AWS ANS-C00 Certified Advanced Networking Practical Exam Set 5

Your company is planning on trying out AWS Workspaces for 100 users. They want to use a directory service along with AWS workspaces. Which of the following would be the ideal option which will have a least administrative overhead and also be cost effective?


Options are :

  • Choose Simple AD to use along with AWS Workspaces (Correct)
  • Deploy an AD domain server in a VPC and configure AWS Workspace to use the newly created AD Domain server
  • Choose AWS Directory Service to use along with AWS Workspaces
  • Choose an AD connector to use along with AWS Workspaces

Answer : Choose Simple AD to use along with AWS Workspaces

You have a set of Instances in your VPC that communicate over the lPv6 protocol. You need to ensure that traffic can flow from the Instances to the Internet but not vice versa. How ca you achieve this?


Options are :

  • Use an Egress only Internet gateway (Correct)
  • Change the Internet gateway to only allow outbound traffic for lPvG
  • Change the Security Groups to not allow Inbound Traffic on the Instances
  • Change the NACL?s to not allow Inbound Traffic on the Instances

Answer : Use an Egress only Internet gateway

Your company currently has a VPC defined as 10.0.0.0/16. Subnets are defined in this VPC along with Instances created in the subnet. You need to ensure that resources In the VPC can resolve your on-premise DNS resources. How can you achieve this? Choose 2 answers from the options given below.


Options are :

  • Configure DHCP Options for your VPC to point to the EC2 Instance. (Correct)
  • Create a private hosted zone in Route53
  • Configure DHCP Options for your Subnet to point to the EC2 Instance.
  • Create an EC2 Instance in your VPC which will act as the DNS server (Correct)

Answer : Configure DHCP Options for your VPC to point to the EC2 Instance. Create an EC2 Instance in your VPC which will act as the DNS server

Your company currently uses NAT instances to route traffic for Instances in private subnets. They need to convert these to NAT gateways to increase the amount of bandwidth required. They want to automate the provision. How can you accomplish this?


Options are :

  • Use Cloud formatlon templates to replace the NAT Instances with NAT gateways (Correct)
  • Use Ops work to replace the NAT instances with NAT gateways
  • Use AWS Conflg to change the configuration of the NAT instance to a NAT gateway
  • Use AWS Inspector to replace the NAT instances with NAT gateways

Answer : Use Cloud formatlon templates to replace the NAT Instances with NAT gateways

You have a set of EC2 Instances that are deployed in a VPC. An application is hosted on these instances. There are some issues which keep on recurring In the application and you plan to inspect the packets being sent from the application to trace the error. How can you achieve this?


Options are :

  • Use Cloud trail
  • Use VPC Flow logs
  • Use an IDS (Correct)
  • Use Cloud watch Logs

Answer : Use an IDS

Which of the following can be used to control how far your routes gets advertised when using AWS Direct Connect and a public VIF?


Options are :

  • Use MED
  • Use AS_PATH pretending
  • Use BGP headers
  • Use BGP communities (Correct)

Answer : Use BGP communities

Your company is using a hosted virtual interface from its parent AWS Account. You need to mention to IT management on what charges your company will acquire. Which of the following would you mention?


Options are :

  • The port hour charges
  • The amount of hours used by the interface
  • The data transfer in
  • The data transfer out via the interface (Correct)

Answer : The data transfer out via the interface

Your company is planning on setting up an application that consists of EC2 Instances an Application Load Balancer and Cloud front. Your management is worried about DDOs attacks. Which of the following can help protect against such network attacks? Choose 3 answers from the options given below?


Options are :

  • Place the AWS WAF in front of the Application Load Balancer (Correct)
  • Place the AWS WAF in front of the Cloud front Distribution . (Correct)
  • Consider using AWS Shield Advanced (Correct)
  • Place the AWS WAF in front of the EC2 Instances

Answer : Place the AWS WAF in front of the Application Load Balancer Place the AWS WAF in front of the Cloud front Distribution . Consider using AWS Shield Advanced

You?ve setup VPC Flow logs for your EC2 Instance ENI in a subnet. You can see the below REJECT record in the VPC Flow logs. What does this indicate, 2123456789911 enl-abcl23de 172.31.9.69172.31.9.1249761 3389620424914185300101418530070 REJECT OK


Options are :

  • Someone was trying to log into the Instance via RDP (Correct)
  • A request was made on port 443 to the Instance
  • Someone was trying to log Into the Instance via SSH
  • A request was made on port 80 to the Instance

Answer : Someone was trying to log into the Instance via RDP

You are trying to send packets from an EC2 Instance to an on-premise server. The transmission is happening over the Internet. You have set Jumbo frames due to the size of the packets being sent. But the packets are being dropped. What needs to be done to ensure that the packets don?t get dropped?


