ANS-C00 is one of the most popular certifications for Amazon!leads4pass many exam experts after a long time of hard work, today in January 2022 released the latest updated Amazon ANS-C00 exam questions – leads4pass ANS-C00 dumps.
leads4pass ANS-C00 dumps has two modes dumps pdf and dumps VCE, which are 100% true and effective to help you pass the exam – ANS-C00 dumps (2022.1 updates): https://www.leads4pass.com/aws-certified-advanced-networking-specialty.html (395 Q&A dumps)
And: Share a part of the latest updated ANS-C00 exam questions online exam test (the answer to the exam question will be announced at the end of the article)
Continue: Or download the ANS-C00 dumps PDF for free sharing online: https://drive.google.com/file/d/1n7xXGv56rxGUBvLXrS5KbjPR6YQ4qk1o/
ANS-C00 exam questions online exam practice
QUESTION 1
You received reports from clients in another time zone that they experienced an outage of your website several hours
before you arrived at work. What two AWS services could prove crucial in figuring out what happened? (Choose two.)
A. AWS Support
B. CloudTrail
C. CloudWatch
D. Flow Logs
Explanation:
CloudTrail is for finding out who made a change. This could be a reason for the outage, but you need to
see the metrics first. CloudWatch and Flow Logs are the best for this.
QUESTION 2
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The
application sends access logs from all locations to a single Amazon S3 bucket in us-west-2. To protect this sensitive
data, the bucket policy is configured to deny access from public IP addresses.
How should an engineer configure the network to meet these requirements?
A. Configure an AWS Direct Connect private virtual interface to the company\\’s AWS VPC in us-west-2. Create a VPC
endpoint and configure the on-premises systems to leverage an HTTPS proxy in the VPC to access Amazon S3.
B. Configure a VPN connection to the company\\’s AWS VPC in us-west-2 and use BGP to advertise routes for Amazon
S3.
C. Configure a Direct Connect connection public virtual interface to us-west-2. Leverage an on-premises HTTPS proxy
to send traffic to Amazon S3 over a Direct Connect connection.
D. Configure a VPN connection to the company\\’s AWS VPC in us-west-2. Create a NAT gateway and configure the onpremises systems to leverage an HTTPS proxy in the VPC to access Amazon S3.
QUESTION 3
You have to set up an AWS Direct Connect connection to connect your on-premises to an AWS VPC. Due to budget
requirements, you can only provision a single Direct Connect port. You have two border gateway routers at your onpremises data center that can peer with the Direct Connect routers for redundancy.
Which two design methodologies, in combination, will achieve this connectivity? (Choose two.)
A. Terminate the Direct Connect circuit on a L2 border switch, which in turn has trunk connections to the two routers.
B. Create two Direct Connect private VIFs for the same VPC, each with a different peer IP.
C. Terminate the Direct Connect circuit on any of the one routers, which in turn will have an IBGP session with the other
router.
D. Create one Direct Connect private VIF for the VPC with two customer peer IPs.
E. Provision two VGWs for the VPC and create one Direct Connect private VIF per VGW.
QUESTION 4
A company hosts its application, example.com, behind Application Load Balancers in the us-east-1 and eu-west-1
Regions. Users should be routed to the resources geographically nearest to them. Users must not be routed to the
application when it is considered unhealthy.
How should a network engineer configure Amazon Route 53 to route clients to example.com?
A. Configure latency.example.com to use a weighted routing policy that points to the load balancers, and associate an
HTTP health check. Configure failover records for example.com. Point the primary alias
record to latency.example.com, and enable the evaluate target health setting. Point the secondary
record to a static HTML maintenance page hosted in Amazon S3.
B. Configure latency.example.com CNAME latency-based records that point to the load balancers, and associate an
HTTP health check. Configure failover records for example.com. Point the primary alias record to latency.example.com,
and enable the setting used to evaluate target health. Point the secondary record to a static HTML maintenance page
hosted in Amazon S3.
C. Configure latency.example.com to use a geoproximity routing policy that points to the load balancers, and associate
an HTTP health check. Configure failover records for example com. Point the primary alias record to
latency.example.com, and enable the evaluate target health setting. Point the secondary record to a static HTML
maintenance page hosted in Amazon S3.
D. Configure latency.example.com alias latency-based records that point to the load balancers, enable the setting used
to evaluate target health, and associate an HTTP health check. Configure failover records for example.com. Point the
primary CNAME record to latency.example.com, and associate an HTTP health check. Point the secondary record to a
static HTML maintenance page hosted in Amazon S3.
QUESTION 5
An organization is deploying an application in a VPC that requires SSL mutual authentication with a client-side
certificate, as that is the primary method of identifying clients. The Network Engineer has been tasked with defining the
mechanism used within AWS to provide the SSL mutual authentication.
Which of the following options meets the organization\\’s requirements?
A. Use a Classic Load Balancer and upload the client certificate private keys to it. Perform SSL mutual authentication of
the client-side certificate there.
B. Use a Network Load Balancer with a TCP listener on port 443, and pass the request through for the SSL mutual
authentication to be handled by a backend instance.
C. Use an Application Load Balancer and upload the client certificate private keys to it by using the native server name
indication (SNI) features with smart certificate selection to handle multiple calling applications.
D. Front the application with Amazon API Gateway, and use its client-side SSL mutual authentication feature that uses
the backend instances to verify the source of the request.
