Amazon exam practice test / ans-c00 dumps / ans-c00 dumps pdf / ans-c00 exam / ans-c00 exam questions / ans-c00 pdf / ans-c00 practice test / ans-c00 study guide

Valid Amazon AWS ANS-C00 Practice Questions Free Share From Pass4itsure

Amazon AWS ANS-C00 is difficult. But with the Pass4itsure ANS-C00 dumps https://www.pass4itsure.com/aws-certified-advanced-networking-specialty.html preparation material candidate, it can be achieved easily. In ANS-C00 practice tests, you can practice on the same exam as the actual exam. If you master the tricks you gained through practice, it will be easier to achieve your target score.

Amazon AWS ANS-C00 pdf free https://drive.google.com/file/d/1cDdS1178taYPg0wrS3MbfZYbXIG5KVGg/view?usp=sharing

Latest Amazon AWS ANS-C00 practice exam questions at here:

QUESTION 1
A company provisions an AWS Direct Connect connection to permit access to Amazon EC2 resources in several
Amazon VPCs and to data stored in private Amazon S3 buckets. The Network Engineer needs to configure the
company\\’s on-premises router for this Direct Connect connection.
Which of the following actions will require the LEAST amount of configuration overhead on the customer router?
A. Configure private virtual interfaces for the VPC resources and for Amazon S3.
B. Configure private virtual interfaces for the VPC resources and a public virtual interface for Amazon S3.
C. Configure a private virtual interface to a Direct Connect gateway for the VPC resources and for Amazon S3.
D. Configure a private virtual interface to a Direct Connect gateway for the VPC resources and a public virtual interface
for Amazon S3.
Correct Answer: A


QUESTION 2
You can use the ____ command of the AWS Config service CLI to see the compliance state for each AWS resource of
a specific type.
A. describe-compliance-by-resource
B. get-compliance-details-by-config-rule
C. describe-compliance-by-config-rule
D. get-compliance-details-by-resource
Correct Answer: A
You can use the AWS Config console, AWS CLI, or AWS Config API to view the compliance state of your rules and
resources. The describe-compliance-by-resource command of the AWS Config CLI to see the compliance state for each
AWS resource of a specific type. This is distinct from the describe-compliance-by-config-rule command, which gives the
compliance state of each rule in AWS Config .
Reference: http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_view-compliance.html

QUESTION 3
An organization is migrating its on-premises applications to AWS by using a lift-and-shift approach, taking advantage of
managed AWS services wherever possible. The company must be able to edit the application code during the migration
phase. One application is a traditional three-tier application, consisting of a web presentation tier, an application tier, and
a database tier. The external calling client applications need their sessions to remain sticky to both the web and
application nodes that they initially connect to.
Which load balancing solution would allow the web and application tiers to scale horizontally independent from one
another other?
A. Use an Application Load Balancer at the web tier and a Classic Load Balancer at the application tier. Set session
stickiness on both, but update the application code to create an application-controlled cookie on the Classic Load
Balancer.
B. Use an Application Load Balancer at both the web and application tiers, setting session stickiness at the target group
level for both tiers.
C. Deploy a web node and an application node as separate containers on the same host, using task linking to create a
relationship between the pair. Add an Application Load Balancer with session stickiness in front of all web node
containers.
D. Use a Network Load Balancer at the web tier, and an Application Load Balancer at the application tier. Enable
session stickiness on the Application Load Balancer, but take advantage of the native WebSockets protocols available
to the Network Load Balancer.
Correct Answer: B

QUESTION 4
A user has created a VPC with CIDR 20.0.0.0/16 with only a private subnet and VPN connection using the VPC wizard.
The user wants to connect to the instance in a private subnet over SSH. How should the user define the security rule for
SSH?
A. The user can connect to a instance in a private subnet using the NAT instance
B. The user has to create an instance in EC2 Classic with an elastic IP and configure the security group of a private
subnet to allow SSH from that elastic IP
C. Allow Inbound traffic on port 22 from the user\\’s network
D. Allow Inbound traffic on port 80 and 22 to allow the user to connect to a private subnet over the internet
Correct Answer: C
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data
centre, the user can setup a case with a VPN only subnet (private) which uses VPN access to connect with his data
centre. When the user has configured this setup with Wizard, all network connections to the instances in the subnet will
come from his data centre. The user has to configure the security group of the private subnet which allows the inbound
traffic on SSH (port 22) from the data centre\\’s network range.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario4.html

QUESTION 5
A company deployed its production Amazon VPC using CIDR block 33.16.0.0/16. The company has nearly depleted its
addresses and now needs to extend the VPC network.
Which CIDR blocks meet the company\\’s requirement to extend the VPC network with a secondary CIDR? (Choose
two.)
A. 33.17.0.0/16
B. 172.16.0.0/18
C. 100.70.0.0/17
D. 192.168.1.0/24
E. 10.0.0.0/8
Correct Answer: AC

QUESTION 6
A company has an application running on Amazon EC2 instances in a private subnet that connects to a third-party
service provider\\’s public HTTP endpoint through a NAT gateway. As request rates increase, new connections are
starting to fail. At the same time, the ErrorPortAllocation Amazon CloudWatch metric count for the NAT gateway is
increasing.
Which of the following actions should improve the connectivity issues? (Choose two.)
A. Allocate additional elastic IP addresses to the NAT gateway.
B. Request that the third-party service provider implement HTTP keepalive.
C. Implement TCP keepalive on the client instances.
D. Create additional NAT gateways and update the private subnet route table to introduce the new NAT gateways.
E. Create additional NAT gateways in the public subnet and split client instances into multiple private subnets, each with
a route to a different NAT gateway.
Correct Answer: CD
Reference: https://aws.amazon.com/premiumsupport/knowledge-center/vpc-resolve-port-allocation-errors/


QUESTION 7
You can use the ____ page of the AWS Config console to look up resources that AWS Config has discovered, including
deleted resources and resources that are not currently being recorded.
A. snapshot listing
B. configuration history
C. resource inventory
D. resource database
Correct Answer: C
You can use the AWS Config console, AWS CLI, and AWS Config API to look up the resources that AWS Config has
taken an inventory of, or discovered, including deleted resources and resources that AWS Config is not currently
recording. AWS Config discovers supported resource types only. You can use the AWS Config console in the AWS
Management console to look up these resources. The Resource Inventory page lets you perform this search.
Reference: http://docs.aws.amazon.com/config/latest/developerguide/looking-up-discovered-resources.html
 

QUESTION 8
You can use the ____ command of the AWS Config service CLI to see the compliance state of each resource that AWS
Config evaluates for a specific rule.
A. describe-compliance-by-resource
B. describe-compliance-by-config-rule
C. get-compliance-details-by-config-rule
D. get-compliance-details-by-resource
Correct Answer: C
You can use the get-compliance-details-by-config-rule command of the AWS Config CLI to see the compliance state of
each resource that AWS Config evaluates for a specific rule. Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_view-compliance.html


QUESTION 9
Your company has a DX connection and you just added a new VPC and Private VIF to which you have connected to
your DX link. You copied the settings from the other VPC to ensure it\\’s the same. Once you connected the new VIF,
you began seeing problems with connectivity to both VPCs.
You checked to make sure you didn\\’t use the same CIDR with each VPC, so what could be the problem?
A. You used the same VLAN ID for both connections.
B. You overloaded your DX circuit.
C. Your MPLS provider does not allow traffic to two VPCs.
D. You can only connect one VIF to a DX circuit.
Correct Answer: A
You can only have 1 instance of any VLAN ID.

