ANS-C00 Exam - AWS Certified Advanced Networking Specialty Exam

NEW QUESTION 1
When an AWS Config rule is triggered a JSON object known as an AWS Config Event is created. This object contains another JSON string in its _____ parameter, which describes the event that
triggered the rule.

• A. resultToken
• B. eventLeftScope
• C. invokingEvent
• D. configRuleName

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_developrules_ example-events.html

NEW QUESTION 2
Which of the following is true when you don't configure Amazon CloudFront to forward cookies to your origin?

• A. CloudFront removes the Cookie header from requests that it forwards to your origin.
• B. CloudFront disables viewer requests to your origin, including all cookies.
• C. CloudFront caches your objects based on cookie values.
• D. CloudFront automates code deployments to any instanc

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html

NEW QUESTION 3
In the "start using the AWS Direct Connect steps," when can you complete the Cross Connect step?

• A. After verifying your virtual interface
• B. After you have received your Letter of Authorization and Connecting Facility Assignment (LOA-CFA) from AWS
• C. 72 hours after submitting your request for AWS Direct Connect Connection
• D. Immediately after submitting your request for AWS Direct Connect Connection

Answer: B

Explanation:
Reference:
http://docs.aws.amazon.com/directconnect/latest/UserGuide/Colocation.html

NEW QUESTION 4
Which other AWS service is used to track ‘Related Events’ within the Configuration Item?

• A. AWS WAF
• B. SQS
• C. AWS CloudTrail
• D. S3

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#configitem- table

NEW QUESTION 5
When an AWS Config rule is triggered a JSON object known as an AWS Config Event is created. This object contains a(n) _____ attribute, which is a JSON-formatted set of key/value pairs the receiving AWS Lambda function processes as part of its evaluation logic.

• A. invokingEvent
• B. mappingTemplate
• C. ruleConfiguration
• D. inputParameters

Answer: D

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_developrules_ example-events.html

NEW QUESTION 6
A user is having data generated randomly based on a certain event. The user wants to upload that data to CloudWatch. It may happen that event may not have data generated for some period due to randomness. Which of the below mentioned options is a recommended option for this case?

• A. For the period when there is no data, the user should not send the data at all
• B. The user must upload the data to CloudWatch as having no data for some period will cause an error at CloudWatch monitoring
• C. For the period when there is no data the user should send the value as 0
• D. For the period when there is no data the user should send a blank value

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/publishingMetrics.html

NEW QUESTION 7
What is the maximum number of CloudTrails that you can create per AWS region?

• A. 10
• B. 2
• C. 16
• D. 5

Answer: D

Explanation:
Reference:
https://aws.amazon.com/cloudtrail/faqs/

NEW QUESTION 8
When using AWS Config, which two items are stored on S3 as a part of its operation?

• A. Configuration Items and Configuration History
• B. Configuration Recorder and Configuration Snapshots
• C. Configuration History and Configuration Snapshots
• D. Configuration Snapshots and Configuration Streams

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#config-items

NEW QUESTION 9
A user is trying to send custom metrics to CloudWatch using the PutMetricData APIs. Which of the below mentioned points should the user needs to take care while sending the data to CloudWatch?

• A. The size of a request is limited to 128KB for HTTP GET requests and 64KB for HTTP POST requests
• B. The size of a request is limited to 40KB for HTTP GET requests and 8KB for HTTP POST requests
• C. The size of a request is limited to 16KB for HTTP GET requests and 80KB for HTTP POST requests
• D. The size of a request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests

Answer: D

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.ht ml

NEW QUESTION 10
The IPsec protocol suite is made up of various components covering aspects such as confidentiality, encryption, and integrity. Select the correct statement below regarding the correct configuration options for ensure IPsec confidentiality:

• A. The following protocols may be used to configure IPsec confidentiality, DES, 3DES, MD5
• B. The following protocols may be used to configure IPsec confidentiality, DES, 3DES, AES
• C. The following protocols may be used to configure IPsec confidentiality, PSK, RSA
• D. The following protocols may be used to configure IPsec confidentiality, PSK, MD5
• E. The following protocols may be used to configure IPsec confidentiality, PSK, RSA

Answer: B

Explanation:
Reference:
https://en.wikipedia.org/wiki/IPsec

NEW QUESTION 11
An unfortunate situation has just come to your attention. A business critical application with
sensitive data running on-prem will run out of storage disk space in 24hrs. This business critical application is dependent a very large set of routes - required for integration with other system. You make a quick but well informed decision to migrate this application quickly to AWS. You are able to quickly launch a new VPC and within it equivalent infrastructure to re-home the application. In order to complete the replication of application data and ensure the application remains operational
beyond the next 24hrs, select the best implementation.

• A. Within the new VPC - establish a Direct Connect connection with max 10Gbps port speed for data replicatio
• B. Establish a 802.1Q VLAN and configure a Virtual Private Gateway and Private Virtual Interface, and ensure Jumbo Frames is enabled.
• C. Within the new VPC - deploy a Virtual Private Gateway, Customer Gateway, and establish a new IPsec VPN Connection with BGP dynamic routing
• D. Within the new VPC - deploy a Virtual Private Gateway, Customer Gateway, and establish a new IPsec VPN Connection with static routing, and ensure Jumbo Frames is enabled.
• E. Within the new VPC - deploy a software based virtual router (for example a Cisco CSR). Configure with dual ENIs (external and internal), create and attach an EIP to the external ENI, Configure and setup IPsec VPN tunnels, and ensure Jumbo Frames is enabled.

Answer: B

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/GenericConfig.html

NEW QUESTION 12
In AWS, which service provides a reliable and inexpensive way to backup and archive CloudTrail log files?

