• Home
  • Articles
  • Get Latest Jan-2022 Conduct effective penetration tests using PassTestking ANS-C00 exam [Q63-Q87]

Get Latest Jan-2022 Conduct effective penetration tests using PassTestking ANS-C00 exam [Q63-Q87]

Share

Get Latest [Jan-2022] Conduct effective penetration tests using  PassTestking ANS-C00

Penetration testers simulate ANS-C00 exam PDF


AWS ANS-C00 Exam Certification Details:

Recommended Training / BooksExam Readiness - AWS Certified Advanced Networking - Specialty
Duration170 minutes
Sample QuestionsAWS ANS-C00 Sample Questions
Schedule ExamPEARSON VUE
Exam NameAWS Certified Advanced Networking - Specialty (Advanced Networking Specialty)
Number of Questions65
Passing Score700 / 1000
Exam CodeANS-C00
Exam Price$300 USD


Understanding functional and technical aspects of AWS Certified Advanced Networking - Specialty Configure Network Integration with Application Services

The following will be discussed in AMAZON ADVANCED-NETWORKING-SPECIALITY dumps:

  • Reconcile AWS service requirements with network requirements
  • Leverage the capabilities of Route 53
  • Evaluate DNS solutions in a hybrid IT architecture
  • Determine the appropriate configuration of DHCP within AWS
  • Given a scenario, determine an appropriate load balancing strategy within the AWS ecosystem
  • Determine a content distribution strategy to optimize for performance

 

NEW QUESTION 63
If you have one VPC peered with two VPCs with overlapping CIDRs, which route will be more preferred?
Choose the correct answer:

  • A. 10.1.1.0/24
  • B. 10.0.0.0/8
  • C. 10.1.0.0/16
  • D. 10.1.1.5/32

Answer: D

Explanation:
10.1.1.5/32. The most specific route is preferred.

 

NEW QUESTION 64
You received reports from clients in another time zone that they experienced an outage of your website several hours before you arrived at work. What two AWS services could prove crucial in figuring out what happened?
Choose the 2 correct answers:

  • A. CloudWatch
  • B. Flow Logs
  • C. AWS Support
  • D. CloudTrail

Answer: A,B

Explanation:
CloudTrail is for finding out who made a change. This could be a reason for the outage, but you need to see the metrics first. CloudWatch and Flow Logs are the best for this.

 

NEW QUESTION 65
In AWS Direct Connect, to provide for failover, AWS recommends that you request and configure two dedicated connections to AWS.
These connections can terminate on one or two routers in your network. You can do this while
__________________ with AWS Direct Connect step.

  • A. verifying your Virtual Interface
  • B. completing the cross-connect
  • C. configuring redundant connections
  • D. creating a Virtual Interface

Answer: C

Explanation:
In AWS Direct Connect, to provide for failover, AWS recommends that you request and configure two dedicated connections to AWS.
These connections can terminate on one or two routers in your network. You can do this in Configure Redundant Connections with AWS Direct Connect step.
Reference:
http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.html#RedundantCo nnections

 

NEW QUESTION 66
A company is connecting to a VPC over an AWS Direct Connect using a private VIF, and a dynamic VPN connection as a backup. The company's Reliability Engineering team has been running failover and resiliency tests on the network and the existing VPC by simulating an outage situation on the Direct Connect connection. During the resiliency tests, traffic failed to switch over to the backup VPN connection.
How can this failure be troubleshot?

  • A. Ensure that Bidirectional Forwarding Detection is enabled on the Direct Connect connection
  • B. Configure a virtual private gateway for the VPN and another virtual private gateway for Direct Connect.
  • C. Reconfigure the Direct Connect session from static routes to Border Gateway Protocol (BGP) peering.
  • D. Confirm that the same routes are being advertised over both the VPN and Direct Connect.

Answer: D

 

NEW QUESTION 67
Non-compliant resources identified through the use of AWS Config Rules are automatically removed from operational service.

