ANS-C00 free questions – AWS Certified Advanced Networking Specialty Exam

Are you preparing for your ANS-C00 AWS Certified Advanced Networking Specialty Exam? If you are worried about passing your ANS-C00 exam, you can get the ANS-C00 free questions from Passquestion to practice, if you study Passquestion ANS-C00 full version, we ensure you can pass your exam successfully.

Exam Title                  : ANS-C00 AWS Certified Advanced Networking Specialty Exam
Duration of Exam        : 250 minutes
Number of Questions : 184 (Multiple Choice)
Passing score              : 75% (130 out of 184)
Exam Format              : Multiple-Choice

ANS-C00 free questions – AWS Certified Advanced Networking Specialty Exam

1. Your organization’s corporate website must be available on www.acme.com and acme.com.

How should you configure Amazon Route 53 to meet this requirement?

 
 
 
 

2. You are building an application in AWS that requires Amazon Elastic MapReduce (Amazon EMR). The application needs to resolve hostnames in your internal, on-premises Active Directory domain. You update your DHCP Options Set in the VPC to point to a pair of Active Directory integrated DNS servers running in your VPC.

Which action is required to support a successful Amazon EMR cluster launch?

 
 
 
 

3. You have a three-tier web application with separate subnets for Web, Applications, and Database tiers. Your CISO suspects your application will be the target of malicious activity. You are tasked with notifying the security team in the event your application is port scanned by external systems.

Which two AWS Services cloud you leverage to build an automated notification system? (Select two.)

 
 
 
 
 

4. You are designing the network infrastructure for an application server in Amazon VPC. Users will access all the application instances from the Internet and from an on-premises network. The on-premises network is connected to your VPC over an AWS Direct Connect link.

How should you design routing to meet these requirements?

 
 
 
 

5. Your company decides to use Amazon S3 to augment its on-premises data store. Instead of using the company’s highly controlled, on-premises Internet gateway, a Direct Connect connection is ordered to provide high bandwidth, low latency access to S3. Since the company does not own a publically routable IPv4 address block, a request was made to AWS for an AWS-owned address for a Public Virtual Interface (VIF).

The security team is calling this new connection a “backdoor”, and you have been asked to clarify the risk to the company.

Which concern from the security team is valid and should be addressed?

 
 
 
 

6. Your organization uses a VPN to connect to your VPC but must upgrade to a 1-G AWS Direct Connect connection for stability and performance. Your telecommunications provider has provisioned the circuit from your data center to an AWS Direct Connect facility and needs information on how to cross-connect (e.g., which rack/port to connect).

What is the AWS-recommended procedure for providing this information?

 
 
 
 

7. You manage a web service that is used by client applications deployed in 300 offices worldwide. The web service architecture is an Elastic Load balancer (ELB) distributing traffic across four application servers deployed in an autoscaling group across two availability zones.

The ELB is configured to use round robin, and sticky sessions are disabled. You have configured the NACLs and Security Groups to allow port 22 from your bastion host, and port 80 from 0.0.0.0/0. The client configuration is managed by each regional IT team.

Upon inspection you find that a large amount of requests from incorrectly configured sites are causing a single application server to degrade. The remainder of the requests are equally distributed across all servers with no negative effects.

What should you do to remedy the situation and prevent future occurrences?

 
 
 
 

8. A multinational organization has applications deployed in three different AWS regions. These applications must securely communicate with each other by VPN.

According to the organization’s security team, the VPN must meet the following requirements:

– AES 128-bit encryption

– SHA-1 hashing

– User access via SSL VPN

– PFS using DH Group 2

– Ability to maintain/rotate keys and passwords

– Certificate-based authentication

Which solution should you recommend so that the organization meets the requirements?

 
 
 
 

9. A legacy, on-premises web application cannot be load balances effectively. There are both planned and unplanned events that cause usage spikes to millions of concurrent users. The existing infrastructure cannot handle the usage spikes. The CIO has mandated that the application be moved to the cloud to avoid further disruptions, with the additional requirement that source IP addresses be unaltered to support network traffic-monitoring needs.

Which of the following designs will meet these requirements?

 
 
 
 

10. An organization processes consumer information submitted through its website. The organization’s security policy requires that personally identifiable information (PII) elements are specifically encrypted at all times and as soon as feasible when received. The front-end Amazon EC2 instances should not have access to decrypted PII. A single service within the production VPC must decrypt the PII by leveraging an iAM role.

Which combination of services will support these requirement? (Select two.)

 
 
 
 
 

AWS-SysOps Free Dumps - AWS Certified SysOps Administrator – Associate
AWS Certified Big Data - Specialty exam free questions

Leave a Reply

Your email address will not be published. Required fields are marked *