Free Amazon ANS-C01 Exam Questions

Question 1

A company has an on-premises data center in the United States. The data center is connected to AWS by an AWS Direct Connect connection. The data center has a private VIF that is connected to a Direct Connect gateway. Recently, the company opened a new data center in Europe and established a new Direct Connect connection between the Europe data center and AWS. A new private VIF connects to the existing Direct Connect gateway. The company wants to use Direct Connect SiteLink to set up a private network between the data center in the United States and the data center in Europe. Which solution will meet these requirements in the MOST operationally efficient manner?

A : Create a new public VIF from each data center. Enable SiteLink on the new public VIFs.

B : Create a new transit VIF from each data center. Enable SiteLink on the new transit VIFs.

C : Use the existing VIF from each data center. Enable SiteLink on the existing private VIFs.

D : Create a new AWS Site-to-Site VPN connection between the data centers. Configure the new connection to use SiteLink.

Answer: C

Question 2

A company hosts an application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company recently experienced a network security breach. A network engineer must collect and analyze logs that include the client IP address, target IP address, target port, and user agent of each user that accesses the application. What is the MOST operationally efficient solution that meets these requirements?

A : nfigure the ALB to store logs in an Amazon S3 bucket. Download the files from Amazon S3, and use a spreadsheet application to analyze the logs.

B : nfigure the ALB to push logs to Amazon Kinesis Data Streams. Use Amazon Kinesis Data Analytics to analyze the logs.

C : nfigure Amazon Kinesis Data Streams to stream data from the ALB to Amazon OpenSearch Service (Amazon Elasticsearch Service). Use search operations in Amazon OpenSearch Service (Amazon Elasticsearch Service) to analyze the data.

D : nfigure the ALB to store logs in an Amazon S3 bucket. Use Amazon Athena to analyze the logs in Amazon S3.

Answer: D

Question 3

The networking team at a company wants to set up two AWS Direct Connect connections between its on-premises data center and the AWS Cloud. The Direct Connect connections need to be set up in an Active/Passive configuration from a public virtual interface using a private ASN.

As an AWS Certified Networking Specialist, which solution would you recommend for this requirement?

A : t up the customer gateway to advertise the longer prefix on your secondary connection

B : t up the customer gateway to advertise the longer prefix on your primary connection

C : Set up the customer gateway to advertise the same prefixes on both BGP sessions, then advertise the on-premises public prefixes with additional AS_Path prepends in the BGP attributes on the primary connection and finally increase the Local Preference (local-pref) for the secondary connection

D : Set up the customer gateway to advertise the same prefixes on both BGP sessions, then advertise the on-premises public prefixes with additional AS_Path prepends in the BGP attributes on the secondary connection and finally increase the Local Preference (local-pref) for the primary connection

Answer: B

Question 4

A company wants to implement a distributed architecture on AWS that uses a Gateway Load Balancer (GWLB) and GWLB endpoints. The company has chosen a hub-and-spoke model. The model includes a GWLB and virtual appliances that are deployed into a centralized appliance VPC and GWLB endpoints. The model also includes internet gateways that are configured in spoke VPCs. Which sequence of traffic flow to the internet from the spoke VPC is correct?

A : 1.An application in a spoke VPC sends traffic to the GWLB endpoint based on the VPC route table configuration.2. Traffic is delivered securely and privately to the GWLB.3. The GWLB sends the traffic to a virtual appliance for inspection.4. Return traffic flows back to the GWLB endpoint and out to the internet through the internet gateway.

B : 1. An application in a spoke VPC sends traffic to the GWLB endpoint based on the VPC route table configuration.2. Traffic is delivered securely and privately to the GWLB endpoint.3. The GWLB sets the X-Forwarded-For request header and sends the traffic to a virtual appliance for inspection.4. Return traffic flows back to the GWLB and out to the internet through an internet gateway.

C : 1. An application in a spoke VPC sends traffic to the GWLB endpoint.2. Traffic is delivered securely and privately to the GWLB.3. The GWLB sets the X-Forwarded-For request header and sends the traffic to a virtual appliance for inspection.4. Return traffic flows back to the GWLB endpoint and out to the internet through the internet gateway.

D : 1. An application in a spoke VPC sends traffic to the GWLB.2. Traffic is delivered securely and privately to the GWLB endpoint.3. The GWLB sends the traffic to a virtual appliance for inspection.4. Return traffic flows back to the GWLB and out to the internet through an internet gateway.

Answer: A

Question 5

A consulting company manages AWS accounts for its customers. One of the company's customers needs to add intrusion prevention for its environment without having to re-architect the environment. The customer's environment includes five VPCs in two AWS Regions in the United States. VPC-to-VPC connectivity is achieved through VPC peering. The customer does not plan to increase the number of VPCs within the next 2 years. The solution must accommodate unencrypted traffic. Which solution will meet these requirements?

A : Configure VPC security groups and network ACLs.

B : Use an AWS Network Firewall centralized deployment model in each VPC.

C : Use an AWS Network Firewall distributed deployment model in each VPC.

D : Deploy AWS Shield in each VPC.

Answer: C