  • A. Only if it remains non-compliant for more than 6 hours
  • B. It depends on the Rule configuration
  • C. False
  • D. True

Answer: C

Explanation:
Each time a change is made to one of your supported resources, AWS config will check its compliance against any Config Rules that you have in place. If there is a violation against these rules then AWS Config will send a message to the Configuration Stream via SNS and the resource will be marked as `noncompliant'.
It's important to note that this does not mean the resource will be taken out of service or it will stop working. It will continue to operate exactly as it is with its new configuration. AWS Config simply alerts you that there is a violation and it's up to you to take the appropriate action.
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_view-compliance.html

 

NEW QUESTION 68
Your company has set up AWS Direct Connect to connect on-premises to an Amazon VPC instance. Two Direct Connect connections terminate at two different Direct Connect locations.
You are using two routers, R1 and R2, at your end (one of each Direct Connect connection). R1 and R2 do NOT have connectivity between them. Both routers advertise the same routers over BGP to the VGW. You have a stateful firewall on each router. The routers drop some of the traffic coming from the VPC.
Which two actions should you take to fix this problem? (Select two.)

  • A. Use BGP local preference attribute to assign R1 a higher local preference number than R2.
  • B. Use BGP local preference attribute to assign R1 to a lower local preference number than R2.
  • C. Use BGP AS prepend attribute to prepend additional AS numbers while advertising routers from R1 to VGW.
  • D. Use BGP MED attribute to assign a higher MED value to the routes advertised R1 to VGW.
  • E. Use BGP MED attribute to assign a higher MED value to the routes advertised from R2 to VGW.

Answer: A,C

 

NEW QUESTION 69
A company wants to use thin clients running virtual desktops to replace 500 desktop computers used by its call center employees The company is evaluating Amazon Workspaces as a solution A network engineer who is testing with a thin client is unable to conned to Amazon Workspaces After entering credentials the network engineer receives the following error:
"An error occurred while launching your Workspace Please try again"
What should the network engineer do to resolve this issue?

  • A. Update the company's corporate firewall to allow inbound access to UDP on port 4172 and TCP on port 4172 Open outbound ephemeral ports explicitly to allow return communication
  • B. Update the inbound rules on the security group assigned to Amazon Workspaces to allow UDP on port 4172 and TCP on port 4172
  • C. Update the inbound rules on the network ACL on the subnets used for Amazon Workspaces to allow UDP on port 4172 and TCP on port 4172
  • D. Update the company's corporate firewall to allow outbound access to UDP on port 4172 and TCP on port 4172 Open inbound ephemeral ports explicitly to allow return communication

Answer: B

 

NEW QUESTION 70
AWS CloudTrail can be configured to ____ log files across multiple accounts and regions so that log files are delivered to a single bucket.

  • A. disperse
  • B. replicate
  • C. encrypt
  • D. aggregate

Answer: D

Explanation:
You can configure CloudTrail to aggregate log files from multiple regions and deliver them to a single S3 bucket for a single account.
Reference: https://aws.amazon.com/cloudtrail/

 

NEW QUESTION 71
A customer has set up multiple VPCs for Dev, Test, Prod, and Management. You need to set up AWS Direct Connect to enable data flow from on-premises to each VPC. The customer has monitoring software running in the Management VPC that collects metrics from the instances in all the other VPCs. Due to budget requirements, data transfer charges should be kept at minimum.
Which design should be recommended?

  • A. Create a private VIF to the Management VPC, and peer this VPC to all other VPCs.
  • B. Create a total of four private VIFs, and enable VPC peering between all VPCs.
  • C. Create a private VIF to the Management VPC, and peer this VPC to all other VPCs, enable source/ destination NAT in the Management VPC.
  • D. Create a total of four private VIFs, one for each VPC owned by the customer, and route traffic between VPCs using the Direct Connect link.

Answer: D

 

NEW QUESTION 72
Your organization has placed a project on hold and has stopped 30 public EC2 instances. These instances use instance store volumes and do not have custom AMIs associated. You are still being charged every month. What is the charge probably for? Choose the correct answer:

  • A. AWS charges for dormant accounts.
  • B. You have Elastic IPs associated with those instances.
  • C. There is a "stopped instance" fee that AWS charges every month.
  • D. You are being charged for the EBS volumes.

Answer: B

Explanation:
You have Elastic IPs associated with those instances. AWS charges for any unused Elastic IPs in your account.

 

NEW QUESTION 73
You are managing a VPC with 4 AZs. There is a load balancer managing the public accessibility to your servers. You have a secondary ENI with a private IPv4 address on an instance that is serving public web traffic. Your server communicates over private addresses to a database in another subnet. Security is a major concern for your company and whitelisting is in effect. You have to bring the web server down for maintenance, what two things should you do? Choose the
2 correct answers:

  • A. Configure a secondary ENI on the standby instance.
  • B. Associate the new ENI with the database security group.
  • C. Reboot the instance.
  • D. Move the ENI from one server to the other.

