leads4pass has prepared new Amazon ANS-C00 exam dumps based on the exam objectives to help candidates learn all the information of Amazon AWS Certified Advanced Networking – Specialty Exam. Valid ANS-C00 exam dumps come with actual questions and answers, which will ensure that you can pass the Amazon ANS-C00 exam in the first go. At leads4pass, you will get an idea about the quality and features of the ANS-C00 exam dumps which will make your decision easy about the purchase.
leads4pass offers the ANS-C00 dumps demo to help you check the quality of ANS-C00 exam dumps:
ANS-C00 Dumps Demo Version U2022.3
QUESTION 1
Convert the following IPv4 address is presented in binary form, into dotted decimal form
10101100.01111011.00001101.10011101.
A. 172.123.13.157
B. 173.13.13.157
C. 172.122.13.15
D. 172.124.13.57
Correct Answer: A
Explanation:
An IPv4 address in dotted-decimal format is constructed using binary arithmetic. In binary arithmetic, each bit within a group represents a power of two. Specifically, the first bit in a group represents 2 to the power of 0, the second bit represents 2 to the power of 1, the third bit represents 2 to the power of 2, and so on.
The binary format is simple because each successive bit in a group is exactly twice the value of the previous bit.
The first octet is 128 + 32 + 8 + 4 = 172
The second octet 64 + 32 + 16 + 8 + 2 + 1 = 123
The third octet 8 + 4 + 1 = 13
The fourth octet is 128 + 16 + 8 + 4 + 1 = 157
QUESTION 2
Your company has a high-availability hybrid solution that utilizes two Direct Connect connections and a backup VPN connection. For some reason, traffic is preferring the VPN connection instead of the direct connection. You have prepended a longer AS_PATH on the VPN connection, but AWS still prefers it over the Direct Connect connections.
What might you be able to do to fix this issue?
A. Advertise a less specific prefix on the VPN.
B. Remove the prepended AS_PATH.
C. Reconfigure the VPN as a static VPN instead of dynamic.
D. Increase the MED on the VPN.
Correct Answer: A
Explanation:
The only reason a VPN would be preferred over Direct Connect is if it has a more specific prefix. This was not discussed in the question but is assumed since it is the only criteria in the path selection process that supersedes Direct Connect.
QUESTION 3
What are 2 possible ALIAS records? (Choose two.)
A. DynamoDB
B. Elastic Beanstalk
C. CloudFront
D. EC2 Instance
Correct Answer: BC
Explanation:
You cannot create an ALIAS record that points to an EC2 instance or DynamoDB.
QUESTION 4
A Network Engineer is provisioning a subnet for a load balancer that will sit in front of a fleet of application servers in a private subnet. There is limited IP space left in the VPC CIDR. The application has few users now but is expected to grow quickly to millions of users.
What design will use the LEAST amount of IP space, while allowing for this growth?
A. Use two /29 subnets for an Application Load Balancer in different Availability Zones.
B. Use one /29 subnet for the Network Load Balancer. Add another VPC CIDR to the VPC to allow for future growth.
C. Use two /28 subnets for a Network Load Balancer in different Availability Zones.
D. Use one /28 subnet for an Application Load Balancer. Add another VPC CIDR to the VPC to allow for future growth.
Correct Answer: D
QUESTION 5
An unfortunate situation has just come to your attention. A business-critical application with sensitive data running on-prem will run out of storage disk space in 24hrs. This business-critical application is dependent on a very large set of routes
required for integration with another system. You make a quick but well-informed decision to migrate this application quickly to AWS. You are able to quickly launch a new VPC and within it equivalent infrastructure to re-home the application. In order to complete the replication of application data and ensure the application remains operational beyond the next 24hrs, select the best implementation.
A. Within the new VPC – establish a Direct Connect connection with max 10Gbps port speed for data replication. Establish an 802.1Q VLAN and configure a Virtual Private Gateway and Private Virtual Interface, and ensure Jumbo Frames are enabled.
B. Within the new VPC – deploy a Virtual Private Gateway, Customer Gateway, and establish a new IPsec VPN Connection with BGP dynamic routing
C. Within the new VPC – deploy a Virtual Private Gateway, Customer Gateway, and establish a new IPsec VPN Connection with static routing, and ensure Jumbo Frames is enabled.
D. Within the new VPC – deploy a software-based virtual router (for example a Cisco CSR). Configure with dual ENIs (external and internal), create and attach an EIP to the external ENI, Configure, and set up IPsec VPN tunnels, and ensure Jumbo Frames is enabled.
