Amazon exam practice test / ans-c00 dumps / ans-c00 dumps pdf / ans-c00 exam / ans-c00 exam questions / ans-c00 pdf / ans-c00 practice test / ans-c00 study guide

[2021.5] New Valid Amazon AWS ANS-C00 Practice Questions Free Share From Pass4itsure

Amazon AWS ANS-C00 is difficult. But with the Pass4itsure ANS-C00 dumps https://www.pass4itsure.com/aws-certified-advanced-networking-specialty.html preparation material candidate, it can be achieved easily. In ANS-C00 practice tests, you can practice on the same exam as the actual exam. If you master the tricks you gained through practice, it will be easier to achieve your target score.

Amazon AWS ANS-C00 pdf free https://drive.google.com/file/d/1MdFqNuu2TjSkTTGYDvh243BTyGv4xPg-/view?usp=sharing

Latest Amazon ANS-C00 dumps Practice test video tutorial

Latest Amazon AWS ANS-C00 practice exam questions at here:

QUESTION 1
Over which of the following Ethernet standards does AWS Direct Connect link your internal network to an AWS Direct
Connect location?
A. Copper backplane cable
B. Twisted pair cable
C. Single mode fiber-optic cable
D. Shielded balanced copper cable
Correct Answer: C
Explanation:
AWS Direct Connect links your internal network to an AWS Direct Connect location over a standard 1
gigabit or 10 gigabit Ethernet single mode fiber-optic cable.
Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html


QUESTION 2
A company has two redundant AWS Direct Connect connections to a VPC. The VPC is configured using BGP metrics
so that one Direct Connect connection is used as the primary traffic path. The company wants the primary Direct
Connect connection to fail to the secondary in less than one second.
What should be done to meet this requirement?
A. Configure BGP on the company\\’s router with a keep-alive to 300 ms and the BGP hold timer to 900 ms.
B. Enable Bidirectional Forwarding Detection (BFD) on the company\\’s router with a detection minimum interval of 300
ms and a BFD liveness detection multiplier of 3.
C. Enable Dead Peer Detection (DPD) on the company\\’s router with a detection minimum interval of 300 ms and a
DPD liveliness detection multiplier of 3.
D. Enable Bidirectional Forwarding Detection (BFD) echo mode on the company\\’s router and disable sending the
Internet Control Message Protocol (ICMP) IP packet requests.
Correct Answer: B
Reference: https://aws.amazon.com/directconnect/faqs/

QUESTION 3
Your organization uses a VPN to connect to your VPC but must upgrade to a 1-G AWS Direct Connect connection for
stability and performance. Your telecommunications provider has provisioned the circuit from your data center to an
AWS Direct Connect facility and needs information on how to cross-connect (e.g., which rack/port to connect).
What is the AWS-recommended procedure for providing this information?
A. Create a support ticket. Provide your AWS account number and telecommunications company\\’s name and where
you need the Direct Connect connection to terminate.
B. Create a new connection through your AWS Management Console and wait for an email from AWS with information.
C. Ask your telecommunications provider to contact AWS through an AWS Partner Channel. Provide your AWS account
number.
D. Contact an AWS Account Manager and provide your AWS account number, telecommunications company\\’s name,
and where you need the Direct Connect connection to terminate.
Correct Answer: A


QUESTION 4
Your company just purchased a domain using another registrar and wants to use the same nameservers as your current
domain hosted with AWS. How would this be achieved?
A. Every domain must have different nameservers.
B. In the API, create a Reusable Delegation Set.
C. Import the domain to your account and it will automatically set the same nameservers.
D. In the console, create a Reusable Delegation Set.
Correct Answer: B
Explanation:
You can\\’t create a reusable delegation set in the console. AWS does not provide the same nameservers to
new domains, but a reusable delegation set can be used with as many domains as you like.


QUESTION 5
What are two routing methods used by Route 53? (Choose two.)
A. RIP
B. Failover
C. Latency
D. AS_PATH
Correct Answer: BC
Explanation:
RIP is used for network routing and AS_PATH is used for BGP path manipulation.

QUESTION 6
A company is about to migrate an application from its on-premises data center to AWS. As part of the planning process,
the following requirements involving DNS have been identified.
1.
On-premises systems must be able to resolve the entries in an Amazon Route 53 private hosted zone.
2.
Amazon EC2 instances running in the organization\\’s VPC must be able to resolve the DNS names of on-premises
systems
The organization\\’s VPC uses the CIDR block 172.16.0.0/16.
Assuming that there is no DNS namespace overlap, how can these requirements be met?
A. Change the DHCP options set for the VPC to use both the Amazon-provided DNS server and the on-premises DNS
systems. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as
authoritative for the Route 53 private hosted zone.
B. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to
forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to
172.16.0.2. Change the DHCP options set for the VPC to use the new DNS proxies. Configure the on-premises DNS
systems with a stub-zone, delegating the name server
172.16.0.2 as authoritative for the Route 53 private hosted zone.
C. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to
forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to the
Amazon-provided DNS server (172.16.0.2). Change the DHCP options set for the VPC to use the new DNS proxies.
Configure the on-premises DNS systems with a stub-zone, delegating the proxies as authoritative for the Route 53
private hosted zone.
D. Change the DHCP options set for the VPC to use both the on-premises DNS systems. Configure the on-premises
DNS systems with a stub-zone, delegating the Route 53 private hosted zone\\’s name servers as authoritative for the
Route 53 private hosted zone.
Correct Answer: C


QUESTION 7
A company is delivering web content from an Amazon EC2 instance in a public subnet with address 2001:db8:1:100::1.
Users report they are unable to access the web content. The VPC Flow Logs for the subnet contain the following
entries:
2 012345678912 eni-0596e500123456789 2001:db8:2:200::2 2001:db8:1:100::1 0 0 58 234 24336 1551299195
1551299434 ACCEPT OK 2 012345678912 eni-0596e500123456789 2001:db8:1:100::1 2001:db8:2:200::2 0 0 58 234
24336 1551299195 1551299434 REJECT OK
Which action will restore network reachability to the EC2 instance?
A. Update the security group associated with eni-0596e500123456789to permit inbound traffic.
B. Update the security group associated with eni-0596e500123456789to permit outbound traffic.
C. Update the network ACL associated with the subnet to permit inbound traffic.
D. Update the network ACL associated with the subnet to permit outbound traffic.
Correct Answer: C


QUESTION 8
You need to find the public IP address of an instance that you\\’re logged in to. What command would you use?
A. curl ftp://169.254.169.254/latest/meta-data/public-ipv4
B. scp localhost/latest/meta-data/public-ipv4
C. curl http://127.0.0.1/latest/meta-data/public-ipv4
D. curl http://169.254.169.254/latest/meta-data/public-ipv4
Correct Answer: D
Explanation: curl http://169.254.169.254/latest/meta-data/public-ipv4

QUESTION 9
What MTU is recommended for VPN and Direct Connect links?
A. 1500
B. 2000
C. 128
D. Jumbo Frames
Correct Answer: A
Explanation:
Jumbo frames will not pass through VPN and Direct Connect links using AWS connections. You must use
an MTU of 1500.


QUESTION 10
A company\\’s application runs in a VPC and stores sensitive data in Amazon S3. The application\\’s Amazon EC2
instances are located in a private subnet with a NAT gateway deployed in a public subnet to provide access to Amazon
S3. The S3 bucket is located in the same AWS Region as the EC2 instances. The company wants to ensure that this
bucket can be accessed only from the VPC where the application resides.
Which changes should a network engineer make to the architecture to meet these requirements?
A. Delete the existing S3 bucket and create a new S3 bucket inside the VPC in the private subnet. Configure the S3
security group to allow only the application instances to access the bucket.
B. Deploy an S3 VPC endpoint in the VPC where the application resides. Configure an S3 bucket policy with a condition
to allow access only from the VPC endpoint.
C. Configure an S3 bucket policy, and use an IP address condition to restrict access to the bucket. Allow access only
from the VPC CIDR range, and deny all other IP address ranges.
D. Create a new IAM role for the EC2 instances that provides access to the S3 bucket, and assign the role to the
application instances. Configure an S3 bucket policy to allow access only from the role.
Correct Answer: B


QUESTION 11
You have a hybrid infrastructure, and you need AWS resources to be able to resolve your on-premises DNS names.
You have configured a DNS server on an EC2 instance in your 10.1.3.0/24 subnet. This subnet resides on the VPC
10.1.0.0/16. What step should you take to accomplish this?
A. Configure your DNS server to forward queries for the private hosted zone to 10.1.3.2.
B. Configure the DHCP option set in the VPC to point to the EC2 DNS server.
C. Configure your DNS server to forward queries for the private hosted zone to 10.1.0.2.
D. Disable the source/destination check flag for the DNS instance.
Correct Answer: B
Explanation:
Your DNS server will forward queries to your on-premises DNS. You must configure the DHCP option set
so the instances will forward queries to your on-premises DNS instead of the VPC DNS.


QUESTION 12
Your company uses an NTP server to synchronize time across systems. The company runs multiple versions of Linux
and Windows systems. You discover that the NTP server has failed, and you need to add an alternate NTP server to
your instances.
Where should you apply the NTP server update to propagate information without rebooting your running instances?
A. DHCP Options Set
B. instance user-data
C. cfn-init scripts
D. instance meta-data
Correct Answer: C

QUESTION 13
Your company is expanding its cloud infrastructure and moving many of its flat files and static assets to S3. You
currently use a VPN to access your compute infrastructure, but you require more reliability for your static files as you are
offloading all of your important data to AWS. What is your best course of action while keeping costs low?
A. Create a Direct Connect connection using a Private VIF to access both compute and S3 resources.
B. Create an S3 endpoint and create a route to the endpoint prefix list for your VPN to allow access to your S3
resources.
C. Create two Direct Connect connections. Each connected to a Private VIF to ensure maximum resiliency.
D. Create a Direct Connect connection using a Public VIF and route your VPN over the DX connection to your VPN
endpoint.
Correct Answer: D
Explanation:
An S3 endpoint cannot be used with a VPN. A Private VIF cannot access S3 resources. A Public VIF with
a VPN will ensure security for your compute resources and access to your S3 resources. Two DX
connections are very expensive and a Private VIF still won\\’t allow access to your S3 resources.

Welcome to download the valid Pass4itsure ANS-C00 pdf

Free downloadGoogle Drive
Amazon AWS ANS-C00 pdf https://drive.google.com/file/d/1MdFqNuu2TjSkTTGYDvh243BTyGv4xPg-/view?usp=sharing

Pass4itsure latest Amazon exam dumps coupon code free share

Summary:

New Amazon ANS-C00 exam questions from Pass4itsureĀ ANS-C00 dumps! Welcome to download the newest Pass4itsureĀ ANS-C00 dumps https://www.pass4itsure.com/aws-certified-advanced-networking-specialty.html (366 Q&As), verified the latest ANS-C00 practice test questions with relevant answers.

Amazon AWS ANS-C00 dumps pdf free share https://drive.google.com/file/d/1MdFqNuu2TjSkTTGYDvh243BTyGv4xPg-/view?usp=sharing