Answer: A,B

Explanation:
You must configure a secondary ENI on the standby instance with an IP address that can access the data subnet. This may require modification of the security group for the database.

 

NEW QUESTION 74
Your website utilizes EC2, S3, ELB-Classic, and CloudFront. Your manager has shifted focus to security and wants you to ensure the site is as secure as possible. What two items could you recommend?
Choose the 2 correct answers:

  • A. A restricted bucket policy.
  • B. An NACL that blocks all ports to your subnets.
  • C. A WAF on your CloudFront distribution.
  • D. A WAF on the load balancer.

Answer: A,C

Explanation:
A WAF on CloudFront and a restricted bucket policy to ensure the only access is from CloudFront. You cannot apply a WAF to a classic load balancer and an NACL that blocks all ports would block access to the load balancer.

 

NEW QUESTION 75
You are building an application that provides real-time audio and video services to customers on the Internet.
The application requires high throughput. To ensure proper audio and video transmission, minimal latency is required.
Which of the following will improve transmission quality?

  • A. Enable jumbo frames
  • B. Select G2 instance types
  • C. Enable enhanced networking
  • D. Use multiple elastic network interfaces

Answer: D

 

NEW QUESTION 76
An organization runs a consumer-facing website on AWS. The Amazon EC2-based web fleet is load balanced using the AWS Application Load Balancer, Amazon Route 53 is used to provide the public DNS services.
The following URLs need to server content to end users:
test.example.com
web.example.com
example.com
Based on this information, what combination of services must be used to meet the requirement? (Select two.)

  • A. Path condition in ALB listener to route *.example.com to appropriate target groups.
  • B. Host condition in ALB listener to route $$$$.example.com to appropriate target groups.
  • C. Path condition in ALB listener to route example.com to appropriate target groups.
  • D. Host condition a ALB listener to route example.com to appropriate target groups.
  • E. Host condition in ALB listener to route *.example.com to appropriate target groups.

Answer: C,D

 

NEW QUESTION 77
A network architect is designing an internet website. It has web, application, and database tiers that will run in AWS. The website uses Amazon DynamoDB.
Which architecture will minimize public exposure of the back-end instances?

  • A. A VPC with public subnets for the ALB, private subnets for the web tier, and private subnets for the application tier. The application tier connects DynamoDB through a VPC endpoint.
  • B. A VPC with public subnets for the NLB, private subnets for the web tier, and public subnets for the application tier. The application tier connects DynamoDB through a VPC endpoint.
  • C. A VPC with public subnets for the NLB, public subnets for the web tier, private subnets for the application tier, and private subnets for DynamoDB.
  • D. A VPC with public subnets for the ALB, public subnets for the web tier, private subnets for the application tier, and private subnets for DynamoDB.

Answer: A

 

NEW QUESTION 78
From the following options, select the answer that correctly describes the implementation of the HTTP protocol

  • A. By definition, HTTP is a connection-less oriented protocol and therefore utilises TCP
  • B. By definition, HTTP is a connection orientated protocol and therefore utilises TCP
  • C. By definition, HTTP is a connection-less oriented protocol and therefore utilises UDP
  • D. By definition, HTTP can be configured to be either connection or connection-less oriented - by specifying the appropriate HTTP header.

Answer: B

Explanation:
HTTP is a connection orientated protocol and therefore utilises TCP
Reference: https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol

 

NEW QUESTION 79
All IP addresses within a 10.0.0.0/16 VPC are fully utilized with application servers across two Availability Zones. The application servers need to send frequent UDP probes to a single central authentication server on the Internet to confirm that is running up-to-date packages. The network is designed for application servers to use a single NAT gateway for internal access. Testing reveals that a few of the servers are unable to communicate with the authentication server.

  • A. The NAT gateway is launched in a private subnet.
  • B. The authentication server is not accepting traffic.
  • C. The NAT gateway does not support UDP traffic.
  • D. The NAT gateway cannot allocate more ports.