Correct Answer: B
Explanation:
Answer A – Let\’s start by stating that all possible options are actually workable solutions. The key criteria of the question are to complete the data migration aspects as quickly as possible. With this in mind, we can immediately rule out Answer A – due to the time it takes to provision and activate a fully functional Direct Connect connection, 72+ hrs. Answer C is the same as Answer D but lacks BGP – therefore we would need to set up the routes manually – more time and effort. Additionally, Answer D uses Jumbo Frames – but AWS does not support Jumbo frames over the Virtual Private Gateway – therefore Answer D\’s use of Jumbo Frames is negated. Overall Answer B is considered the quickest option.
QUESTION 6
You want to send a broadcast message to your 10.0.0.0/24 subnet, which one of these addresses should you use?
A. 10.0.0.255
B. 10.0.0.1
C. 10.0.0.2
D. You cannot send a broadcast in an AWS VPC.
Correct Answer: D
Explanation:
You cannot send a broadcast in an AWS VPC, but the address is still reserved.
QUESTION 7
In AWS, which tool records API calls for a specific AWS account and also delivers the log files for that account?
A. CloudTrail
B. Redshift
C. Beanstalk
D. Cognito
Correct Answer: A
Explanation:
The AWS CloudTrail is a web service that is used to record AWS API call for a specific AWS account. It also delivers log files, which provide the following details:
1. Identity of the API caller
2. Time of the API call
3. Source IP address of API caller
4. Request parameters
5. Response elements
QUESTION 8
What is NOT a benefit of CloudFront?
A. Helps ease the strain on your web servers
B. Distributes traffic evenly to EC2 instances
C. Speeds up distribution of RTMP content
D. Speeds up distribution of static and dynamic web content
Correct Answer: B
Explanation:
Elastic Load balancers distribute traffic to EC2 instances.
QUESTION 9
A company that provides a RESTful API is designing a network architecture for deployment to the AWS Cloud. The company needs a scalable design that is cost-optimized and secure. The company is conducting pre-release testing with some of its customers, but the company expects to expand to several hundred customers when the final version is released.
The data that is exchanged through the API is confidential. All data must be exchanged on private IP addresses that are not accessible through the internet. All customers who use the API operate on AWS in VPCs.
What should the company do with its architecture to meet these requirements?
A. Use a Network Load Balancer (NLB) as the front end to the API. Use a transit VPC with VPC peering to each customer\’s VPC.
B. Use AWS PrivateLink endpoints in customer VPCs as the front end for an AWS Fargate containers deployment with auto-scaling enabled.
C. Use an Amazon API Gateway API with a regional API endpoint as the front end for all API interactions that invoke AWS Lambda functions.
D. Use an Amazon API Gateway API with an edge-optimized API endpoint as the front end for all API interactions that invoke AWS Lambda functions.
Correct Answer: D
QUESTION 10
Fill in the blanks: One of the basic characteristics of security groups for your VPC is that you __ .
A. can specify allow rules, but not deny rules
B. can specify deny rules, but not allow rules
C. can specify allow rules as well as deny rules
D. can neither specify allow rules nor deny rules
Correct Answer: A
Explanation:
Security Groups in VPC allow you to specify rules with reference to the protocols and ports through which communications with your instances can be established. One such rule is that you can specify allow rules, but not deny rules.
QUESTION 11
What is the name of the label applied to packets to allow routers to know where to forward in an MPLS network?
A. BFD
B. BGP
C. FEC
D. ABC
Correct Answer: C
Explanation:
Forward Equivalence Class is how routers know where to send packets.
QUESTION 12
Your AWS WorkSpaces users are unable to authenticate. What could be one reason for this?
A. Your AD server is running Windows Server 2016
B. Port 3389 is not open to your AD server.
C. Port 389 is not open to your AD server.
D. Your AD server is running Windows Server 2012 Core Edition.
Correct Answer: C
Explanation:
AD requires port 389.
ANS-C00 Dumps Demo Version U2022.2
QUESTION 1
You received reports from clients in another time zone that they experienced an outage of your website several hours before you arrived at work. What two AWS services could prove crucial in figuring out what happened? (Choose two.)
A. AWS Support
B. CloudTrail
C. CloudWatch
D. Flow Logs
Correct Answer: CD
Explanation:
CloudTrail is for finding out who made a change. This could be a reason for the outage, but you need to see the metrics first. CloudWatch and Flow Logs are the best for this.
QUESTION 2
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in us-west-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses.
