ANS-C00 AWS Certified Advanced Networking-Specialty Questions and Answers

An application runs on a fleet of Amazon EC2 instances in a VPC. All instances can reach one another using private IP addresses. The application owner has a new requirement that the domain name received via DHCP should be different for a particular set of instances that are currently in one particular subnet.

What changes should be made to meet this requirement while continuing to support the existing application requirements?

A company uses a newly provisioned 1-Gbps AWS Direct Connect connection to configure a virtual interface for access to Amazon S3

Which configuration values is the network engineer required to provide? (Select TWO.)

Your organization has a newly installed 1-Gbps AWS Direct Connect connection. You order the cross-connect from the Direct Connect location provider to the port on your router in the same facility. To enable the use of your first virtual interface, your router must be configured appropriately.

What are the minimum requirements for your router?

You have been asked to monitor traffic flows on your Amazon EC2 instance. You will be performing deep packet inspection, looking for atypical patterns.

Which tool will enable you to look at this data?

A company wants to conduct a proof of concept for an SAP HANA application with a hey objective to automate the provisioning of infrastructure and the application. The company operates a hybrid cloud infrastructure with AWS Direct Connect between its data center and VPC. Security policy dictates that all traffic from AWS be routed through on-premises data center firewalls. Security policy also prohibits the use of a VPC internet gateway for internet access The company enforces use of a forward proxy server for all outbound network traffic All resources inside the VPC are able to reach on-premises servers.

All Amazon EC2 Linux instances require package updates over the internet. However, the updates are failing and sending errors.

What would cause these errors?

A Lambda function needs to access the private address of an Amazon ElastiCache cluster in a VPC. The Lambda function also needs to write messages to Amazon SQS. The Lambda function has been configured to run in a subnet in the VPC.

Which of the following actions meet the requirements? (Select two.)

An IT company wants to securely perform an on-off migration of its on-premises VMs to the AWS Cloud by using AWS Server Migration Service {AWS SMS) For the first phase of the migration, the company must migrate 50 development VMs m batches during non-peak times over the next 7 days The VMs are between 2 GB and 5 GB in size The company has 1 Gbps of available bandwidth over the internet

Which network connectivity option meets these requirements MOST cost-effectively?

A company provisions an AWS Direct Connect connection to permit access to Amazon EC2 resources in several Amazon VPCs and to data stored in private Amazon S3 buckets. The Network Engineer needs to configure the company's on-premises router for this Direct Connect connection.

Which of the following actions will require the LEAST amount of configuration overhead on the customer router?

An organization is replacing a tape backup system with a storage gateway. there is currently no connectivity to AWS. Initial testing is needed.

What connection option should the organization use to get up and running at minimal cost?

A company wants to use thin clients running virtual desktops to replace 500 desktop computers used by its call center employees The company is evaluating Amazon Workspaces as a solution

A network engineer who is testing with a thin client is unable to conned to Amazon Workspaces After entering credentials the network engineer receives the following error:

"An error occurred while launching your Workspace Please try again"

What should the network engineer do to resolve this issue?

DNS name resolution must be provided for services in the following four zones:

company.private.

emea.company.private.

apac.company.private.

amer.company.private.

The contents of these zones is not considered sensitive, however, the zones only need to be used by services hosted in these VPCs, one per geographic region. Each VPC should resolve the names in all zones.

How can you use Amazon route 53 to meet these requirements?

You are preparing to launch Amazon WorkSpaces and need to configure the appropriate networking resources. What must be configured to meet this requirement?

A network engineer is managing two AWS Direct Connect connections. Each connection has a public virtual interface configured with a private ASN. The engineer wants to configure active/passive routing between the Direct Connect connections to access Amazon public endpoints. What BGP configuration is required for the on-premises equipment? (Select two.)

A gaming company is running an online multiplayer game in multiple AWS Regions The company needs traffic from its end users to be routed to the Region that is closest to the end users geographically When maintenance occurs in a Region, traffic must be routed to the next closest Region with no changes to the IP addresses being used as connections by the end users

Which solution will meet these requirements?

An organization with a growing e-commerce presence uses the AWS CloudHSM to offload the SSL/TLS processing of its web server fleet. The company leverages Amazon EC2 Auto Scaling for web servers to handle the growth. What architectural approach is optimal to scale the encryption operation?

Changes made to a security group attached to an Application Load Balancer resulted in connectivity issues for a company's production web application. The Network Engineer needs to lock down permissions for the company's AWS account, automate auditing for any changes, and set up notifications.

What actions should accomplish this?

Your organization requires strict adherence to a change control process for its Amazon Elastic Compute Cloud (EC2) and VPC environments. The organization uses AWS CloudFormation as the AWS service to control and implement changes. Which combination of three services provides an alert for changes made outside of AWS CloudFormation? (Select three.)

A computing team is evaluating whether to place a high performance computing (HPC) application in AWS. The team is concerned about application performance and wants to know what options are available to increase networking performance.

Which of the following changes would increase performance for this application? (Choose two.)

The Web Application Development team is worried about malicious activity from 200 random IP addresses. Which action will ensure security and scalability from this type of threat?