Get Updated AWS Certified Advanced Networking - Specialty Exam Dumps (AWS ANS-C00 2022 Practice Questions For Free)

1. What implementation enables on-premises users to connect to AppStream and existing VPC resources?

2. An organization has ordered a new AWS Direct Connect connection. The AWS Management Console reports that the connection is available and BGP status is up. However, the networking team is not able to reach instances in the VPC using ping on the organization's private IP address.

What could cause this connectivity issue? (Choose two.)

3. A company has a hybrid IT architecture with two AWS Direct Connect connections to provide high availability. The services hosted on-premises are accessible using public IPs, and are also on the 172.16.0.0/16 range.

The AWS resources are on the 192.168.0.0/18 range. The company wants to use Amazon Elastic Load Balancing for SSL offloading, health checks, and sticky sessions.

What should be done to meet these requirements?

4. A company deployed its production Amazon VPC using CIDR block 33.16.0.0/16. The company has nearly depleted its addresses and now needs to extend the VPC network.

Which CIDR blocks meet the company’s requirement to extend the VPC network with a secondary CIDR? (Choose two.)

5. A company is deploying a new web application that uses a three-tier model with a public-facing Network Load Balancer and web servers in an Amazon VPC. The application servers are hosted in the company's data center. There is an AWS Direct Connect connection between the VPC and the company’s data center. Load testing results indicate that up to 100 servers, equally distributed across multiple Availability Zones, are required to handle peak loads.

The network engineer needs to design a VPC that has a /24 CIDR assigned to it.

How should the engineer allocate subnets across three Availability Zones for each tier?

6. Changes made to a security group attached to an Application Load Balancer resulted in connectivity issues for a company's production web application. The network engineer needs to lock down permissions for the company's AWS account, automate auditing for any changes, and set up notifications.

What actions should accomplish this?

7. A computing team is evaluating whether to place a high performance computing (HPC) application in AWS. The team is concerned about application performance and wants to know what options are available to increase networking performance.

Which of the following changes would increase performance for this application? (Choose two.)

8. An organization has created a web application inside a VPC and wants to make it available to 200 client VPCs. The client VPCs are in the same Region but are owned by other business units within the organization.

What is the best way to meet this requirement, without making the application publicly available?

9. A company's IT Security team needs to ensure that all servers within an Amazon VPC can communicate with a list of five approved external IPs only. The team also wants to receive a notification every time any server tries to open a connection with a non-approved endpoint.

What is the MOST cost-effective solution that meets these requirements?

10. The Security department has mandated that all outbound traffic from a VPC toward an on-premises datacenter must go through a security appliance that runs on an Amazon EC2 instance.

Which of the following maximizes network performance on AWS? (Choose two.)

11. A Network Engineer needs to be automatically notified when a certain TCP port is accessed on a fleet of Amazon EC2 instances running in an Amazon VPC.

Which of the following is the MOST reliable solution?

12. A network engineer deploys an application in a private subnet in a VPC that connects to many external video feed providers using RTMP over the internet. A NAT gateway has been deployed in a public subnet and is working as expected. From the Amazon EC2 instance, the application is able to connect to all feed providers except one, which hangs when connecting. Manually testing a connection from an Amazon EC2 instance in the public subnet to the problem feed indicates that the feed works as expected.

What is causing this issue?a

13. A company has an application running in an Amazon VPC that must be able to communicate with on-premises resources in a data center. Network traffic between AWS and the data center will initially be minimal, but will increase to more than 10 Gbps over the next few months. The company's goal is to launch the application as quickly as possible.

The network engineer has been asked to design a hybrid IT connectivity solution. What should be done to meet these requirements?

14. A company has recently established an AWS Direct Connect connection from its on-premises data center to AWS. A Network Engineer has blocked all traffic destined for Amazon S3 over the company's gateway to the internet from its on-premises firewall. S3 traffic should only traverse the Direct Connect connection. Currently, no one in the on-premises data center can access Amazon S3.

Which solution will resolve this connectivity issue?

15. A company provisions an AWS Direct Connect connection to permit access to Amazon EC2 resources in several Amazon VPCs and to data stored in private Amazon S3 buckets. The Network Engineer needs to configure the company's on-premises router for this Direct Connect connection.

Which of the following actions will require the LEAST amount of configuration overhead on the customer router?

16. A company has two redundant AWS Direct Connect connections to a VPC. The VPC is configured using BGP metrics so that one Direct Connect connection is used as the primary traffic path. The company wants the primary Direct Connect connection to fail to the secondary in less than one second.

What should be done to meet this requirement?

17. A company has two redundant AWS Direct Connect connections to a VPC. The VPC is configured using BGP metrics so that one Direct Connect connection is used as the primary traffic path. The company wants the primary Direct Connect connection to fail to the secondary in less than one second.

What should be done to meet this requirement?

18. A company’s network engineering team is solely responsible for deploying VPC infrastructure using AWS CloudFormation. The company wants to give its developers the ability to launch applications using CloudFormation templates so that subnets can be created using available CIDR ranges.

What should be done to meet these requirements?

19. A company’s web application is deployed on Amazon EC2 instances behind a public Application Load Balancer. The application flags malicious requests and uses an AWS Lambda function to add the offending IP addresses to the network ACL to block any further requests for 24 hours. Recently, the application has been receiving more malicious requests, which causes the network ACL to reach its limit of allowed entries.

Which action should be taken to block more IP addresses, without compromising the existing security requirements?

20. A company is using AWS to host all of its applications. Each application is isolated in its own Amazon VPC. Different environments such as Development, Test, and Production are also isolated in their own VPCs. The network engineer needs to automate VPC creation to enforce the company’s network and security standards. Additionally, the CIDR range used in each VPC needs to be unique.

Which solution meets all of these requirements?

21. You can turn on the AWS Config service from the AWS CLI by running the subscribe command and passing as parameters a valid IAM role, SNS topic, and             .

22. You can turn on the AWS Config service from the AWS CLI by running the subscribe command and passing as parameters a valid IAM role, SNS topic, and             .

23. You would like to automate the monitoring of changes in the configurations of your AWS resources and respond programmatically to configurations of only a certain type. To do this, you could use Amazon                   as the endpoint for the Amazon SNS topics that generate messages from AWS Config.

24. You can use the         command of the AWS Config service CLI to see the compliance state for each AWS resource of a specific type.

25. When an AWS Config rule is triggered a JSON object known as an AWS Config Event is created. This object

contains another JSON string in its        parameter, which describes the event that triggered the rule.

26. When an AWS Config rule is triggered a JSON object known as an AWS Config Event is created. This object contains a(n)         attribute, which is a JSON-formatted set of key/value pairs the receiving AWS Lambda function processes as part of its evaluation logic.

27. When using AWS Config, which two items are stored on S3 as a part of its operation?

28. You can use the         page of the AWS Config console to look up resources that AWS Config has discovered, including deleted resources and resources that are not currently being recorded.

29. An AWS Config rule can be set to be evaluated if a certain set of resources undergoes a configuration change. The set of resources to which the rule applies can be restricted by the rule's               , which can include a combination of a resource type and a resource ID, for example.

30. Which other AWS service is used to track `Related Events' within the Configuration Item?

31. Non-compliant resources identified through the use of AWS Config Rules are automatically removed from operational service.

32. Which element of AWS Config can be used to help maintain internal and external compliance controls?

33. Which AWS service is used within an AWS Config Rule to perform the logic evaluation of that rule?

34. AWS Config flags a resource as        if a resource violates any conditions of an AWS Config rule that it evaluates on the resource in question.

35. Each custom AWS Config rule you create must be associated with a(n) AWS        , which contains the logic that evaluates whether your AWS resources comply with the rule.

36. A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned services does not provide detailed monitoring with CloudWatch?

37. You can use the         command of the AWS Config service CLI to see the compliance state of each of your rules.

38. You have several Amazon Glacier vaults you would like to monitor. How might you monitor those vaults?

39. In order to change the name of the AWS Config        , you must stop the configuration recorder, delete the current one, and create a new one with a new name, since there can only be one of these per AWS account.

40. Which of the following characters is not allowed while creating a Namespace for a CloudWatch metric?

41. You would like to ensure that all Amazon S3 buckets going forward, current and newly created ones, have logging enabled. What type of trigger(s) should you use?

42. You have many IAM users with the ability to create EC2 volumes. Most of the data your team works with is sensitive, so you would like to make sure all volumes are encrypted. How might you facilitate this requirement?

43. You can use the         command of the AWS Config service CLI to see the compliance state of each resource that AWS Config evaluates for a specific rule.

44. A user is running a batch process on EBS backed EC2 instances. The batch process launches few EC2 instances to process hadoop Map reduce jobs which can run between 50-600 minutes or sometimes for even more time. The user wants a configuration that can terminate the instance only when the process is completed. How can the user configure this with CloudWatch?

45. You need to create a subnet in a VPC that supports 14 hosts. You need to be as accurate as possible since you run a very large company. What CIDR should you use?

46. You have a DX connection and a VPN connection as backup for your 10.0.0.0/16 network. You just received a letter indicating that the colocation provider hosting the DX connection will be undergoing maintenance soon. It is critical that you do not experience any downtime or latency during this period.

What is the best course of action?

47. You have two enhanced networking capable instances in a placement group. One with an Intel network interface and one with an ENA.

What network speed will be achieved between the two?

48. Your company has placement groups in two different availability zones. There is a large project coming up and, although resilience is important, cost and speed are the most important factors. The servers in each placement group need to be able to achieve the highest speed possible.

How can this be achieved?

49. Your company has placement groups in two different availability zones. There is a large project coming up and, although resilience is important, cost and speed are the most important factors. The servers in each placement group need to be able to achieve the highest speed possible.

How can this be achieved?

50. Your network utilizes jumbo frames on its servers and your router. You are trying to access your AWS resources, and you are having issues with packet loss. What is the best solution?

51. You have two VPCs that you need to connect to an on-premises datacenter using VPNs. When you create the tunnels, you find that both tunnels use the same addresses. What two things can you do to overcome this? (Choose two.)

52. Your company just purchased a domain using another registrar and wants to use the same nameservers as your current domain hosted with AWS. How would this be achieved?

53. Your company is connecting one data center with one router to several VPCs and needs to access them transitively. What should you do?

54. Your AWS WorkSpaces users are unable to authenticate. What could be one reason for this?

55. You have just deployed a website that utilizes CloudFront, ELB, and S3 to serve content. When users access your site, they are seeing broken image links. You know you configured CloudFront to use cdn.yourdomain.com. What is the most likely reason why your users not seeing the images?

56. You are responsible for several EC2 instances deployed from Amazon AMIs that are required to upload information to an S3 bucket. This information must not traverse the public internet. You must also be able to update the instances. Which option is your best solution?

57. Your company is building a new data center. You currently have an on-premises data center that accesses your single VPC via VPN. You need to provide access to your single VPC to your new data center. Since your new data center build is already over budget, you need to keep costs low.

How should you accomplish this?

58. You have a website hosted on EC2 that is not serving web pages. You have ensured that the server is running and the site is configured properly. What could be the problem?

59. You are auditing an AWS infrastructure after you noticed some abnormal charges on the bill. You use AWS Config to monitor your changes. What else is required to find out who made the change?

60. Your organization has placed a project on hold and has stopped 30 public EC2 instances. These instances use instance store volumes and do not have custom AMIs associated. You are still being charged every month.

What is the charge probably for?

61. You need to quickly view inbound traffic to an instance to determine why it isn't reaching the instance properly. What is the best tool for this?

62. Your company has just completed a transition to IPv6 and has deployed a website on a server. You were able to download software on the instance without an issue. This website is deployed using IPv6, but the public is not able to access it. What should you do to fix this problem?

63. Your company has two DX locations. You need to configure one link as passive. What should you configure in your router to set that link as the passive link.

64. You have just configured an Elastic Load Balancer. Assuming all settings are configured properly, about how long will it take an instance to become healthy with a 6 second HealthCheck Interval, an unhealthy threshold of 5 and a healthy threshold of 10?

65. Your company needs to directly update an S3 bucket that serves as a CloudFront origin with the most reliability possible. Your company also has a set of private EC2 servers that it needs to access with the same reliability. Which combination will provide the best solution?

66. You wish to have a sub-1G connection to AWS to save on costs. How can you achieve this?

67. You have just peered two VPCs, and you need to improve performance for instances you plan on deploying. What are two steps you would take to do this? (Choose two.)

68. You have just deployed a website that utilizes CloudFront, ELB, and S3 to serve content. When users access your site, they are seeing broken image links. What is most likely the problem?

69. You have a static VPN connecting your data center and your VPC. You currently have 50 routes added to your route table. You want to add more; how should you do this?

70. Your company needs an inexpensive solution to host their AD data in the cloud. They do not need all of the features of AD but do need to be able to use it with WorkSpaces. What is the best solution?

71. You need to find the MTU used by another instance, but tracepath is not working. You know the instance you are trying to tracepath has open security group and NACL rules. Which protocol do you need to allow to access your instance to remedy this?

72. You are under a DDoS attack and you have added a deny all TCP rule to your NACL, but traffic is still coming. What did you do wrong?

73. When configuring Active/Passive HA on VPN tunnels, choose the two best ways to configure this. (Choose two.)

74. Your company is working on a transition from IPv4 to IPv6 but is concerned about the security of having public IPv6 addresses attached to instances in a public network. They currently use a NAT to allow outbound traffic for instances. Outbound traffic is required for updates. What are two options to alleviate your company's concerns? (Choose two.)

75. You have two placement groups in a VPC. What communication speed can be expected between the two placement groups?

76. You have two Direct Connect connections and two VPN connections to your network. Site A is VPN 10.1.0.0/24 AS 65000 65000, Site B is VPN 10.1.0.252/30 AS 65000, Site C is DX 10.0.0.0/8 AS 65000 and  Site D is DX 10.0.0.0/16 AS 65000 65000 65000. Which site will AWS choose to reach your network?

77. You manage a website that uses a load balancer. You are noticing one of the servers is receiving more traffic than the other. What is probably the cause of this?

78. Your website is under attack and a malicious party is stealing large amounts of data. You have default NACL rules. Stopping the attack is the ONLY priority in this case. Which two commands should you use? (Choose two.)

79. You are a holdings company that buys many businesses and must integrate their VPCs into your network. You are constantly encountering networks with similar or overlapping subnets.

What is the best way to manage this.

80. Your company has a high-availability hybrid solution that utilizes a two Direct Connect connections and a backup VPN connection. For some reason, traffic is preferring the VPN connection instead of the direct connection. You have prepended a longer AS_PATH on the VPN connection, but AWS still prefers it over the Direct Connect connections.

What might you be able to do to fix this issue?

81. You work for an international corporation that uses AWS. Due to regulations, you are now required to route the US and China to two different websites. You set up the records and now no other countries can access your site.

Why is this?

82. Your company is expanding its cloud infrastructure and moving many of its flat files and static assets to S3. You currently use a VPN to access your compute infrastructure, but you require more reliability for your static files as you are offloading all of your important data to AWS. What is your best course of action while keeping costs low?

83. Your company currently has a LAG to AWS with two 1Gbps connections. What is the best way to increase throughput on this LAG?

84. You have 4 Direct Connect connections from your datacenter. Site A advertises 172.16.0.0/16 AS 65000, Site B advertises 172.16.0.128/25 AS 65000 65000 65000, Site C advertises 172.0.0.0/8 AS 65000 and Site D advertises 172.16.0.0/24 AS 65000. Which site will AWS choose to reach your network?

85. You have a server that serves www, FTP, and mail. You need to access this server using www.yourname.com, ftp.yourname.com, and mail.yourname.com. You want to ensure an IP change results in the least number of other changes.

What is the best solution?

86. Your company has a DX connection and you just added a new VPC and Private VIF to which you have connected to your DX link. You copied the settings from the other VPC to ensure it's the same. Once you connected the new VIF, you began seeing problems with connectivity to both VPCs.

You checked to make sure you didn't use the same CIDR with each VPC, so what could be the problem?

87. You need to find the public IP address of an instance that you're logged in to. What command would you use?

88. You have a hybrid infrastructure and you have configured your own DNS server on an EC2 instance in your 10.1.3.0/24 subnet. This subnet resides on the VPC 10.1.0.0/16. You need your data center to be able to resolve Route 53 queries in your private hosted zone. What do you need to do to accomplish this?

89. Your company has signed up to trial AWS WorkSpaces. You aren't sure you're going to keep it, but you want to try it out to see if it works for your organization of 112 users. You need to deploy it with as little work and up- front expense as possible while still allowing access to your Active Directory for authentication.

What two things should you do? (Choose two.)

90. You have two autoscaling groups in your VPC. One deploys servers that host the index of your website and another that deploys servers that host the images for your website. What three steps would you take to ensure the right servers are used for the right purpose? (Choose three.)

91. You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs.

Why might this be?

92. You want to ensure you have the absolute best transmission rates inside and outside your VPC. You are concerned about the MTU settings. What is the best way to configure your T2 instances to ensure the best compatibility?

93. Which of the following does not configure Amazon CloudFront cache behaviors to forward cookies to an origin for web distributions?

94. You received reports from clients in another time zone that they experienced an outage of your website several hours before you arrived at work. What two AWS services could prove crucial in figuring out what happened? (Choose two.)

95. You wish to access all European regions using your Direct Connect connection. How should you accomplish this?

96. You are using the CLI to assign multiple IP addresses to interfaces. The operation fails. What is the most likely reason?

97. You are a network admin of a US company called Webby Widgets that is expanding to Europe. The company has a website that serves dynamic and static content.

You have been instructed to ensure the European clients receive the least latency possible, no matter where in Europe they live, while still allowing the US clients to receive the same user experience and performance they have been accustomed to. You have also been instructed to ensure both countries use the same URL to access the site and keep costs low.

What two things should you do? (Choose two.)

98. You are configuring a CloudFront distribution, and when you try to attach an SSL, you do not see your SSL listed. What is the most likely reason for this?

99. Your company has decided to use AWS WorkSpaces for its hosted desktop solution. Your company has an existing AD of about 57,000 users, and you want to minimize authentication traffic from AWS to your datacenter. Your company has a lot of personnel changes, and it is crucial that these changes are reflected reliably.

What two steps should you take? (Choose two.)

100. You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/ Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active.

What two configuration changes should you implement? (Choose two.)

101. What number does the binary number 10101000 correspond to?

102. What number does the binary number 10101000 correspond to?

103. What number does the binary number 11000000 correspond to?

104. What value in a packet dictates the priority of the packet in a QoS enabled network?

105. What is the IPv6 subnet CIDR used by a VPC?

106. What is the name of the label applied to packets to allow routers to know where to forward in an MPLS network?

107. What port and protocol is used by DNS?

108. Which port range must be allowed through a NACL to ensure all return traffic is successful?

109. To allow all traffic to access an instance in "Subnet 1" that uses "Security Group 1", what two options need to be configured? (Choose two.)

110. You have created a custom VPC. What are two things you may need to do in order to SSH directly into your instance? (Choose two.)

111. Which of these addresses cannot be given to an EC2 instance in your VPC?

112. Which ports must you allow for HTTP and HTTPS traffic?

113. If you have one VPC peered with two VPCs with overlapping CIDRs, which route will be more preferred?

114. How many BGP advertised routes can you have per route table?

115. What MTU is recommended for VPN and Direct Connect links?

116. Which statement about placement groups is incorrect?

117. Which two statements about placement groups are correct? (Choose two.)

118. What are two reasons to have multiple IP addresses or interfaces on one server? (Choose two.)