Options are :

  • Ensure that the MTU is set to 9001
  • Ensure that the ?Do Not Fragment? flag is set In the lP header
  • Ensure that the ?Do Not Fragment? flag is not set in the IP header (Correct)
  • Enable Enhanced Networking on the Instance

Answer : Ensure that the ?Do Not Fragment? flag is not set in the IP header

You have two Direct Connect connections and two VPN connections to your network. Following are the details Site A is VPN 10.2.0.0/24 AS 65000 Site B is VPN 10.2.0.252/30 AS 65000 Site C is DX 10.0.0.0/8 AS 65000 65000 Site D is DX 10.0.0.0/16 AS 65000 65000 Which site will AWS choose to reach your network?


Options are :

  • Site B (Correct)
  • Site D
  • Site A
  • Site C

Answer : Site B

Your company is using a hosted virtual interface from its parent AWS Account. You need to mention to IT management on what charges your company will acquire. Which of the following would you mention?


Options are :

  • The amount of hours used by the interface
  • The port hour charges
  • The data transfer out via the interface (Correct)
  • The data transfer in

Answer : The data transfer out via the interface

You?re hosting an NGINX web server running on port 80 on an EC2 Instance. Users are not able to access the server running on port 80. Which of the following could be an issue ?


Options are :

  • The Security Group does not allow inbound traffic on ephemeral ports
  • The Security Group does not allow outbound traffic on port 80
  • The NACL don?t allow inbound traffic on ephemeral ports
  • The NACL dont allow outbound traffic on ephemeral ports (Correct)

Answer : The NACL dont allow outbound traffic on ephemeral ports

When configuring a Public VIF for AWS Direct Connect, which of the following is not required in the configuration


Options are :

  • Router Peer IP
  • Virtual Private Gateway (Correct)
  • VLAN ID
  • BGPASN

Answer : Virtual Private Gateway

Which of the following can be used to control how far your routes gets advertised when using AWS Direct Connect and a public VIF?


Options are :

  • Use BGP headers
  • Use AS....PATH pretending
  • Use MEDX
  • Use BGP communities (Correct)

Answer : Use BGP communities

You are currently configuring Route 53 routing policies. You want to create a record set for a group of Web servers In your AWS VPC. When a user requests for the resource record , they should be able to access any of the web servers defined in the VPC. Which of the following resource record would you create?


Options are :

  • Multivalue answer (Correct)
  • Weighted
  • Failover
  • Simple

Answer : Multivalue answer

You need to setup an EC2 Instance in a VPC. This EC2 needs to ensure that it can communicate both with a private and public subnet which are located in the same availability zone. Traffic in the private subnet can only be sent to this central EC2 Instance. How can you achieve this?


Options are :

  • Attach a secondary ENI to the Instance (Correct)
  • Assign a secondary IP to the ENI attached to the EC2 Instance
  • Attach an elastic IP to the Instance
  • Attach a public and private IP to the instance

Answer : Attach a secondary ENI to the Instance

You have a Cloud front distribution that has an S3 bucket as the origin. There is a requirement to add Security headers to the response before It can be relayed back to the user. How can you achieve this?


Options are :

  • Change the Behavior of the origin. Add a configuration for adding the security header
  • Create an OAI for the Cloud front distribution
  • Create a Lambda function that will run on the edge (Correct)
  • Make sure that the Viewer protocol is set to HTTPS

Answer : Create a Lambda function that will run on the edge

Your company is planning on creating a Direct Connect connection and also have a VPN as a backup connection. Which of the following must be done to ensure that the AWS Direct connect connection is the preferred path?


Options are :

  • Ensure that the longest prefix is advertised on AWS Direct connect
  • Ensure that prefixes are advertised the same on both connections (Correct)
  • Ensure that the shortest prefix is advertised on AWS Direct connect
  • Ensure that AS_PATH pre pending is configured on AWS Direct Connect

Answer : Ensure that prefixes are advertised the same on both connections

You have 2 VPC?s VPCA(1 72.16.0.0/16) and VPCB(10.0.0.0/16). You are planning on establishing VPC connecting peering. Which of the following routes need to be added to the route table for both VPC?s to ensure communication across VPC?s. Choose 2 answers from the options given below. Assume that the Target for the VPC Peering connection has an ID of pcx-1 122


Options are :

  • In the Route table for VPCA add a route of 172.16.0.0/16 and Target as pcx-1 122
  • In the Route table for VPCB add a route of 172.16.0.0/16 and Target as pcx-1 122 (Correct)
  • In the Route table for VPCB add a route of 10.0.0.0/16 and Target as pcx-1 122
  • In the Route table for VPCA add a route of 10.0,0.0/16 and Target as pcx1 122 (Correct)

Answer : In the Route table for VPCB add a route of 172.16.0.0/16 and Target as pcx-1 122 In the Route table for VPCA add a route of 10.0,0.0/16 and Target as pcx1 122

Your company has setup an application load balancer and various targets behind the ALB. But there are continuous problems at times wherein clients cannot connect to the ALB because of the white listing that is required to be done by the IT Security department. What changes can be made to the architecture to alleviate this problem.


