Free Amazon ANS-C01 Exam Questions

Question 1

A company uses AWS Direct Connect to connect its corporate network to multiple VPCs in the same AWS account and the same AWS Region. Each VPC uses its own private VIF and its own virtual LAN on the Direct Connect connection. The company has grown and will soon surpass the limit of VPCs and private VIFs for each connection. What is the MOST scalable way to add VPCs with on-premises connectivity?

A : ovision a new Direct Connect connection to handle the additional VPCs. Use the new connection to connect additional VPCs.

B : eate virtual private gateways for each VPC that is over the service quota. Use AWS Site-to-Site VPN to connect the virtual private gateways to the corporate network.

C : eate a Direct Connect gateway, and add virtual private gateway associations to the VPCs. Configure a private VIF to connect to the corporate network.

D : eate a transit gateway, and attach the VPCs. Create a Direct Connect gateway, and associate it with the transit gateway. Create a transit VIF to the Direct Connect gateway.

Answer: D

Question 2

You deploy an Amazon EC2 instance that runs a web server into a subnet in a VPC. An Internet gateway is attached, and the main route table has a default route (0.0.0.0/0) configured with a target of the Internet gateway.

The instance has a security group configured to allow as follows:

Protocol: TCP

Port: 80 inbound, nothing outbound

The Network ACL for the subnet is configured to allow as follows:

Protocol: TCP

Port: 80 inbound, nothing outbound

When you try to browse to the web server, you receive no response.

Which additional step should you take to receive a successful response?

A : an entry to the security group outbound rules for Protocol: TCP, Port Range: 80

B : an entry to the security group outbound rules for Protocol: TCP, Port Range: 1024-65535

C : an entry to the Network ACL outbound rules for Protocol: TCP, Port Range: 80

D : an entry to the Network ACL outbound rules for Protocol: TCP, Port Range: 1024-65535

Answer: D

Question 3

A company uses an AWS Site-to-Site VPN to connect its corporate network The company recently added an AWS Direct Connect connection A network engineer wants all traffic to use the Direct Connect connection and for the VPN to be used as backup However after the Direct Connect connection was added traffic continued to pass through the VPN connection

What should the network engineer do to route the traffic through the Direct Connect connection'?

A : routes to the VPC route tables that specify the Direct Connect connection

B : t local preference BGP community tags on the on-premises router

C : vertise the same network routes over the Direct Connect connection and VPN connection

D : ure the Direct Connect connection AS_PATH is longer than the VPN connection AS_PATH

Answer: C

Question 4

The security team in its report has flagged malicious activity from 100 random IP addresses for malicious activity. As a network security engineer, you have to ensure the safety and accessibility of the AWS resources.

Which of the following actions would you suggest to ensure safety from such types of threats?

A : Route Table propagation to pass the data of malicious IP addresses to the network routers and block them using WAF

B : inbound Network ACL rules of the VPC to block the IP addresses

C : AWS WAF rate-based rule capability to block the IP addresses

D : inbound security group rules of the VPC to block the IP addresses

Answer: C

Question 5

Your company has set up AWS Direct Connect to connect on-premises to an Amazon VPC instance. Two Direct Connect connections terminate at two different Direct Connect locations. You are using two routers, R1 and R2, at your end (one of each Direct Connect connection). R1 and R2 do NOT have connectivity between them. Both routers advertise the same routers over BGP to the VGW. You have a stateful firewall on each router. The routers drop some of the traffic coming from the VPC.

Which two actions should you take to fix this problem? (Select two.)

A : BGP AS prepend attribute to prepend additional AS numbers while advertising routers from R1 to VGW.

B : BGP local preference attribute to assign R1 to a lower local preference number than R2.

C : BGP local preference attribute to assign R1 a higher local preference number than R2.

D : BGP MED attribute to assign a higher MED value to the routes advertised R1 to VGW.

E : BGP MED attribute to assign a higher MED value to the routes advertised from R2 to VGW.

Answer: A,D