How should an engineer configure the network to meet these requirements?
A. Configure an AWS Direct Connect private virtual interface to the company\’s AWS VPC in us-west-2. Create a VPC endpoint and configure the on-premises systems to leverage an HTTPS proxy in the VPC to access Amazon S3.
B. Configure a VPN connection to the company\’s AWS VPC in us-west-2 and use BGP to advertise routes for Amazon S3.
C. Configure a Direct Connect connection public virtual interface to us-west-2. Leverage an on-premises HTTPS proxy to send traffic to Amazon S3 over a Direct Connect connection.
D. Configure a VPN connection to the company\’s AWS VPC in us-west-2. Create a NAT gateway and configure the on-premises systems to leverage an HTTPS proxy in the VPC to access Amazon S3.
Correct Answer: C
QUESTION 3
You have to set up an AWS Direct Connect connection to connect your on-premises to an AWS VPC. Due to budget requirements, you can only provide a single Direct Connect port. You have two border gateway routers at your on-premises data center that can peer with the Direct Connect routers for redundancy.
Which two design methodologies, in combination, will achieve this connectivity? (Choose two.)
A. Terminate the Direct Connect circuit on an L2 border switch, which in turn has trunk connections to the two routers.
B. Create two Direct Connect private VIFs for the same VPC, each with a different peer IP.
C. Terminate the Direct Connect circuit on any of the one routers, which in turn will have an IBGP session with the other router.
D. Create one Direct Connect private VIF for the VPC with two customers’ peer IPs.
E. Provision two VGWs for the VPC and create one Direct Connect private VIF per VGW.
Correct Answer: AD
QUESTION 4
The company hosts its application, example.com, behind Application Load Balancers in the us-east-1 and EU-west-1 Regions. Users should be routed to the resources geographically nearest to them. Users must not be routed to the application when it is considered unhealthy.
How should a network engineer configure Amazon Route 53 to route clients to example.com?
A. Configure latency.example.com to use a weighted routing policy that points to the load balancers, and associate an HTTP health check. Configure failover records for example.com. Point the primary alias
record to latency.example.com, and enable the evaluation target health setting. Point the secondary
record to a static HTML maintenance page hosted in Amazon S3.
B. Configure latency.example.com CNAME latency-based records that point to the load balancers, and associate an HTTP health check. Configure failover records for example.com. Point the primary alias record to latency.example.com, and enable the setting used to evaluate target health. Point the secondary record to a static HTML maintenance page hosted in Amazon S3.
C. Configure latency.example.com to use a geo proximity routing policy that points to the load balancers and associate an HTTP health check. Configure failover records for example com. Point the primary alias record to latency.example.com, and enable the evaluation target health setting. Point the secondary record to a static HTML maintenance page hosted in Amazon S3.
D. Configure latency.example.com alias latency-based records that point to the load balancers, enable the setting used to evaluate target health and associate an HTTP health check. Configure failover records for example.com. Point the primary CNAME record to latency.example.com, and associate an HTTP health check. Point the secondary record to a static HTML maintenance page hosted in Amazon S3.
Correct Answer: D
QUESTION 5
An organization is deploying an application in a VPC that requires SSL mutual authentication with a client-side certificate, as that is the primary method of identifying clients. The Network Engineer has been tasked with defining the mechanism used within AWS to provide the SSL mutual authentication.
Which of the following options meets the organization\’s requirements?
A. Use a Classic Load Balancer and upload the client certificate private keys to it. Perform SSL mutual authentication of the client-side certificate there.
B. Use a Network Load Balancer with a TCP listener on port 443, and pass the request through for the SSL mutual authentication to be handled by a backend instance.
C. Use an Application Load Balancer and upload the client certificate private keys to it by using the native server name indication (SNI) features with smart certificate selection to handle multiple calling applications.
D. Front the application with Amazon API Gateway, and use its client-side SSL mutual authentication feature that uses the backend instances to verify the source of the request.
Correct Answer: C
QUESTION 6
Fill in the blanks: One of the basic characteristics of security groups for your VPC is that you __ .
A. can specify allow rules, but not deny rules
B. can specify deny rules, but not allow rules
C. can specify allow rules as well as deny rules
D. can neither specify allow rules nor deny rules
Correct Answer: A
Explanation:
Security Groups in VPC allow you to specify rules with reference to the protocols and ports through which communications with your instances can be established. One such rule is that you can specify allow rules, but not deny rules.