Reference: https://aws.amazon.com/about-aws/whats-new/2017/10/elastic-load-balancing-applicationload-balancersnow-support-multiple-ssl-certificates-and-smart-certificate-selection-using-server-nameindication-sni/
QUESTION 6
Fill in the blanks: One of the basic characteristics of security groups for your VPC is that you ______ .
A. can specify allow rules, but not deny rules
B. can specify deny rules, but not allow rules
C. can specify allow rules as well as deny rules
D. can neither specify allow rules nor deny rules
Explanation:
Security Groups in VPC allow you to specify rules with reference to the protocols and ports through which
communications with your instances can be established. One such rule is that you can specify allow rules,
but not deny rules.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html
QUESTION 7
You have just configured an Elastic Load Balancer. Assuming all settings are configured properly, about how long will it
take an instance to become healthy with a 6 second HealthCheck Interval, an unhealthy threshold of 5 and a healthy
threshold of 10?
A. 120 seconds
B. 30 seconds
C. 6 seconds
D. 60 seconds
Explanation:
60 seconds. 10 healthcheck successes with 6 second intervals.
QUESTION 8
True or false: A VPC contains multiple subnets, where each subnet can span multiple Availability Zones.
A. This is true only for US regions.
B. This is false.
C. This is true.
D. This is true only if requested during the set-up of VPC.
Explanation:
A VPC can span several Availability Zones. In contrast, a subnet must reside within a single Availability
Zone.
Reference: https://aws.amazon.com/vpc/faqs/
QUESTION 9
You have 99 routes in your dynamic BGP propagated route table and you wish to add 2 more: 10.1.0.0 and 10.3.0.0.
You cannot modify or remove routes that have already been announced.
What should you do?
A. Summarize the two routes to combine them into one and advertise it.
B. Just advertise them, the 100 route limit is a “soft limit” and will be expanded automatically.
C. You cannot add these routes.
D. Call AWS support to increase your route limit.
Explanation:
You cannot add these routes. If you try to summarize them, that would create a 10.0.0.0/14, which is too
low of a CIDR to advertise to AWS. AWS has a minimum of /16. You cannot have the 100 route limit
modified in any way. It is a hard 100 route limit.
QUESTION 10
Refer to the image.
You have three VPCs: A, B, and C. VPCs A and C are both peered with VPC B. The IP address ranges are as follows:
1.
VPC A: 10.0.0.0/16
2.
VPC B: 192.168.0.0/16
3.
VPC C: 10.0.0.0/16
Instance i-1 in VPC A has the IP address 10.0.0.10. Instance i-2 in VPC C has the IP address 10.0.0.10. Instances i-3
and i-4 in VPC B have the IP addresses 192.168.1.10 and 192.168.1.20, respectively, i-3 and i-4 are in the subnet
192.168.1.0/24.
1.
i-3 must be able to communicate with i-1
2.
i-4 must be able to communicate with i-2
3.
i-3 and i-4 are able to communicate with i-1, but not with i-2.
Which two steps will fix this problem? (Choose two.)
A. Create subnets 192.168.1.0/28 and 192.168.1.16/28. Move i-3 and i-4 to these subnets, respectively.
B. Create subnets 192.168.1.0/27 and 192.168.1.16/27. Move i-3 and i-4 to these subnets, respectively.
C. Change the IP address of i-2 to 10.0.0.100. Assign it an elastic IP address.
D. Create a new route table for VPC B, with unique route entries for destination VPC A and destination VPC C.
E. Create two route tables: one with a route for destination VPC A, and another for destination VPC C.
QUESTION 11
Which of the following characters is not allowed while creating a Namespace for a CloudWatch metric?
A. /
B. :
C. #
D. @
Explanation:
Namespace is a grouping or a container for a CloudWatch metric. The names must be valid XML
characters, typically containing the alphanumeric characters “0-9A-Za-z” plus “.”(period), “-” (hyphen),
“_” (underscore), “/” (slash), “#” (hash), and “:” (colon). All AWS namespaces follow the convention AWS/
, such as AWS/EC2 and AWS/ELB.
Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html
QUESTION 12
A network engineer has configured a private hosted zone using Amazon Route 53. The engineer needs to configure
health checks for record sets within the zone that are associated with instances.
How can the engineer meet the requirements?
A. Configure a Route 53 health check to a private IP associated with the instances inside the VPC to be checked.
B. Configure a Route 53 health check pointing to an Amazon SNS topic that notifies an Amazon CloudWatch alarm
when the Amazon EC2 StatusCheckFailed metric fails.
C. Create a CloudWatch metric that checks the status of the EC2 StatusCheckFailed metric, add an alarm to the metric,
and then create a health check that is based on the state of the alarm.
D. Create a CloudWatch alarm for the StatusCheckFailed metric and choose Recover this instance, selecting a
threshold value of 1.
Verify answer:
| Q1 | Q2 | Q3 | Q4 | Q5 | Q6 | Q7 | Q8 | Q9 | Q10 | Q11 | Q12 |
| CD | C | AD | D | C | A | D | B | A | AE | D | A |
All Amazon ANS-C00 exam questions will be updated in 2022, guaranteed to be true and valid, and get complete Amazon ANS-C00 dumps to ensure 100% pass the exam (2022.1 updates): https://www.leads4pass.com/aws-certified-advanced-networking-specialty.html (395 Q&A dumps)
PS.Free to share the latest updated ANS-C00 dumps PDF: https://drive.google.com/file/d/1n7xXGv56rxGUBvLXrS5KbjPR6YQ4qk1o/