Options are :

  • Assign a public IP to the Application Load Balancer
  • Place a Network Load balancer in front of the ALB (Correct)
  • Place a Network Load balancer behind the ALB
  • Assign an Elastic IP to the Application Load Balancer

Answer : Place a Network Load balancer in front of the ALB

You currently have setup a VPC and subnets in AWS. You have setup routes in the route table for traffic on the CIDR block of 0.0.0.0/0. You just want to establish communication across all hosts. But you notice that some applications are not working as desired. These are lpv6 based applications that are sitting across subnets in the VPC. What must be done to alleviate this issue?


Options are :

  • Add the default route of 172.132.0.0/16 to the Route table
  • Ensure that the route of 0.0.0.0/0 is removed and a more specific route is placed.
  • Remove the route of 0.0.0.0/0 and add the route of ::I0 instead to allow all communication.
  • Add a route for ::/0 to the route table as well (Correct)

Answer : Add a route for ::/0 to the route table as well

You?ve setup a VPN connection between your on-premise data center and AWS. You need to know how the VPN connection will cost. Which of the below is a factor to be considered when looking at the costing for VPN connections?


Options are :

  • Data Transfer in
  • VPN connection hours (Correct)
  • Virtual Private Gateway transfer out
  • Data Transfer Out

Answer : VPN connection hours

You have an application that consists of the following setup An EC2 Instance that supports the main front end part of the application An EC2 Instance that is used to process Images You are planning on using a load balancer to route requests based on the type of request and then route them to the respective servers. How can you accomplish this? Choose 2 answers from the options given below


Options are :

  • Create a TCP listener
  • Create a Classic load balancer
  • Create different target groups (Correct)
  • Create an Application load balancer (Correct)

Answer : Create different target groups Create an Application load balancer

You currently have setup a VPN configuration from your on-premise location to AWS. Your AWS VPC has a CIDR of 10.0.0.0/16 and a subnet of 10.0.1.0/24. Your On-premise location has a network of CIDR block of 10.0.37.0/24. The traffic is being dropped when it is being sent from the subnet instances to your on-premise location. Why could be the most probable reason in this case?


Options are :

  • You have not set Enhanced Networking on the Instances
  • The ?DO not fragmenr is set In the IP header
  • There is an overlap in prefixes (Correct)
  • The MTU is not set to 9001

Answer : There is an overlap in prefixes

You?ve currently configured health checks in Route 53. These health checks are being used for 2 of your on- premise web servers. The health checks are not working as desired. The health checks are continually failing. Which of the following could be a possible reason? Please select:


Options are :

  • Ensure that the NACL?s on the Subnets are allowing Inbound Traffic
  • Ensure that the Security groups on the Instances are allowing Inbound Traffic
  • Ensure that the Firewall on your On-premise environment is allowing Inbound Traffic (Correct)
  • This is not possible. You cannot enable health checks for non-AWS resources

Answer : Ensure that the Firewall on your On-premise environment is allowing Inbound Traffic

Your company is planning on testing out Amazon workspaces for their account. They are going to allocate a set of workstations with static IP addresses for this purpose. They need to ensure that only these IP addresses have access to Amazon Workspaces. How can you achieve this?


Options are :

  • Place a WAF In front of Amazon Workspaces
  • Specify the P addresses in the NACL
  • Specify the P addresses in the Security Group
  • Create an P access control group (Correct)

Answer : Create an P access control group

Your company currently has VPC?s located in us-west and us-east. The company has an AWS Direct Connect connection In the US East region. They want to have the ability to extend the connection to us-west. They also need to minimize time and effort to have this in place. How can this be achieved?


Options are :

  • Make use of the Direct Connect gateway (Correct)
  • Make use of an P Sec VPN
  • Create another AWS Direct Connect connection
  • Create a private VIF using the current connection

Answer : Make use of the Direct Connect gateway

You have created a NAT gateway to ensure that instances in your private subnet can download updates from the internet. But the instances are still not able to reach the internet even after the gateway has been created. Which of the following could be one of the underlying issue?


Options are :

  • The NAT gateway has not been created with the wrong AMI
  • The NAT gateway has been created In the public subnet
  • The NAT gateway has been created in the private subnet (Correct)
  • The NAT gateway has been created with the wrong Instance type

Answer : The NAT gateway has been created in the private subnet

You need to have instances created in a VPC which can support network speeds of up to 20 GPbs. Which of the following would be part of your implementation steps? Choose 2 answers from the options given below Please select:


Options are :

  • Create an Instance from an Instance type that supports the Intel 82599 VF interface
  • Create an Instance from an Instance type that supports Enhanced Networking (Correct)
  • Place the Instances in a placement group
  • Enable Enhanced Networking If not already done (Correct)

Answer : Create an Instance from an Instance type that supports Enhanced Networking Enable Enhanced Networking If not already done

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions