VPC receive host names from the AWS DNS. You have set the enable DNs Hostname attribute set to true for your VPC. But the instances are still not receiving the host names when they are being launched. What could be the underlying issue?


Options are :

  • The enable DNs Support is not set to true for the VPC (Correct)
  • You need to configure a Route 53 public hosted zone first
  • You need to configure a Route 53 private hosted zone first
  • The Auto-Assign Public P is not set for the Subnet in which the Instance is launched

Answer : The enable DNs Support is not set to true for the VPC

You have setup a Cloud front distribution in AWS. You want to use the AWS Certification Manager along with Cloud front. You are setting up Cloud front, but you cannot see the ACM certificate that you created at an earlier stage to associate with the distribution. What could be the underlying issue?


Options are :

  • You have not uploaded or created the certificate in the right region (Correct)
  • You need to ensure that a CNAME record is created in Route 53 first
  • You need to ensure that an alias record is created in Route 53 first
  • You need to upload the certificate directly to Cloud front after the distribution is created

Answer : You have not uploaded or created the certificate in the right region

Your company is planning on using Route53 as the DNS provider. They want to ensure that their company domain name points to an existing Cloud front distribution. How this could be achieved. Please select:


Options are :

  • Create a non-alias record which points to the Cloud front distribution
  • Create an Alias record which points to the Cloud front distribution (Correct)
  • Create a CNAME record which points to the Cloud front distribution
  • Create a host record which points to the Cloud front distribution

Answer : Create an Alias record which points to the Cloud front distribution

A company is planning to setup an AWS Direct Connect connection to access resources in AWS via their on- premise data center. They are estimating the costs that would be involved. Which of the following should be taken Into account from a costing aspect for AWS Direct Connect? Choose 3 answers from the options given below


Options are :

  • Data transfer into AWS Direct Connect
  • Number of port hours consumed (Correct)
  • Data transfer from a VPC via a private VIF (Correct)
  • Data transfer from a 53 bucket via a public V1F (Correct)

Answer : Number of port hours consumed Data transfer from a VPC via a private VIF Data transfer from a 53 bucket via a public V1F

You are designing an online shopping application for your company. This application will be running in a VPC on EC2 instances behind an Application Load Balancer. The Instances run in an Auto Scaling group across multiple Availability Zones. The application tier must read and write data to a customer managed database cluster. There should be no access to the database from the Internet, but the cluster must be able to obtain software patches from the Internet. Which VPC design meets these requirements completely?


Options are :

  • Public subnets for the application tier and NAT Gateway. and private subnets for the database cluster (Correct)
  • Public subnets for both the application tier and the database cluster
  • Public subnets for the application tier, and private subnets for the database cluster and NAT gateway
  • Public subnets for the application tier, and private subnets for the database cluster and NAT Gateway

Answer : Public subnets for the application tier and NAT Gateway. and private subnets for the database cluster

An architecture consists of the following a) A primary and secondary infrastructure hosted in AWS. b) Both infrastructures consists of ELB, Auto scaling and EC2 resources How should Route53 be configured to ensure proper failover incase the primary infrastructure goes down.


Options are :

  • Configure a primary routing policy
  • Configure a Multi-Answer routing policy
  • Configure a failover routing policy (Correct)
  • Configure a weighted routing policy

Answer : Configure a failover routing policy

Your company has setup a Cloud front distribution. They are using multiple EC2 Instances as the origin. There is a requirement to ensure that cookies can be monitored in the requests. Based on the cookies, different sites can be relayed back to the users. Which of the following would help fulfill this requirement?


Options are :

  • Consider using proxy protocol
  • Consider using multiple origins
  • Consider using RTMP distributions
  • Consider using Lambda at the edge (Correct)

Answer : Consider using Lambda at the edge

A company has a requirement to send large amounts of data that needs to be ingested into S3. This needs to be done on a regular basis. Also the data transfer needs to be encrypted. The data transfer line needs to be low latency and dependable. How could you accomplish this?


Options are :

  • Use an AWS Managed VPN over AWS Direct Connect . (Correct)
  • Use AWS Direct Connect over an AWS Managed VPN
  • Use an AWS Direct Connect connection
  • Use an AWS VPN Managed connection

Answer : Use an AWS Managed VPN over AWS Direct Connect .

Your company is planning on hosting an application on a set of EC2 Instances. There is a requirement for complete end to end encryption for the data to ensure that the application is (HIPAA) compliant. How can you achieve this?


Options are :

  • Setup a VPN connection between the EC2 Instance and the Internet
  • Setup a Direct Connect connection between the EC2 Instance and the Internet
  • Ensure that the traffic is encrypted using KMS
  • Use SSL to encrypt all the data at the application layer (Correct)

Answer : Use SSL to encrypt all the data at the application layer

Your team is planning on hosting an application in AWS. This application will be using a My SQL database hosted on an EC2 Instance. It is anticipated that the disk performance might take a hit due to the high Input/ Output activity. How can you ensure baseline performance with low latency for the database tier?


Options are :

  • Ensure to use an Instance with Enhanced Networking enabled
  • Ensure to use the EFS file system
  • Ensure to use Amazon S3 for storage
  • Ensure to use EBS lops volumes (Correct)

Answer : Ensure to use EBS lops volumes

Your production team had earlier created a VPC with the CIDR block of 192.168.0.0./i 6. Instances were launched in the VPC. Now there is a decision to ensure the instances have an address space for 10.0.0.0/16. How can this be achieved?


Options are :

  • Launch a NAT Instance. Ensure that the instance performs Network address translation onto the CIDR range of 10.0.0.0/16
  • Change the address block of the VPC from 192.168.0.0.116 to 10.0.0.0/1 6. All of the instances will now use the new address space.
  • Create a new VPC with the address block of 10.0.0.0/16. Migrate all of the instances to the new VPC. (Correct)
  • Add a new address space to the VPC. Then ensure that the instances use the new address space

Answer : Create a new VPC with the address block of 10.0.0.0/16. Migrate all of the instances to the new VPC.

Your company needs to create its own VPN based EC2 Instances. These Instances will allow 2 VPC?s in different regions to talk to each other. You?ve created one VPN Instance In one subnet in one VPC and another Instance in another subnet in another VPC. You are establishing the communication via Internet gateway. What extra consideration should be in place in such a configuration?


Options are :

  • Placing a NAT Instance in front of both of the VPN connections
  • Placing a Virtual private gateway as the termination endpoint
  • Having multiple VPN Instances for high availability (Correct)
  • Using a Private hosted zone in Route 53

Answer : Having multiple VPN Instances for high availability

You have created a VPC Endpoint for your private subnet to S3. The default endpoint policy is in place. You are trying to access a bucket, but you?re getting an access denied error. What must be done. Please select:


Options are :

  • Add the VPC endpoint to the Endpoint policy to allow access to the S3 bucket
  • Add the VPC endpoint to the Bucket ACL
  • Add the VPC Endpoint to the S3 bucket policy (Correct)
  • Add the VPC to the 53 bucket policy

Answer : Add the VPC Endpoint to the S3 bucket policy

You have created an Application Load Balancer. You need to point your domain names of www.example.com and example.com to the Application Load Balancer. Your Hosted zone is example.com. How can you achieve this?


Options are :

  • Create one CNAME record for the ELB to www.example.com. And then create another PTR record to the E to example.com
  • Create an ALIAS record for the ELB and point it to example.com. Create a PTR record for www.example.cc and point it to exam ple.com
  • Create one CNAME record for the ELB to www.example.com. And then create another CNAME record to the ELB to example.com
  • Create an Alias record for example.com and point it to the ELB as the target. Create a CNAME record for www.example.com and point it to example.com (Correct)

Answer : Create an Alias record for example.com and point it to the ELB as the target. Create a CNAME record for www.example.com and point it to example.com

You are planning on creating a fault tolerant EC2 Instance by creating a secondary network interface and a backup EC2 Instance. Which of the following is a requirement to ensure the switch over can be done Qu successfully? Choose 2 answers from the options given below ?


Options are :

  • The instance must reside in a different Availability Zone
  • The network interface must reside in the same Availability Zone Sh (Correct)
  • The network Interface must reside In a different Availability Zone
  • The instance must reside in the same Availability Zone (Correct)

Answer : The network interface must reside in the same Availability Zone Sh The instance must reside in the same Availability Zone

You work for your company as an AWS administrator. You?ve setup a Classic Load balancer and EC2 Instances for an application. You have setup HTTPS listeners with the default security policies. Your Security department has mentioned that the security policy defined for the load balancer does not meet the regulations defined for the policy. What changes would you make to be in line with the requirements of the IT security department?


Options are :

  • Create a custom security policy and associate it with the Classic Load Balancer (Correct)
  • Create a new SSL and associate it with the underlying EC2 Instances
  • Create a custom security policy and associate it with the EC2 Instance
  • Create a new SSL and associate it with the underlying Classic Load balancer

Answer : Create a custom security policy and associate it with the Classic Load Balancer

Your company has setup a host of networking components in AWS. They have out stringent controls in place to ensure that these networking components are only changed by designated IT personnel. But they still need to get notified of any unwarranted access on networking components. Which of the following service can help in this requirement?


Options are :

  • AWS Cloud trail (Correct)
  • AWS VPC Flow Logs
  • AWS Inspector
  • AWS Trusted Advisor

Answer : AWS Cloud trail

You?ve setup an a Classic Load Balancer and EC2 Instances behind the Load Balancer. The following Security Groups have been set Security Group for the ELB - Accept Incoming traffic on port 80 from 0.0.0.0/0 Security Group for the EC2 Instances - Accept Incoming traffic on port 80 from 0.0.0.0/0 It has been noticed that the EC2 Instances are getting a large number of direct requests from the Internet. What should be done to resolve the issue.


Options are :

  • Change the EC2 Instance security group to only accept traffic from the ELB Security Group on port 80 (Correct)
  • Change the ELB security group to only accept traffic from the EC2 Instances on port 80
  • Change the EC2 Instance security group to only accept traffic from the ELB Security Group on port 443
  • Change the ELB security group to only accept traffic from the EC2 Instances on port 443

Answer : Change the EC2 Instance security group to only accept traffic from the ELB Security Group on port 80

Your company needs VPN connectivity to an AWS VPC. There are around 100 mobile devices , 40 remote computers and a site office which needs to connect. How would you achieve this connectivity? Choose 2 answers from the options given below


Options are :

  • Use AWS Direct Connect with a public VIF for the site office
  • Use AWS Managed VPN for the mobile and remote computers
  • Use AWS Managed VPN for the site office (Correct)
  • Use a custom VPN server to accept connections from the mobile and remote computers (Correct)

Answer : Use AWS Managed VPN for the site office Use a custom VPN server to accept connections from the mobile and remote computers

Your company has many VPC?s , one for Development, one for Staging, one for Production and one Management VPC. It is required for traffic to flow from the other VPC?s to the Management VPC?s. The VPC?s should also be traversable via the on-premise Infrastructure. How would you architect the solution with the least amount of effort?


Options are :

  • Create a VPN connection between the Management VPC and all other VPC5. Create a VPN connection between the Management VPC and the on-premise environment.
  • Create a Virtual Private gateway connection between all of the VPC?s. Create a VPN connection between Management VPC and the on-premise environment.
  • Creating a VPC peering connection between the VPC?s. Create a VPN connection between all the VPC?s and the on-premise environment. (Correct)
  • Creating a VPC peering connection between the VPCS. Create a VPN connection between the Management VPC and the on-premise environment.

Answer : Creating a VPC peering connection between the VPC?s. Create a VPN connection between all the VPC?s and the on-premise environment.

Your company has created an AWS Direct Connect connection. A virtual private gateway is attached to a VPC. Around 111 routes are being advertised on from On-premise. A private VIF Is being created to the VPGW. But the Virtual Interface Is always showing as down. What needs to be done to ensure the Interface comes back up.


Options are :

  • Ensure that a VPN connection Is also in place for the tunnel to become active.
  • Ensure less routes are being advertised. (Correct)
  • Ensure that static routes are put in place
  • Ensure that the P sec configuration is correct

Answer : Ensure less routes are being advertised.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions