Free Online Amazon ANS-C01 Practice Test

Prepare Your Amazon ANS-C01 Exam Questions with Free online ANS-C01 Practice Test. Get Brilliant AWS Certified Advanced Networking Specialty Exam Results with Valid ANS C01 Exam Dumps.

Page: 1 / 64

Total 319 Questions | Updated On: Apr 23, 2024

Question 1

You deploy an Amazon EC2 instance that runs a web server into a subnet in a VPC. An Internet gateway is attached, and the main route table has a default route (0.0.0.0/0) configured with a target of the Internet gateway.

The instance has a security group configured to allow as follows:

Protocol: TCP

Port: 80 inbound, nothing outbound

The Network ACL for the subnet is configured to allow as follows:

Protocol: TCP

Port: 80 inbound, nothing outbound

When you try to browse to the web server, you receive no response.

Which additional step should you take to receive a successful response?

A : Add an entry to the security group outbound rules for Protocol: TCP, Port Range: 80

B : Add an entry to the security group outbound rules for Protocol: TCP, Port Range: 1024-65535

C : Add an entry to the Network ACL outbound rules for Protocol: TCP, Port Range: 80

D : Add an entry to the Network ACL outbound rules for Protocol: TCP, Port Range: 1024-65535

Answer: D

Question 2

The Payment Card Industry Data Security Standard (PCI DSS) merchants that handle credit card data must use strong cryptography. These merchants must also use security protocols to protect sensitive data during transmission over public networks.

You are migrating your PCI DSS application from on-premises SSL appliance and Apache to a VPC behind Amazon CloudFront.

How should you configure CloudFront to meet this requirement?

A : Configure the CloudFront Cache Behavior to require HTTPS and the CloudFront Origin's Protocol Policy to 'Match Viewer'.

B : Configure the CloudFront Cache Behavior to allow TCP connections and to forward all requests to the origin without TLS termination at the edge.

C : Configure the CloudFront Cache Behavior to require HTTPS and to forward requests to the origin via AWS Direct Connect.

D : Configure the CloudFront Cache Behavior to redirect HTTP requests to HTTPS and to forward request to the origin via the Amazon private network.

Answer: A

Question 3

A company has an application running on Amazon EC2 instances in a VPC The application must publish custom metrics to Amazon CloudWatch in the same AWS Region The metrics include proprietary information All connectivity must be over private IP addresses.

Which solution will meet these requirements'?

A : Connect to CloudWatch through a NAT gateway

B : Connect to CloudWatch through a gateway endpoint

C : Connect to CloudWatch through an internet gateway

D : Connect to CloudWatch through an interface endpoint

Answer: D

Question 4

A Network Engineer needs to create a public virtual interface on the company's AWS Direct Connect connection and only import routes which originated from the same region as the Direct Connect location.

What action should accomplish this?

A : Configure a prefix list on the customer router containing the AWS IP address ranges for the specific region.

B : Configure a filter on the company's router to only import routes with the 7224:8100 BGP community attribute.

C : Configure a filter on the company's router to only import routes without a BGP community attribute and a maximum path length of 3.

D : Configure a filter in the console and only allow routes advertised by AWS without a BGP community attribute and a maximum path length of 3.

Answer: B

Question 5

A company has established an AWS Direct Connect connection between its customer gateway at its on-premises data center and a virtual private gateway m the AWS Cloud The BGP routing protocol configuration includes the Autonomous System Number {ASN) of 7224 on the AWS end of the connection and the BGP ASN of 65004 on the company end of the connection

The company's IT administrators report that servers that run at the on-premises data center are not able to communicate with the company's web application that runs on a fleet of Amazon EC2 Instances A network engineer performs initial troubleshooting The network engineer finds that the private VIF is operational and that there is a fully established BGP peering session However, the company still cannot route traffic over the private VIF

Which of the following is a possible cause of this connectivity issue?

A : Firewall or ACL rules are blocking TCP pod 179 or are blocking high-numbered ephemeral TCP pons

B : The provider is advertising 50 prefixes for private VIFs

C : VPC route tables am lacking prefixes that point to the virtual private gateway to which the private VIF is connected

D : Peer IP addresses for both sides of the BGP peering session are not configured correctly.

Answer: C

Page: 1 / 64

Total 319 Questions | Updated On: Apr 23, 2024