QUESTION 10
Each custom AWS Config rule you create must be associated with a(n) AWS ____, which contains the logic that
evaluates whether your AWS resources comply with the rule.
A. Lambda function
B. Configuration trigger
C. EC2 instance
D. S3 bucket
Correct Answer: A
You can develop custom AWS Config rules to be evaluated by associating each of them with an AWS Lambda function,
which contains the logic that evaluates whether your AWS resources comply with the rule. You associate this function
with your rule, and the rule invokes the function either in response to configuration changes or periodically. The function
then evaluates whether your resources comply with your rule, and sends its evaluation results to AWS Config.
Reference: http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html

QUESTION 11
Your company has installed an AWS Direct Connect connection in an ap-southeast-1 Direct Connect location. A public
virtual interface is configured through a router to a dedicated firewall. You advertise your company\\’s public /24 CIDR
block to AWS with AS 65500. The company maintains a separate, corporate Internet firewall to map all outbound traffic
to a single IP. This firewall maintains a BGP relationship with an upstream Internet provider that has delegated the
public IP block your company uses. When the BGP session for the public virtual interface is up, corporate network users
cannot access Amazon S3 resources in the ap-southeast-1 region.
Which step should you take to provide concurrent AWS and Internet access?
A. Configure AS-PATH prepending for the public virtual interface.
B. Advertise a host route for the corporate firewall on the public virtual interface.
C. Advertise a host route for the corporate firewall to the upstream Internet provider.
D. NAT the traffic destined for AWS from the dedicated firewall using the public virtual interface.
Correct Answer: D
When outgoing traffic is routed via the corporate firewall, its return path is via the Direct Connect public virtual interface
and therefore through the dedicated firewall. This dedicated firewall does not track the original NAT session and
subsequently drops the traffic. Answer A is incorrect because AWS will always prefer Direct Connect over Internet
routing. Answer B is incorrect because return traffic is still processed by the dedicated firewall. Answer C is incorrect
because it does not change the traffic flow.

QUESTION 12
A user is running a batch process on EBS backed EC2 instances. The batch process launches few EC2 instances to
process hadoop Map reduce jobs which can run between 50-600 minutes or sometimes for even more time. The user
wants a configuration that can terminate the instance only when the process is completed. How can the user configure
this with CloudWatch?
A. Configure a job which terminates all instances after 600 minutes
B. It is not possible to terminate instances automatically
C. Set up the CloudWatch with Auto Scaling to terminate all the instances
D. Configure the CloudWatch action to terminate the instance when the CPU utilization falls below 5%
Correct Answer: D
Amazon CloudWatch alarm watches a single metric over a time period that the user specifies and performs one or more
actions based on the value of the metric relative to a given threshold over a number of time periods. The user can setup
an action which terminates the instances when their CPU utilization is below a certain threshold for a certain period of
time. The EC2 action can either terminate or stop the instance as part of the EC2 action.
Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/UsingAlarmActions.html

QUESTION 13
A company\\’s Network Engineering team is solely responsible for deploying VPC infrastructure using AWS
CloudFormation. The company wants to give its Developers the ability to launch applications using CloudFormation
templates so that subnets can be created using available CIDR ranges.
What should be done to meet these requirements?
A. Create a CloudFormation templates with Amazon EC2 resources that rely on cfn-init and cfn-signals to inform the
stack of available CIDR ranges.
B. Create a CloudFormation template with a custom resource that analyzes traffic activity in VPC Flow Logs and reports
on available CIDR ranges.
C. Create a CloudFormation template that references the Fn::Cidr intrinsic function within a subnet resource to select an
available CIDR range.
D. Create a CloudFormation template with a custom resource that uses AWS Lambda and Amazon DynamoDB to
manage available CIDR ranges.
Correct Answer: C

Welcome to download the valid Pass4itsure ANS-C00 pdf

Free downloadGoogle Drive
Amazon AWS ANS-C00 pdf https://drive.google.com/file/d/1cDdS1178taYPg0wrS3MbfZYbXIG5KVGg/view?usp=sharing

Summary:

New Amazon ANS-C00 exam questions from Pass4itsure ANS-C00 dumps! Welcome to download the newest Pass4itsure ANS-C00 dumps https://www.pass4itsure.com/aws-certified-advanced-networking-specialty.html (366 Q&As), verified latest ANS-C00 practice test questions with relevant answers.

Amazon AWS ANS-C00 dumps pdf free share https://drive.google.com/file/d/1cDdS1178taYPg0wrS3MbfZYbXIG5KVGg/view?usp=sharing