Share Amazon ANS-C00 exam practice questions and answers from leads4pass latest updated ANS-C00 dumps free of charge. Get the latest uploaded ANS-C00 dumps pdf from google driver online. To get the full Amazon ANS-C00 dumps PDF or dumps VCE visit: AWS Certified Specialty ANS-C00 dumps (Q&As: 365). all Amazon ANS-C00 exam questions have been updated, the answer has been corrected!
Make sure your exam questions are real and effective to help you pass your first exam!
Table Of Content:
- Amazon ans-c00 Dumps Pdf
- Amazon ans-c00 Dumps Youtube
- Amazon ans-c00 Exam Practice Test
- Amazon Discount Code 2021
[Amazon ANS-C00 Dumps pdf] Latest Amazon ANS-C00 Dumps PDF collected by leads4pass Google Drive:
https://drive.google.com/file/d/112s5evlY3wmjJrxBw0CssxoQ-1Rt66yB/
[Amazon ANS-C00 Youtube] Amazon ANS-C00 exam questions and answers are shared free of charge from Youtube watching uploads from leads4pass.
Latest Update Amazon ANS-C00 Exam Practice Questions and Answers Online Test
QUESTION 1
When using AWS Config, which two items are stored on S3 as a part of its operation?
A. Configuration Items and Configuration History
B. Configuration Recorder and Configuration Snapshots
C. Configuration History and Configuration Snapshots
D. Configuration Snapshots and Configuration Streams
Correct Answer: C
Explanation: S3 is used to store the Configuration History files and any Configuration Snapshots of your data within a
single bucket, which is defined within the Configuration Recorder. You can get AWS Config to create a new bucket for
you and select an existing bucket. If you have multiple AWS accounts you may want to aggregate your Configuration
History and Snapshot files into the same S3 Bucket for your primary account, just be aware that this can be achieved.
However, you will need to grant write access for the service principal (config.amazonaws.com) in your other accounts
write access to the S3 bucket.
Reference: http://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#config-items
QUESTION 2
The Security department has mandated that all outbound traffic from a VPC toward an on-premises data center must go
through a security appliance that runs on an Amazon EC2 instance.
Which of the following maximizes network performance on AWS? (Choose two.)
A. Support for the enhanced networking drivers
B. Support for sending traffic over the Direct Connect connection
C. The instance sizes and families supported by the security appliance
D. Support for placement groups within the VPC
E. Security appliance support for multiple elastic network interfaces
Correct Answer: BC
QUESTION 3
You currently use a single security group assigned to all nodes in a clustered NoSQL database. Only your cluster
members in one region must be able to connect to each other. This security group uses a self-referencing rule using the
cluster security group\\’s group-id to make it easier to add or remove nodes from the cluster. You need to make this
database comply with out-of-region disaster recovery requirements and ensure that the network traffic between the
nodes is encrypted when traveling between regions. How should you enable secure cluster communication while
deploying additional cluster members in another AWS region?
A. Create an IPsec VPN between AWS regions, use private IP addresses to route traffic, and create cluster security
group rules that reference each other\\’s security group-id in each region.
B. Create an IPsec VPN between AWS regions, use private IP addresses to route traffic, and create cluster security
group CIDR-based rules that correspond with the VPC CIDR in the other region.
C. Use public IP addresses and TLS to securely communicate between cluster nodes in each AWS region and create
cluster security group CIDR-based rules that correspond with the VPC CIDR in the other region.
D. Use public IP addresses and TLS to securely communicate between cluster nodes in each AWS region and create
cluster security group rules that reference each other\\’s security group-id in each region.
Correct Answer: D
QUESTION 4
What is the IPv6 subnet CIDR used by a VPC?
A. /128
B. /56
C. /48
D. /16
Correct Answer: B
Explanation:
A VPC will always use /56 as its CIDR
QUESTION 5
Your company has just completed a transition to IPv6 and has deployed a website on a server. You were able to
download software on the instance without an issue. This website is deployed using IPv6, but the public is not able to
access it. What should you do to fix this problem?
A. Add an internet gateway for the instance.
B. Add an egress-only internet gateway.
C. Add an inbound rule to your security group that allows inbound traffic on port 80 for ::/0.
D. Add an inbound rule to your security group that allows inbound traffic on port 80 for 0.0.0.0/0.
Correct Answer: C
Explanation:
Your instance can reach the internet if it was able to download software, so an IGW is not needed.
0.0.0.0/0 is for IPv4.
QUESTION 6
An organization has three AWS accounts with each containing VPCs in Virginia, Canada, and the Sydney regions. The organization wants to determine whether all available Elastic IP addresses (EIPs) in these accounts are attached to
Amazon EC2 instances or in use elastic network interfaces (ENIs) in all of the specified regions for compliance and costoptimization purposes.
Which of the following meets the requirements with the LEAST management overhead?
A. Use an Amazon CloudWatch Events rule to schedule an AWS Lambda function in each account in all three regions
to find the unattached and unused EIPs.
B. Use a CloudWatch event bus to schedule Lambda functions in each account in all three regions to find the
unattached and unused EIPs.
C. Add an AWS managed, EIP-attached AWS Config rule in each region in all three accounts to find unattached and
unused EIPs.
D. Use AWS CloudFormation StackSets to deploy an AWS Config EIP-attached rule in all accounts and regions to find
the unattached and unused EIPs.
Correct Answer: C
QUESTION 7
Your company is working on a transition from IPv4 to IPv6 but is concerned about the security of having public IPv6
addresses attached to instances in a public network. They currently use a NAT to allow outbound traffic for instances.
Outbound traffic is required for updates. What are two options to alleviate your company\\’s concerns? (Choose two.)
A. Remove any rules allowing ::/0 inbound in the security group.
B. Block ::/0 inbound in the NACL.
C. Create an egress-only internet gateway.
D. Block 0.0.0.0/0 inbound in the NACL.
Correct Answer: AC
Explanation: 0.0.0.0/0 will only block IPv4, blocking ::/0 in the NACL will prevent return traffic and updates to the
instances. An egress-only internet gateway or blocking ::/0 inbound in the security group will allow the instances to
initiate outbound connections and receive the return traffic, while still preventing outside attackers from initiating
connections to the instances.
QUESTION 8
Your company has a 1-Gbps AWS Direct Connect connection to AWS. Your company needs to send traffic from onpremises to a VPC owned by a partner company. The connectivity must have minimal latency at the lowest price.
Which of the following connectivity options should you choose?
A. Create a new Direct Connect connection, and set up a new circuit to connect to the partner VPC using a private
virtual interface.
B. Create a new Direct Connect connection, and leverage the existing circuit to connect to the partner VPC.
C. Create a new private virtual interface, and leverage the existing connection to connect to the partner VPC.
D. Enable VPC peering and use your VPC as a transitive point to reach the partner VPC.
Correct Answer: D
QUESTION 9
An AWS account owner has setup multiple IAM users. One of these IAM users, named John, has CloudWatch access,
but no access to EC2 services. John has setup an alarm action which stops EC2 instances when their CPU utilization is
below the threshold limit. When an EC2 instance\\’s CPU Utilization rate drops below the threshold John has set, what
will happen and why?
A. Nothing will happen. John cannot set an alarm on EC2 since he does not have the permission.
B. CloudWatch will stop the instance when the action is executed
C. Nothing will happen because it is not possible to stop the instance using the CloudWatch alarm
D. Nothing will happen. John can setup the action, but it will not be executed because he does not have EC2 access
through IAM policies.
Correct Answer: D
Explanation: Amazon CloudWatch alarms watch a single metric over a time period that the user specifies and performs
one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The
user can setup an action which stops the instances when their CPU utilization is below a certain threshold for a certain
period of time. The EC2 action can either terminate or stop the instance as part of the EC2 action. If the IAM user has
read/write permissions for Amazon CloudWatch but not for Amazon EC2, he can still create an alarm. However, the
stop or terminate actions will not be performed on the Amazon EC2 instance.
Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/UsingAlarmActions.html
QUESTION 10
You have two VPCs that you need to connect to an on-premises datacenter using VPNs. When you create the tunnels,
you find that both tunnels use the same addresses. What two things can you do to overcome this? (Choose two.)
A. Delete the VPN, create a “dummy VPN”, recreate the VPN, then delete the “dummy” VPN.
B. Delete your AWS account and create a new one since the VPN tunnel addresses are created from a hash of your
Latest ANS-C00 Dumps | ANS-C00 VCE Dumps | ANS-C00 Study Guide 5 / 8
https://www.leads4pass.com/aws-certified-advanced-networking-specialty.html
2021 Latest leads4pass ANS-C00 PDF and VCE dumps Download
account number and a proprietary algorithm.
C. Create a VHF within you router for each network.
D. Create a VRF within your router for each network.
Correct Answer: AD
QUESTION 11
You need to quickly view inbound traffic to an instance to determine why it isn\\’t reaching the instance properly. What is
the best tool for this?
A. Wireshark
B. CloudWatch
C. CloudTrail
D. Flow Logs
Correct Answer: D
Explanation:
CloudWatch only shows the amount of data in. Wireshark cannot see anything inside AWS infrastructure.
You can only use it to view instance traffic.
QUESTION 12
A company uses an Application Load Balancer (ALB) to provide access to a multi-tenant web application for 25
customers. The company creates a unique hostname for each customer to use to access the application. Hostnames
use the format customer-name.example.com.
Each customer has a dedicated group of Amazon EC2 instances that run their own version of the web application.
When a customer visits customer-name.example.com, the ALB should route the request to the correct group of EC2
instances. The company requires a highly available solution that is easy to maintain.
Which solution meets these requirements at the LOWEST cost?
A. Create one ALB for all customers. Create a listener rule that includes an HTTP header condition to match the URL.
Add a forward action to route the request to the customer target group. Use Amazon Route 53 to create an alias record
for each customer-name.example.com hostname that points to the ALB.
B. Create one ALB for each customer. Configure the listener to route requests to the customer target group. Configure
an NGINX proxy server to manage connections to each ALB. Use Amazon Route 53 to create a CNAME record for
each customer-name.example.com hostname that points to the NGINX proxy server.
C. Create one ALB for all customers. Create a listener rule that includes a Host header condition to match the
hostname. Add a forward action to route the request to the customer target group. Use Amazon Route 53 to create an
alias record for each customer-name.example.com hostname that points to the ALB.
D. Create one ALB for each customer. Configure the listener to route requests to the customer target group. Create an
Amazon CloudFront distribution. Add each ALB to the distribution as a custom origin. Use Amazon Route 53 to create
an alias for each customer-name.example.com hostname that points to the CloudFront distribution.
Correct Answer: A
QUESTION 13
Which statement about Elastic IP addresses is incorrect?
A. Additional EIPs associated with one instance incur a charge.
B. Once an EIP is associated with an instance, you must manually change the hostname if you want it to match.
C. Once you associate an EIP with an instance, the original public IP is released.
D. Disassociated EIPs incur a charge.
Correct Answer: B
Explanation:
The hostname automatically changes to match the new EIP.
leads4pass Amazon Discount Code 2021
The latest Amazon exam discount code for 2021. leads4pass is valid throughout the year.
Select the purchased test questions and enter the discount code in the “Promotion Code:” input box to enjoy a 15% discount!
For the full Amazon ANS-C00 exam dumps from leads4pass ANS-C00 Dumps pdf or Dumps VCE visit: https://www.leads4pass.com/aws-certified-advanced-networking-specialty.html (ANS-C00 Dumps Q&As: 72 dumps)
ps.
Get free Amazon ANS-C00 dumps PDF online: https://drive.google.com/file/d/112s5evlY3wmjJrxBw0CssxoQ-1Rt66yB/