AWS Certified Advanced Networking Specialty (ANS-C01)

The AWS Certified Advanced Networking Specialty (ANS-C01) were last updated on today.
  • Viewing page 10 out of 110 pages.
  • Viewing questions 46-50 out of 550 questions
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.and Azure
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.and Azure

Topic 1 - Exam A

Question #46 Topic 1

You ping an Amazon Elastic Compute Cloud (EC2) instance from an on-premises server. VPC Flow Logs record the following: 2 123456789010 eni-1235b8ca 10.123.234.78 172.11.22.33 0 0 1 8 672 1432917027 1432917142 ACCEPT OK 2 123456789010 eni-1235b8ca 172.11.22.33 10.123.234.78 0 0 1 4 336 1432917027 1432917082 ACCEPT OK 2 123456789010 eni-1235b8ca 172.11.22.33 10.123.234.78 0 0 1 4 336 1432917094 1432917142 REJECT OK Why are ICMP responses not received by the on-premises system?

  • A The inbound network access control list is blocking the traffic
  • B The outbound network access control list is blocking the traffic
  • C The inbound security group is blocking the traffic.
  • D The outbound security group is blocking the traffic.
Suggested Answer: B
NOTE: An ACCEPT record for the originating ping that was allowed by both the network ACL and the security group, and therefore was allowed to reach your instance. A REJECT record for the response ping that the network ACL denied. If your network ACL permits outbound ICMP traffic, the flow log displays two ACCEPT records (one for the originating ping and one for the response ping). If your security group denies inbound ICMP traffic, the flow log displays a single REJECT record, because the traffic was not permitted to reach your instance. Reference: https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
Question #47 Topic 1

Which of the following is true when you don't configure Amazon CloudFront to forward cookies to your origin?

  • A CloudFront removes the Cookie header from requests that it forwards to your origin.
  • B CloudFront disables viewer requests to your origin, including all cookies.
  • C CloudFront caches your objects based on cookie values.
  • D CloudFront automates code deployments to any instance.
Suggested Answer: A
NOTE: If you don't configure CloudFront to forward cookies to your origin, CloudFront removes the Cookie header from requests that it forwards to your origin and removes the Set-Cookie header from responses that it returns to your clients. Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html
Question #48 Topic 1

Your company was recently acquired and a Direct Connection connection was extended from your new parent corporation to your AWS VPC using a hosted VIF. What data charges are billed to your account for that connection?

  • A You are only responsible for the port hours of the VIF.
  • B You are not charged anything.
  • C You are responsible for all data transfer out.
  • D You are responsible for all data transfer in.
Suggested Answer: C
NOTE: You are only responsible for the data transfer out. The port hours are the responsibility of the owner of the connection.
Question #49 Topic 1

You need to find the MTU used by another instance, but tracepath is not working. You know the instance you are trying to tracepath has open security group and NACL rules. Which protocol do you need to allow to access your instance to remedy this?

  • A Protocol 6: TCP
  • B Protocol 47: GRE
  • C Protocol 17: UDP
  • D Protocol 1: ICMP
Suggested Answer: D
NOTE: You need to allow Protocol 1, ICMP, to access your instance. tracepath specifically needs the "destination unreachable" feature of ICMP.
Question #50 Topic 1

What is the minimum number of subnets for an RDS subnet group?

  • A 3
  • B 4
  • C 1
  • D 2
Suggested Answer: D
NOTE: This allows for high availability and failover in case an RDS instance goes down.
Previous Questions Next Questions