Free Amazon ANS-C01 Exam Questions

Question 1

A company has configured an AWS Cloud WAN core network with edge locations in the us-east-1 Region and the us-west-1 Region. Each edge location has two segments: development and staging. The segments use the default core network policy. The company has attached VPCs to the core network. A development VPC is attached to the development segment in us-east-1 and is configured to use the 10.0.0.0 CIDR block. A staging VPC is attached to the staging segment in us-west-1 and is configured to use the 10.5.0.0 CIDR block. The company has updated the route tables for both VPCs with a route that directs any traffic for 0.0.0.0/0 to the core network. The companys network team needs to establish communication between the two VPCs by using the AWS Cloud WAN core network. The network team is not receiving a response during tests of communication between the VPCs. The network team has verified that security groups and network ACLs are not blocking the traffic. What should the network team do to establish this communication?

A : Update both VPC route tables to have a new static route. Configure a route on the development VPC to direct the traffic for 10.0.0.0 to the development VPC attachment. Configure a route on the staging VPC to direct the traffic for 10.5.0.0 to the staging VPC attachment.

B : Update the segment filter to allow traffic on the development and staging segments.

C : Set the isolate-attachments parameter to False for the development and staging segments.

D : Update the core network policy to add a static route for each segment. Configure a route to direct the traffic for 10.0.0.0 to the development VPC attachment. Configure a route to direct the traffic for 10.5.0.0 to the staging VPC attachment.

Answer: D

Question 2

A company has configured an AWS Cloud WAN core network with edge locations in the us-east-1 Region and the us-west-1 Region. Each edge location has two segments: development and staging. The segments use the default core network policy. The company has attached VPCs to the core network. A development VPC is attached to the development segment in us-east-1 and is configured to use the 10.0.0.0 CIDR block. A staging VPC is attached to the staging segment in us-west-1 and is configured to use the 10.5.0.0 CIDR block. The company has updated the route tables for both VPCs with a route that directs any traffic for 0.0.0.0/0 to the core network. The companys network team needs to establish communication between the two VPCs by using the AWS Cloud WAN core network. The network team is not receiving a response during tests of communication between the VPCs. The network team has verified that security groups and network ACLs are not blocking the traffic. What should the network team do to establish this communication?

A : Update both VPC route tables to have a new static route. Configure a route on the development VPC to direct the traffic for 10.0.0.0 to the development VPC attachment. Configure a route on the staging VPC to direct the traffic for 10.5.0.0 to the staging VPC attachment.

B : Update the segment filter to allow traffic on the development and staging segments.

C : Set the isolate-attachments parameter to False for the development and staging segments.

D : Update the core network policy to add a static route for each segment. Configure a route to direct the traffic for 10.0.0.0 to the development VPC attachment. Configure a route to direct the traffic for 10.5.0.0 to the staging VPC attachment.

Answer: D

Question 3

A company has established an AWS Direct Connect connection between its customer gateway at its on-premises data center and a virtual private gateway m the AWS Cloud The BGP routing protocol configuration includes the Autonomous System Number {ASN) of 7224 on the AWS end of the connection and the BGP ASN of 65004 on the company end of the connection

The company's IT administrators report that servers that run at the on-premises data center are not able to communicate with the company's web application that runs on a fleet of Amazon EC2 Instances A network engineer performs initial troubleshooting The network engineer finds that the private VIF is operational and that there is a fully established BGP peering session However, the company still cannot route traffic over the private VIF

Which of the following is a possible cause of this connectivity issue?

A : rewall or ACL rules are blocking TCP pod 179 or are blocking high-numbered ephemeral TCP pons

B : provider is advertising 50 prefixes for private VIFs

C : route tables am lacking prefixes that point to the virtual private gateway to which the private VIF is connected

D : er IP addresses for both sides of the BGP peering session are not configured correctly.

Answer: C

Question 4

A company has developed a web service for language translation. The web service's application runs on a fleet of Amazon EC2 instances that are in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) and are deployed in a private subnet. The web service can process requests that contain hundreds of megabytes of data. The company needs to give some customers the ability to access the web service. Each customer has its own AWS account. The company must make the web service accessible to approved customers without making the web service accessible to all customers. Which combination of steps will meet these requirements with the LEAST operational overhead? (Choose two.)

A : Create VPC peering connections with the approved customers only.

B : Create an AWS PrivateLink endpoint service. Configure the endpoint service to require acceptance that will be granted to approved customers only.

C : Configure an authentication action for the endpoint service's load balancer to allow customers to log in by using their AWS credentials. Provide only approved customers with the URL.

D : Configure a Network Load Balancer (NLB) and a listener with the ALB as a target. Associate the NLB with the endpoint service.

E : Associate the ALB with the endpoint service.

Answer: B,D

Question 5

An application team for a startup company is deploying a new multi-tier application into the AWS Cloud. The application will be hosted on a fleet of Amazon EC2 instances that run in an Auto Scaling group behind a publicly accessible Network Load Balancer (NLB). The application requires the clients to work with UDP traffic and TCP traffic. In the near term, the application will serve only users within the same geographic location. The application team plans to extend the application to a global audience and will move the deployment to multiple AWS Regions around the world to bring the application closer to the end users. The application team wants to use the new Regions to deploy new versions of the application and wants to be able to control the amount of traffic that each Region receives during these rollouts. In addition, the application team must minimize first-byte latency and jitter (randomized delay) for the end users. How should the application team design the network architecture for the application to meet these requirements?

A : Create an Amazon CloudFront distribution to align to each Regional deployment. Set the NLB for each Region as the origin for each CloudFront distribution. Use an Amazon Route 53 weighted routing policy to control traffic to the newer Regional deployments.

B : Create an AWS Global Accelerator accelerator and listeners for the required ports. Configure endpoint groups for each Region. Configure a traffic dial for the endpoint groups to control traffic to the newer Regional deployments. Register the NLBs with the endpoint groups.

C : Use Amazon S3 Transfer Acceleration for the application in each Region. Adjust the amount of traffic that each Region receives from the Transfer Acceleration endpoints to the Regional NLBs.

D : Create an Amazon CloudFront distribution that includes an origin group. Set the NLB for each Region as the origins for the origin group. Use an Amazon Route 53 latency routing policy to control traffic to the new Regional deployments.

Answer: B