• A. Amazon Archiver
• B. Amazon Glacier
• C. AWS Storage Gateway
• D. Amazon Elastic Block Store

Answer: B

Explanation:
Reference:
https://aws.amazon.com/cloudtrail/faqs/

NEW QUESTION 13
AWS Config flags a resource as ______ if a resource violates any conditions of an AWS Config rule that it evaluates on the resource in question.

• A. corrupted
• B. noncompliant
• C. invalid
• D. misconfigured

Answer: B

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html

NEW QUESTION 14
When an AWS Config rule is triggered a JSON object known as an AWS Config Event is created. This object contains a(n) ______ attribute, which is a JSON-formatted set of key/value pairs the receiving AWS Lambda function processes as part of its evaluation logic.

• A. inputParameters
• B. invokingEvent
• C. ruleConfiguration
• D. mappingTemplate

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_developrules_ example-events.html

NEW QUESTION 15
Select the answer/s that correctly state how Jumbo Frames work

• A. Jumbo Frames assist with application disk storage
• B. Jumbo Frames can assist with application performance
• C. Jumbo Frames are supported across Virtual Private Gateway connections
• D. Jumbo Frames are enabled by increasing the MTU size to 9000 kilobytes

Answer: B

Explanation:
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html

NEW QUESTION 16
In Amazon CloudFront, you cannot configure CloudFront to process cookies for _____.

• A. HTTPS web distributions
• B. Web and RTMP distributions
• C. RTMP distributions
• D. HTTP web distributions

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html

NEW QUESTION 17
In your current role as the corporate network architect - you have decided to replace your existing hardware firewall appliances with a pair of Juniper SRX-Series Services Gateways. You have chosen these as AWS lists these as supportable devices for establishing IPsec connections. With this in mind, select the minimum set of options to ensure that you can establish IPsec connectivity between your on premise private corporate network and your AWS hosted VPC. Select which option is NOT required

• A. Initiate network connections from somewhere within your corporate network, this is required to bring the tunnels UP
• B. Deploy a Customer Gateway within your corporate network
• C. Deploy a Customer Gateway within your VPC
• D. Deploy a Virtual Private Gateway within your VPC

Answer: B

Explanation:
Reference:
https://aws.amazon.com/vpc/faqs/

NEW QUESTION 18
Which element of AWS Config can be used to help maintain internal and external compliance controls?

• A. Configuration Item
• B. Configuration Recorder
• C. Configuration Streams
• D. Config Rules

Answer: D

Explanation:
Reference:
https://aws.amazon.com/config/

NEW QUESTION 19
You have been tasked with migrating your company’s proprietary massively large dataset sorting application to AWS. The application currently runs on 4 highly spec’d servers that are in a cluster arrangement and runs 24x7, with the average CPU utilisation across any 24hr period being approx 85% - the migration of this cluster once up and running on AWS is expected to run similarly. The servers shuffile data internally and between themselves. Your company’s financial performance is entirely dependent on the speed at which it can sort your customers datasets, that is the faster a sorted result can be returned the better your company’s bottom line. Of the choices presented below, select the optimal network configuration that will ensure the best financial results for your company.

• A. Disable Jumbo Frames to ensure better data throughput between instances
• B. Enable Jumbo Frames to ensure better data throughput between instances
• C. Create an autoscaled group of c4.8xlarge instances - with min 1 and max 4 - this will ensure your operational costs a minimal
• D. Configure a CloudWatch Alarm to add more CPUs to the instances when average cluster CPU utilisation breaches 85%

Answer: B

Explanation:
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html

NEW QUESTION 20
To get started using AWS Direct Connect, in which of the following steps do you configure Border Gateway Protocol (BGP)?

• A. Complete the Cross Connect
• B. Verify your Virtual Interface
• C. Create a Virtual Interface
• D. Submit AWS Direct Connect Connection Request

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.html#createvirtualinterfac

NEW QUESTION 21
Which of the following physical layer standards is required for connection to AWS Direct Connect over a standard 1 gigabit or 10 gigabit Ethernet fiber-optic cable?

• A. Single mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-ER for 10 gigabit Ethernet
• B. Multi mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-ER for 10 gigabit Ethernet
• C. Single mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-LR for 10 gigabit Ethernet
• D. Multi mode fiber, 1000BASE-SX for 1 gigabit Ethernet, or 10GBASE-SR for 10 gigabit Ethernet

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

NEW QUESTION 22
You are your company’s AWS cloud architect. You have created a VPC topology that consists of 3
VPCs. You have a centralised VPC (VPC-Shared) that provides shared services to the remaining 2 departmental dedicated VPCs (VPC-Dept1 and VPC-Dept2). The centralised VPC is VPC peered to both of the departmental VPCs, that is a VPC peering connection exists between VPC-Shared and VPC-Dept1, and a VPC peering connection exists between VPC-Shared and VPC-Dept2. Select the correct option from the list below.

• A. Network traffic is possible between VPC-Shared instances and VPC-Dept1 and VPC-Dept2 instances as long as the appropriate routes and security groups are in place, but only for communication that is initiated from VPC1-Shared instances as the default peering bi-directional communication flag has been disabled.
• B. Instances within VPC-Dept1 can communicate directly with instances in VPC-Shared, as long as the appropriate routes and security groups are in place, and vice versa regardless of who initiates communication
• C. All network communication remains blocked between all VPCs until the respective peering bidirectional communication flags are set to the appropriate setting that allows traffic to flow.
• D. Network traffic is possible between VPC-Shared instances and VPC-Dept1 and VPC-Dept2 instances as long as the appropriate routes and security groups are in place, but only for communication that is initiated from VPC1-Shared instances as the default peering bi-directional communication flag has been enabled.

Answer: B

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/peering-configurations-partialaccess. html#one-to-two-vpcs-instances

NEW QUESTION 23
......