Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

  1. Home
  2. Amazon Web Services
  3. AWS Certified Specialty
  4. ANS-C01 - Amazon AWS Certified Advanced Networking - Specialty

ANS-C01 Exam Dumps - Amazon AWS Certified Advanced Networking - Specialty

Go to page:
Question # 57

A company has several AWS Site-to-Site VPN connections between an on-premises customer gateway and a transit gateway. The company's application uses IPv4 to communicate through the VPN connections.

The company has updated the VPC to be dual stack and wants to transition to using IPv6-only for new workloads. When the company tries to communicate through the existing VPN connections, IPv6 traffic fails.

Which solution will provide IPv6 support with the LEAST operational overhead?

A.

Create a new Site-to-Site VPN connection that supports IPv6.

B.

Create a new Site-to-Site VPN connection to a self-managed Amazon EC2 instance that runs open source software.

C.

Update the existing Site-to-Site VPN connections to support IPv6.

D.

Update the on-premises customer gateway's public IP address from IPv4 to IPv6.

Full Access
Question # 58

A network engineer configures a second AWS Direct Connect connection to an existing network. The network engineer runs a test in the AWS Direct Connect Resiliency Toolkit on the connections. The test produces a failure. During the failover event, the network engineer observes a 90-second interruption before traffic shifts to the failover connection.

Which solution will reduce the time for failover?

A.

Decrease the BGP hello timer to 5 seconds.

B.

Add a VPN connection to the connectivity solution. Implement fast failover.

C.

Configure Bidirectional Forwarding Detection (BFD) on the on-premises router.

D.

Decrease the BGP hold-down timer to 5 seconds.

Full Access
Question # 59

A company wants to analyze TCP internet traffic. The traffic originates from Amazon EC2 instances in the company’s VPC. The EC2 instances initiate connections through a NAT gateway.

The company wants to capture data about the traffic including source and destination IP addresses ports, and the first 8 bytes of the TCP segments of the traffic. The company needs to collect, store, and analyze all the required data points.

Which solution will meet these requirements?

A.

Configure the EC2 instances to be VPC traffic mirror sources. Deploy software on the traffic mirror target to forward the data to Amazon CloudWatch Logs. Analyze the data by using CloudWatch Logs Insights

B.

Configure the NAT gateway to be a VPC traffic mirror source. Deploy software on the traffic mirror target to forward the data to an Amazon S3 bucket. Analyze the data by using Amazon Athena.

C.

Turn on VPC Flow Logs for the EC2 instances. Specify the default format and set Amazon CloudWatch Logs as the log destination. Analyze the flow log data by using CloudWatch Logs Insights.

D.

Turn on VPC Flow Logs for the EC2 instances. Specify a custom format and set Amazon S3 as the log destination. Analyze the flow log data by using Amazon Athena.

Full Access
Question # 60

A company is using a shared services VPC with two domain controllers. The domain controllers are deployed in the company's private subnets. The company is deploying a new application into a new VPC in the account. The application will be deployed onto an Amazon EC2 for Windows Server instance in the new VPC. The instance must join the existing Windows domain that is supported by the domain controllers in the shared services VPC.

A transit gateway is attached to both the shared services VPC and the new VPC. The company has updated the route tables for the transit gateway, the shared services VPC, and the new VPC. The security groups for the domain controllers and the instance are updated and allow traffic only on the ports that are necessary for domain operations. The instance is unable to join the domain that is hosted on the domain controllers.

Which combination of actions will help identify the cause of this issue with the LEAST operational overhead? (Choose two.)

A.

Use AWS Network Manager to perform a route analysis for the transit gateway network. Specify the existing EC2 instance as the source. Specify the first domain controller as the destination. Repeat the route analysis for the second domain controller.\

B.

Use port mirroring with the existing EC2 instance as the source and another EC2 instance as the target to obtain packet captures of the connection attempts.

C.

Review the VPC flow logs on the shared services VPC and the new VPC.

D.

Issue a ping command from one of the domain controllers to the existing EC2 instance.

E.

Ensure that route propagation is turned off on the shared services VPC.

