Free Amazon ANS-C01 Exam Questions

Question 1

A company has developed a web service for language translation. The web service's application runs on a fleet of Amazon EC2 instances that are in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) and are deployed in a private subnet. The web service can process requests that contain hundreds of megabytes of data. The company needs to give some customers the ability to access the web service. Each customer has its own AWS account. The company must make the web service accessible to approved customers without making the web service accessible to all customers. Which combination of steps will meet these requirements with the LEAST operational overhead? (Choose two.)

A : Create VPC peering connections with the approved customers only.

B : Create an AWS PrivateLink endpoint service. Configure the endpoint service to require acceptance that will be granted to approved customers only.

C : Configure an authentication action for the endpoint service's load balancer to allow customers to log in by using their AWS credentials. Provide only approved customers with the URL.

D : Configure a Network Load Balancer (NLB) and a listener with the ALB as a target. Associate the NLB with the endpoint service.

E : Associate the ALB with the endpoint service.

Answer: B,D

Question 2

A company deployed an application in two AWS Regions in one AWS account. The company has one VPC in each Region. The VPCs use non-overlapping private CIDR ranges. The company needs to connect both VPCs to a single on-premises data center to test the application. The application requires up to 800 Mbps of throughput. A network engineer needs to establish connectivity between the VPCs and the on-premises data center. Which solution will meet this requirement with the LEAST operational overhead?

A : Order a 2 Gbps Direct Connect connection for the data center. Configure a virtual private gateway in each VPC. Create a private VIF for each virtual private gateway, and associate the virtual private gateways with the Direct Connect connection. Configure static routes in the VPC route tables and in the data center router.

B : Order a 2 Gbps Direct Connect connection for the data center. Configure a virtual private gateway in each VPC. Create a private VIF for each virtual private gateway, and associate the virtual private gateways with the Direct Connect connection. Configure Open Shortest Path First (OSPF) routing between the private VIF and the data center.

C : Configure a customer gateway and a virtual private gateway in each VPC. Configure an AWS SitetoSite VPN connection between the data center and each VPC. Configure static routes in each VPC route table to point to the subnets in the data center.

D : Configure a customer gateway and a virtual private gateway in each VPC. Configure an AWS SitetoSite VPN connection between the data center and each VPC. Configure BGP routing between the VPCs and the data center.

Answer: A

Question 3

A company has developed a web service for language translation. The web service's application runs on a fleet of Amazon EC2 instances that are in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) and are deployed in a private subnet. The web service can process requests that contain hundreds of megabytes of data. The company needs to give some customers the ability to access the web service. Each customer has its own AWS account. The company must make the web service accessible to approved customers without making the web service accessible to all customers. Which combination of steps will meet these requirements with the LEAST operational overhead? (Choose two.)

A : Create VPC peering connections with the approved customers only.

B : Create an AWS PrivateLink endpoint service. Configure the endpoint service to require acceptance that will be granted to approved customers only.

C : Configure an authentication action for the endpoint service's load balancer to allow customers to log in by using their AWS credentials. Provide only approved customers with the URL.

D : Configure a Network Load Balancer (NLB) and a listener with the ALB as a target. Associate the NLB with the endpoint service.

E : Associate the ALB with the endpoint service.

Answer: B,D

Question 4

A company is planning to migrate to AWS and use multiple VPCs in multiple AWS Regions. A network engineer must connect the eu-west-1 and eu-central-1 Regions to the company headquarters and branch office, respectively. The network engineer created a production VPC, named Prod A, with a CIDR block of 10.0.0.0. Prod A runs in an account in eu-west-1. The network engineer then created another production VPC, named Prod B, with a CIDR block of 10.1.0.0. Prod Ð’ runs in a different account in eu-central-1. The network engineer performed the following steps to try to achieve the required connectivity: 1. Created one transit gateway in each Region2. Shared and accepted the transit gateways with the production accounts in both Regions3. Configured the peering attachment between both transit gateways4. Attached both VPCs to the respective Region transit gateway5. Created both transit gateway route tables and associated the attachments with the route tables6. Configured a static route in both transit gateway route tables to send traffic to the remote VPC in the other Region7. Activated route propagation on the VPC route tables in each Region After the configuration, the network engineer tried to connect from Prod A to Prod B. However, the connection was unsuccessful. What should the network engineer do to achieve the required connectivity?

A : Modify the IP address of the peering attachment to a wider range.

B : Delete the static routes that were in the transit gateway route table to send traffic to the remote VPC and enable route propagation instead.

C : Create a new route destined to 10.0.0.0 in both production VPC route tables with the Region transit gateway as the target.

D : Modify the transit gateway route tables from the production accounts to propagate routes dynamically between the production VPCs.

Answer: C

Question 5

A company is deploying a web application into two AWS Regions. The company has one VPC in each Region. Each VPC has three Amazon EC2 instances as web servers behind an Application Load Balancer (ALB). The company already has configured an Amazon Route 53 public hosted zone for example.com. Users will access the application by using the fully qualified domain name (FQDN) of app.example.com. The company needs a DNS solution that allows global users to access the application. The solution must route the users' requests to the Region that provides the lowest response time. The solution must fail over to the Region that provides the next-lowest response time if the application is unavailable in the initially intended Region. Which solution will meet these requirements?

A : For each ALB, create an A record that has a geolocation routing policy to route app.example.com to the IP addresses of the ALB. Configure a Route 53 HTTP health check that monitors each ALB by IP address. Associate the health check with the A records.

B : Create an A record that has a geolocation routing policy to route app.example.com to the IP addresses for both ALBs. Configure a Route 53 health check that monitors TCP port 80 for each ALB by IP address. Associate the health check with the A records.

C : Create an A record that has a latency-based routing policy to route app.example.com as an alias to one of the ALBs. Configure a Route 53 health check that monitors TCP port 80 for each ALB by IP address. Associate the health check with the A records.

D : For each ALB, create an A record that has a latency-based routing policy to route app.example.com as an alias to the ALB. Set the value for Evaluate Target Health to Yes for the records.

Answer: D