Free Amazon ANS-C01 Exam Questions

Question 1

An organization runs a consumer-facing website on AWS. The Amazon EC2-based web fleet is load balanced using the AWS Application Load Balancer, Amazon Route 53 is used to provide the public DNS services.

The following URLs need to server content to end users:

test.example.com

web.example.com

example.com

Based on this information, what combination of services must be used to meet the requirement? (Select two.)

A : th condition in ALB listener to route example.com to appropriate target groups.

B : t condition in ALB listener to route *.example.com to appropriate target groups.

C : t condition a ALB listener to route example.com to appropriate target groups.

D : th condition in ALB listener to route *.example.com to appropriate target groups.

E : t condition in ALB listener to route $$$$.example.com to appropriate target groups.

Answer: B,C

Question 2

A company uses AWS Network Firewall to protect outgoing traffic for multiple VPCs that are in the same AWS account. Each VPC contains Amazon EC2 instances that host the company's applications. Each EC2 instance is tagged with the name of the application it hosts. The EC2 instances are in Auto Scaling groups. A Network Firewall stateful rule group must remain up-to-date, even when an Auto Scaling group launches and terminates EC2 instances. Which solution will meet this requirement with the LEAST implementation and administrative effort?

A : Create a network ACL for each application. Reference the network ACL in the stateful rule group.

B : Create a prefix list for each application. Reference the prefix list in the stateful rule group.

C : Create an AWS Lambda function that queries the EC2 instance tags for each application name and then updates the stateful rule group with the IP address of each instance.

D : Create a resource group for each application name. Reference the Amazon Resource Name (ARN) for the resource groups in the stateful rule group.

Answer: B

Question 3

Company A recently acquired Company B. Company A has a hybrid AWS and on-premises environment that uses a hosted AWS Direct Connect connection, a Direct Connect gateway, and a transit gateway. Company A has a transit VIF to access the resources in its production environment in the us-east-1 Region. Company B has applications that run across multiple VPCs in the us-west-2 Region in a single AWS account. A transit gateway connects all Company B's application VPCs. The CIDR blocks for both companies do not overlap. Company A needs to use the existing Direct Connect connection to access Company Bs applications from the on-premises environment. Which solution will meet these requirements?

A : Create a new Direct Connect gateway in the Company B account. Associate the Company B transit gateway with the new Direct Connect gateway. Create a transit VIF on the existing hosted connection for Company B.

B : Create an association proposal from the Company B account to associate the Company B transit gateway with the Company A Direct Connect gateway. Accept the transit gateway association proposal by logging into the Company A account.

C : Create multiple virtual private gateways. Attach the virtual private gateways to each of Company B's application VPCs. Create a hosted private VIF for each virtual private gateway.

D : Create a new Direct Connect gateway in the Company B account. Associate the Company B transit gateway with the new Direct Connect gateway. Create a hosted private VIF for Company B.

Answer: B

Question 4

A company hosts a web application that runs on a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The company uses an Amazon CloudFront distribution with the ALB as an origin. The application recently experienced an attack. In response, the company associated an AWS WAF web ACL with the CloudFront distribution. The company needs to use Amazon Athena to analyze application attacks that AWS WAF detects. Which solution will meet this requirement?

A : Configure the ALB and the EC2 instance subnets to produce VPC flow logs. Configure the VPC flow logs to deliver logs to an Amazon S3 bucket for log analysis.

B : Create a trail in AWS CloudTrail to capture data events. Configure the trail to deliver logs to an Amazon S3 bucket for log analysis.

C : Configure the AWS WAF web ACL to deliver logs to an Amazon Kinesis Data Firehose delivery stream. Configure the stream to deliver the data to an Amazon S3 bucket for log analysis.

D : Turn on access logging for the ALB. Configure the access logs to deliver the logs to an Amazon S3 bucket for log analysis.

Answer: D

Question 5

A multi-player gaming application that runs on UDP protocol needs to add functionality where you can assign multiple players to a single session on a game server based on factors such as geographic location, player skill, and few more configurable parameters. The application is accessed by players spread out across different regions of the world.

What is the right way to configure this requirement?

A : Application Load Balancer (ALB) with sticky sessions enabled to maintain player session data. Configure Global Accelerator to front the ALB for cross-region elasticity

B : custom routing accelerator of Global Accelerator to deterministically route one or more users to a specific instance using VPC subnet endpoints

C : Use custom routing accelerator of Global Accelerator in front of Network Load Balancer (NLB) to route traffic that can maintain session data

D : custom routing accelerator of Global Accelerator to deterministically route one or more users to a specific instance using VPC sharing

Answer: B