Practice ANS-C01 Exam Online

Question 1

A company runs a large-scale application on a feel of Amazon EC2 instances that ate distributed across several VPCs A Network Load Balancer (NLB) in a separate VPC routes traffic to the EC2 instances The NLB's VPC is peered to all the application VPCs

The application must process millions of requests each minute during times of peak utilization Users are reporting that the connections to the application are failing during peak times Monitoring shows an increase in port allocation errors on the NLB.

Which action will solve this issue with the LEAST change to the architecture?

A : Increase the number of EC2 instances in the target group

B : Create an Application Load Balancer for the target group

C : Add a new target group to the same NLB listener

D : Change the target group type to 'instance'

Answer: C

Question 2

The networking team at a company wants to do a Simple AD deployment and use it for the company's Microsoft Exchange email server. The team is having issues finding the AD server.

What is the most probable root cause behind this issue?

A :

You need to contact AWS to receive an MX record for the Microsoft Exchange email server

B : Simple AD does not support Microsoft Exchange

C : The Network Access Control List is blocking the traffic to the email server

D : TLS is not implemented

Answer: B

Question 3

A company hosts an application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company recently experienced a network security breach. A network engineer must collect and analyze logs that include the client IP address, target IP address, target port, and user agent of each user that accesses the application. What is the MOST operationally efficient solution that meets these requirements?

A : Configure the ALB to store logs in an Amazon S3 bucket. Download the files from Amazon S3, and use a spreadsheet application to analyze the logs.

B : Configure the ALB to push logs to Amazon Kinesis Data Streams. Use Amazon Kinesis Data Analytics to analyze the logs.

C : Configure Amazon Kinesis Data Streams to stream data from the ALB to Amazon OpenSearch Service (Amazon Elasticsearch Service). Use search operations in Amazon OpenSearch Service (Amazon Elasticsearch Service) to analyze the data.

D : Configure the ALB to store logs in an Amazon S3 bucket. Use Amazon Athena to analyze the logs in Amazon S3.

Answer: D

Question 4

A company provisions an AWS Direct Connect connection to permit access to Amazon EC2 resources in several Amazon VPCs and to data stored in private Amazon S3 buckets. The Network Engineer needs to configure the company's on-premises router for this Direct Connect connection.

Which of the following actions will require the LEAST amount of configuration overhead on the customer router?

A : Configure private virtual interfaces for the VPC resources and for Amazon S3.

B : Configure private virtual interfaces for the VPC resources and a public virtual interface for Amazon S3.

C : Configure a private virtual interface to a Direct Connect gateway for the VPC resources and for Amazon S3

D : Configure a private virtual interface to a Direct Connect gateway for the VPC resources and a public virtual interface for Amazon S3.

Answer: A

Question 5

A global delivery company is modernizing its fleet management system. The company has several business units. Each business unit designs and maintains applications that are hosted in its own AWS account in separate application VPCs in the same AWS Region. Each business unit's applications are designed to get data from a central shared services VPC. The company wants the network connectivity architecture to provide granular security controls. The architecture also must be able to scale as more business units consume data from the central shared services VPC in the future. Which solution will meet these requirements in the MOST secure manner?

A : Create a central transit gateway. Create a VPC attachment to each application VPC. Provide full mesh connectivity between all the VPCs by using the transit gateway.

B : Create VPC peering connections between the central shared services VPC and each application VPC in each business unit's AWS account.

C : Create VPC endpoint services powered by AWS PrivateLink in the central shared services VPCreate VPC endpoints in each application VPC.

D : Create a central transit VPC with a VPN appliance from AWS Marketplace. Create a VPN attachment from each VPC to the transit VPC. Provide full mesh connectivity among all the VPCs.

Answer: C

Name:	AWS Certified Advanced Networking Specialty
Exam Code:	ANS-C01
Certification:	AWS Certified Specialty
Vendor:	Amazon
Total Questions:	319
Last Updated:	Apr 25, 2024

Amazon ANS-C01