Free Amazon ANS-C01 Exam Questions

Question 1

Company A recently acquired Company B. Company A has a hybrid AWS and on-premises environment that uses a hosted AWS Direct Connect connection, a Direct Connect gateway, and a transit gateway. Company A has a transit VIF to access the resources in its production environment in the us-east-1 Region. Company B has applications that run across multiple VPCs in the us-west-2 Region in a single AWS account. A transit gateway connects all Company B's application VPCs. The CIDR blocks for both companies do not overlap. Company A needs to use the existing Direct Connect connection to access Company Bs applications from the on-premises environment. Which solution will meet these requirements?

A : Create a new Direct Connect gateway in the Company B account. Associate the Company B transit gateway with the new Direct Connect gateway. Create a transit VIF on the existing hosted connection for Company B.

B : Create an association proposal from the Company B account to associate the Company B transit gateway with the Company A Direct Connect gateway. Accept the transit gateway association proposal by logging into the Company A account.

C : Create multiple virtual private gateways. Attach the virtual private gateways to each of Company B's application VPCs. Create a hosted private VIF for each virtual private gateway.

D : Create a new Direct Connect gateway in the Company B account. Associate the Company B transit gateway with the new Direct Connect gateway. Create a hosted private VIF for Company B.

Answer: B

Question 2

A company is planning to migrate to AWS and use multiple VPCs in multiple AWS Regions. A network engineer must connect the eu-west-1 and eu-central-1 Regions to the company headquarters and branch office, respectively. The network engineer created a production VPC, named Prod A, with a CIDR block of 10.0.0.0. Prod A runs in an account in eu-west-1. The network engineer then created another production VPC, named Prod B, with a CIDR block of 10.1.0.0. Prod Ð’ runs in a different account in eu-central-1. The network engineer performed the following steps to try to achieve the required connectivity: 1. Created one transit gateway in each Region2. Shared and accepted the transit gateways with the production accounts in both Regions3. Configured the peering attachment between both transit gateways4. Attached both VPCs to the respective Region transit gateway5. Created both transit gateway route tables and associated the attachments with the route tables6. Configured a static route in both transit gateway route tables to send traffic to the remote VPC in the other Region7. Activated route propagation on the VPC route tables in each Region After the configuration, the network engineer tried to connect from Prod A to Prod B. However, the connection was unsuccessful. What should the network engineer do to achieve the required connectivity?

A : Modify the IP address of the peering attachment to a wider range.

B : Delete the static routes that were in the transit gateway route table to send traffic to the remote VPC and enable route propagation instead.

C : Create a new route destined to 10.0.0.0 in both production VPC route tables with the Region transit gateway as the target.

D : Modify the transit gateway route tables from the production accounts to propagate routes dynamically between the production VPCs.

Answer: C

Question 3

An application team for a startup company is deploying a new multi-tier application into the AWS Cloud. The application will be hosted on a fleet of Amazon EC2 instances that run in an Auto Scaling group behind a publicly accessible Network Load Balancer (NLB). The application requires the clients to work with UDP traffic and TCP traffic. In the near term, the application will serve only users within the same geographic location. The application team plans to extend the application to a global audience and will move the deployment to multiple AWS Regions around the world to bring the application closer to the end users. The application team wants to use the new Regions to deploy new versions of the application and wants to be able to control the amount of traffic that each Region receives during these rollouts. In addition, the application team must minimize first-byte latency and jitter (randomized delay) for the end users. How should the application team design the network architecture for the application to meet these requirements?

A : Create an Amazon CloudFront distribution to align to each Regional deployment. Set the NLB for each Region as the origin for each CloudFront distribution. Use an Amazon Route 53 weighted routing policy to control traffic to the newer Regional deployments.

B : Create an AWS Global Accelerator accelerator and listeners for the required ports. Configure endpoint groups for each Region. Configure a traffic dial for the endpoint groups to control traffic to the newer Regional deployments. Register the NLBs with the endpoint groups.

C : Use Amazon S3 Transfer Acceleration for the application in each Region. Adjust the amount of traffic that each Region receives from the Transfer Acceleration endpoints to the Regional NLBs.

D : Create an Amazon CloudFront distribution that includes an origin group. Set the NLB for each Region as the origins for the origin group. Use an Amazon Route 53 latency routing policy to control traffic to the new Regional deployments.

Answer: B

Question 4

A company has developed a web service for language translation. The web service's application runs on a fleet of Amazon EC2 instances that are in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) and are deployed in a private subnet. The web service can process requests that contain hundreds of megabytes of data. The company needs to give some customers the ability to access the web service. Each customer has its own AWS account. The company must make the web service accessible to approved customers without making the web service accessible to all customers. Which combination of steps will meet these requirements with the LEAST operational overhead? (Choose two.)

A : Create VPC peering connections with the approved customers only.

B : Create an AWS PrivateLink endpoint service. Configure the endpoint service to require acceptance that will be granted to approved customers only.

C : Configure an authentication action for the endpoint service's load balancer to allow customers to log in by using their AWS credentials. Provide only approved customers with the URL.

D : Configure a Network Load Balancer (NLB) and a listener with the ALB as a target. Associate the NLB with the endpoint service.

E : Associate the ALB with the endpoint service.

Answer: B,D

Question 5

A company has configured an AWS Cloud WAN core network with edge locations in the us-east-1 Region and the us-west-1 Region. Each edge location has two segments: development and staging. The segments use the default core network policy. The company has attached VPCs to the core network. A development VPC is attached to the development segment in us-east-1 and is configured to use the 10.0.0.0 CIDR block. A staging VPC is attached to the staging segment in us-west-1 and is configured to use the 10.5.0.0 CIDR block. The company has updated the route tables for both VPCs with a route that directs any traffic for 0.0.0.0/0 to the core network. The companys network team needs to establish communication between the two VPCs by using the AWS Cloud WAN core network. The network team is not receiving a response during tests of communication between the VPCs. The network team has verified that security groups and network ACLs are not blocking the traffic. What should the network team do to establish this communication?

A : Update both VPC route tables to have a new static route. Configure a route on the development VPC to direct the traffic for 10.0.0.0 to the development VPC attachment. Configure a route on the staging VPC to direct the traffic for 10.5.0.0 to the staging VPC attachment.

B : Update the segment filter to allow traffic on the development and staging segments.

C : Set the isolate-attachments parameter to False for the development and staging segments.

D : Update the core network policy to add a static route for each segment. Configure a route to direct the traffic for 10.0.0.0 to the development VPC attachment. Configure a route to direct the traffic for 10.5.0.0 to the staging VPC attachment.

Answer: D