QUESTION 7
You have just configured an Elastic Load Balancer. Assuming all settings are configured properly, how long will it take an instance to become healthy with a 6-second HealthCheck Interval, an unhealthy threshold of 5, and a healthy threshold of 10?
A. 120 seconds
B. 30 seconds
C. 6 seconds
D. 60 seconds
Correct Answer: D
Explanation:
60 seconds. 10 health check successes with 6-second intervals.
QUESTION 8
True or false: A VPC contains multiple subnets, where each subnet can span multiple Availability Zones.
A. This is true only for US regions.
B. This is false.
C. This is true.
D. This is true only if requested during the set-up of VPC.
Correct Answer: B
Explanation:
A VPC can span several Availability Zones. In contrast, a subnet must reside within a single Availability Zone.
QUESTION 9
You have 99 routes in your dynamic BGP propagated route table and you wish to add 2 more: 10.1.0.0 and 10.3.0.0.
You cannot modify or remove routes that have already been announced.
What should you do?
A. Summarize the two routes to combine them into one and advertise it.
B. Just advertise them, the 100 route limit is a “soft limit” and will be expanded automatically.
C. You cannot add these routes.
D. Call AWS support to increase your route limit.
Correct Answer: A
Explanation:
You cannot add these routes. If you try to summarize them, that would create a 10.0.0.0/14, which is too low of a CIDR to advertise to AWS. AWS has a minimum of /16. You cannot have the 100 route limit modified in any way. It is a hard 100 route limit.
QUESTION 10
Refer to the image.
You have three VPCs: A, B, and C. VPCs A and C are both peered with VPC B. The IP address ranges are as follows:
1. VPC A: 10.0.0.0/16
2. VPC B: 192.168.0.0/16
3. VPC C: 10.0.0.0/16
Instance i-1 in VPC A has the IP address 10.0.0.10. Instance i-2 in VPC C has the IP address 10.0.0.10. Instances i-3 and i-4 in VPC B have the IP addresses 192.168.1.10 and 192.168.1.20, respectively, i-3 and i-4 are in the subnet
192.168.1.0/24.
1. i-3 must be able to communicate with i-1
2. i-4 must be able to communicate with i-2
3. i-3 and i-4 are able to communicate with i-1, but not with i-2.
Which two steps will fix this problem? (Choose two.)
A. Create subnets 192.168.1.0/28 and 192.168.1.16/28. Move i-3 and i-4 to these subnets, respectively.
B. Create subnets 192.168.1.0/27 and 192.168.1.16/27. Move i-3 and i-4 to these subnets, respectively.
C. Change the IP address of i-2 to 10.0.0.100. Assign it an elastic IP address.
D. Create a new route table for VPC B, with unique route entries for destination VPC A and destination VPC C.
E. Create two route tables: one with a route for destination VPC A, and another for destination VPC C.
Correct Answer: AE
QUESTION 11
Which of the following characters is not allowed while creating a Namespace for a CloudWatch metric?
A. /
B. :
C. #
D. @
Correct Answer: D
Explanation:
The namespace is a grouping or a container for a CloudWatch metric. The names must be valid XML characters, typically containing the alphanumeric characters “0-9A-Za-z” plus “.”(period), “-” (hyphen), “_” (underscore), “/” (slash), “#” (hash), and “:” (colon). All AWS namespaces follow the convention AWS/, such as AWS/EC2 and AWS/ELB.
QUESTION 12
A network engineer has configured a private hosted zone using Amazon Route 53. The engineer needs to configure health checks for recordsets within the zone that are associated with instances.
How can the engineer meet the requirements?
A. Configure a Route 53 health check to a private IP associated with the instances inside the VPC to be checked.
B. Configure a Route 53 health checkpointing to an Amazon SNS topic that notifies an Amazon CloudWatch alarm when the Amazon EC2 StatusCheckFailed metric fails.
C. Create a CloudWatch metric that checks the status of the EC2 StatusCheckFailed metric, add an alarm to the metric, and then create a health check that is based on the state of the alarm.
D. Create a CloudWatch alarm for the StatusCheckFailed metric and choose to Recover this instance, selecting a threshold value of 1.
Correct Answer: A
ANS-C00 dumps demo online download:https://drive.google.com/file/d/1EZ0QIhohKpfT9IFdUBn0rcNel7KaYEvl/view?usp=sharing
ANS-C00 dumps demo contains 12 latest free exam questions, get 407 latest and valid Amazon ANS-C00 Exam Dumps to ensure that you can pass the Amazon ANS-C00 exam the first time.