Full Access
Question # 61

A company uses Amazon Route 53 to register a public domain, example.com, in an AWS account. A central services group manages the account. The company wants to create a subdomain, test.example.com, in another AWS account to offer name services for Amazon EC2 instances that are hosted in the account. The company does not want to migrate the parent domain to the subdomain account.

A network engineer creates a new Route 53 hosted zone for the subdomain in the second account.

Which combination of steps must the network engineer take to complete the task? (Choose two.)

A.

Add records for the hosts of the new subdomain to the new Route 53 hosted zone.

B.

Update the DNS service for the parent domain by adding name server (NS) records for the subdomain.

C.

Update the DNS service for the subdomain by adding name server (NS) records for theparent domain.

D.

Create an alias record from the parent domain that points to the hosted zone for the subdomain in the second account.

E.

Add a start of authority (SOA) record in the parent domain for the subdomain.

Full Access
Question # 62

A company has a total of 30 VPCs. Three AWS Regions each contain 10 VPCs. The company has attached the VPCs in each Region to a transit gateway in that Region. The company also

has set up inter-Region peering connections between the transit gateways.

The company wants to use AWS Direct Connect to provide access from its on-premises location for only four VPCs across the three Regions. The company has provisioned four Direct

Connect connections at two Direct Connect locations.

Which combination of steps will meet these requirements MOST cost-effectively? (Select THREE.)

A.

Create four virtual private gateways. Attach the virtual private gateways to the four VPCs.

B.

Create a Direct Connect gateway. Associate the four virtual private gateways withthe Direct Connect gateway.

C.

Create four transit VIFs on each Direct Connect connection. Associate the transit VIFs with the Direct Connect gateway.

D.

Create four transit VIFs on each Direct Connect connection. Associate the transit VIFs with the four virtual private gateways.

E.

Create four private VIFs on each Direct Connect connection to the Direct Connect gateway.

F.

Create an association between the Direct Connect gateway and the transit gateways.

Full Access
Question # 63

A company is deploying an application. The application is implemented in a series of containers in an Amazon Elastic Container Service (Amazon ECS) cluster. The company will use the Fargate launch type for its tasks. The containers will run workloads that require connectivity initiated over an SSL connection. Traffic must be able to flow to the application from other AWS accounts over private connectivity. The application must scale in a manageable way as more consumers use the application.

Which solution will meet these requirements?

A.

Choose a Gateway Load Balancer (GLB) as the type of load balancer for the ECS service. Create a lifecycle hook to add new tasks to the target group from Amazon ECS as required to handle scaling. Specify the GLB in the service definition. Create a VPC peer for external AWS accounts. Update the route tables so that the AWS accounts can reach the GLB.

B.

Choose an Application Load Balancer (ALB) as the type of load balancer for the ECS service. Create path-based routing rules to allow the application to target the containers that are registered in the target group. Specify the ALB in the service definition. Create a VPC endpoint service for the ALB Share the VPC endpoint service with other AWS accounts.

C.

Choose an Application Load Balancer (ALB) as the type of load balancer for the ECS service. Create path-based routing rules to allow the application to target the containers that are registered in the target group. Specify the ALB in the service definition. Create a VPC peer for the external AWS accounts. Update the route tables so that the AWS accounts can reach the ALB.

D.

Choose a Network Load Balancer (NLB) as the type of load balancer for the ECS service. Specify the NLB in the service definition. Create a VPC endpoint service for the NLB. Share the VPC endpoint service with other AWS accounts.

Full Access
Question # 64

A network engineer must provide additional safeguards to protect encrypted data at ApplicationLoad Balancers (ALBs) through the use of a unique random session key.

What should the network engineer do to meet this requirement?

A.

Change the ALB security policy to a policy that supports TLS 1.2 protocol only

B.

Use AWS Key Management Service (AWS KMS) to encrypt session keys

C.

Associate an AWS WAF web ACL with the ALBs. and create a security rule to enforce forward secrecy (FS)

D.

Change the ALB security policy to a policy that supports forward secrecy (FS)

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps