AWS Certified Advanced Networking Specialty (ANS-C01)

The AWS Certified Advanced Networking Specialty (ANS-C01) were last updated on today.

Viewing page 3 out of 110 pages.
Viewing questions 11-15 out of 550 questions

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.and Azure
- Trademarks, certification & product names are used for reference only and belong to Amazon.and Azure

Topic 1 - Exam A

Question #11 Topic 1

Which statement about Elastic IP addresses is incorrect?

A Additional EIPs associated with one instance incur a charge.
B Once an EIP is associated with an instance, you must manually change the hostname if you want it to match.
C Once you associate an EIP with an instance, the original public IP is released.
D Disassociated EIPs incur a charge.

Suggested Answer: B
NOTE: The hostname automatically changes to match the new EIP.

Question #12 Topic 1

Your organization has placed a project on hold and has stopped 30 public EC2 instances. These instances use instance store volumes and do not have custom AMIs associated. You are still being charged every month. What is the charge probably for?

A AWS charges for dormant accounts.
B You have Elastic IPs associated with those instances.
C There is a "stopped instance" fee that AWS charges every month.
D You are being charged for the EBS volumes.

Suggested Answer: B
NOTE: You have Elastic IPs associated with those instances. AWS charges for any unused Elastic IPs in your account.

Question #13 Topic 1

What is the name of the label applied to packets to allow routers to know where to forward in an MPLS network?

A BFD
B BGP
C FEC
D ABC

Suggested Answer: C
NOTE: Forward Equivalency Class is how routers know where to send packets.

Question #14 Topic 1

You manage a webserver that serves a webpage on AWS infrastructure. You utilize an Application Load Balancer, CloudFront, S3, and some other AWS services for this site. You are only responsible for the server and you don't have access to the AWS console or API. You need to find out what IPs are accessing your website. What is the best way to achieve this?

A Ask someone with IAM permissions to view the Flow Logs to give you access.
B View the access logs. They already show this information.
C Run "curl http://169.254.169.254/latest/meta-data/access_log
D Add "X-Forwarded For" to the access logs and view the access logs.

Suggested Answer: D
NOTE: Add "X-Forwarded For" to the access logs and view the access logs is the best answer here. IAM permissions could work, but not necessary, the curl command queries metadata, not access logs.

Question #15 Topic 1

You have an application that is processing confidential data. The data is currently stored in your data center. You are moving workloads to AWS, and you need to ensure confidentiality and integrity of the data in transit to your VPC. Your company has an existing AWS Direct Connect connection. What combination of steps should you perform to set up the most cost-effective connection between your on-premises data center and AWS? (Choose three.)

A Set up a VPC with a virtual private gateway.
B Set up a VPC with an Internet gateway.
C Configure a public virtual interface on your Direct Connect connection.
D Configure a private virtual interface to the virtual private gateway.
E Set up an IPsec tunnel between your customer gateway and a software VPN on Amazon EC2 in the VPC.
F Set up an IPsec tunnel between your customer gateway appliance and the virtual private gateway.

Suggested Answer: ACF
NOTE: Setting up a VPN over your Direct Connect connection will secure the data in transit. The steps to do so are: adding a VGW to the VPC; setting up a public virtual interface; and creating the IPsec tunnel between your data center and the VGW via the public virtual interface. B would send traffic over the public Internet. D is not possible because a public virtual interface is needed to announce the VGW endpoint IPs. E would not take advantage of the already existing Direct Connect connection.