Answer: D

Explanation:
Ref: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
"A NAT gateway can support up to 55,000 simultaneous connections to each unique destination. This limit also applies if you create approximately 900 connections per second to a single destination (about 55,000 connections per minute). If the destination IP address, the destination port, or the protocol (TCP/UDP/ICMP) changes, you can create an additional 55,000 connections. For more than 55,000 connections, there is an increased chance of connection errors due to port allocation errors. These errors can be monitored by viewing the ErrorPortAllocation CloudWatch metric for your NAT gateway. For more information, see Monitoring NAT Gateways Using Amazon CloudWatch."

 

NEW QUESTION 80
You operate a production VPC with both a public and a private subnet. Your organization maintains a restricted Amazon S3 bucket to support this production workload. Only Amazon EC2 instances in the private subnet should access the bucket. You implement VPC endpoints(VPC-E) for Amazon S3 and remove the NAT that previously provided a network path to Amazon S3. The default VPC-E policy is applied. Neither EC2 instances in the public or private subnets are able to access the S3 bucket.
What should you do to enable Amazon S3 access from EC2 instances in the private subnet?

  • A. Add the VPC identifier for the production VPC to the S3 bucket policy.
  • B. Add the CIDR address range of the private subnet to the S3 bucket policy.
  • C. Add the VPC-E identifier for the production VPC to endpoint policy.
  • D. Add the VPC-E identified to the S3 bucket policy.

Answer: D

Explanation:
Explanation
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html#vpc-endpoints-policies-s3

 

NEW QUESTION 81
Refer to the image.You have three VPCs: A, B, and C.
VPCs A and C are both peered with VPC
B. The IP address ranges are as follows:
VPC A: 10.0.0.0/16
VPC B: 192.168.0.0/16
VPC C: 10.0.0.0/16
Instance i-1 in VPC A has the IP address 10.0.0.10. Instance i-2 in VPC C has the IP address
10.0.0.10. Instances i-3 and i-4 in VPC B have the IP addresses 192.168.1.10 and 192.168.1.20, respectively, i-3 and i-4 are in the subnet 192.168.1.0/24.
i-3 must be able to communicate with i-1
i-4 must be able to communicate with i-2
i-3 and i-4 are able to communicate with i-1, but not with i-2.
Which two steps will fix this problem? (Select two.)

  • A. Create subnets 192.168.1.0/28 and 192.168.1.16/28. Move i-3 and i-4 to these subnets, respectively.
  • B. Create two route tables: one with a route for destination VPC A, and another for destination VPC C.
  • C. Create a new route table for VPC B, with unique route entries for destination VPC A and destination VPC C.
  • D. Create subnets 192.168.1.0/27 and 192.168.1.16/27. Move i-3 and i-4 to these subnets, respectively.
  • E. Change the IP address of i-2 to 10.0.0.100. Assign it an elastic IP address.

Answer: C,D

 

NEW QUESTION 82
Refer to the image.

You have three VPCs: A, B, and C.
VPCs A and C are both peered with VPC B.
The IP address ranges are as follows:
* VPC A: 10.0.0.0/16
* VPC B: 192.168.0.0/16
* VPC C: 10.0.0.0/16
Instance i-1 in VPC A has the IP address 10.0.0.10. Instance i-2 in VPC C has the IP address 10.0.0.10.
Instances i-3 and i-4 in VPC B have the IP addresses 192.168.1.10 and 192.168.1.20, respectively, i-3 and
* i-4 are in the subnet 192.168.1.0/24.
* i-3 must be able to communicate with i-1
* i-4 must be able to communicate with i-2
* i-3 and i-4 are able to communicate with i-1, but not with i-2.
Which two steps will fix this problem? (Select two.)

  • A. Create subnets 192.168.1.0/28 and 192.168.1.16/28. Move i-3 and i-4 to these subnets, respectively.
  • B. Create two route tables: one with a route for destination VPC A, and another for destination VPC C.
  • C. Create a new route table for VPC B, with unique route entries for destination VPC A and destination VPC C.
  • D. Create subnets 192.168.1.0/27 and 192.168.1.16/27. Move i-3 and i-4 to these subnets, respectively.
  • E. Change the IP address of i-2 to 10.0.0.100. Assign it an elastic IP address.

Answer: C,D

 

NEW QUESTION 83
Which one of the following options is not true about WorkSpaces? Choose the correct answer:

  • A. WorkSpaces allows integration with Microsoft AD.
  • B. WorkSpaces can query on-premises domains for authentication.
  • C. WorkSpaces is a fully managed, secure desktop computing service.
  • D. WorkSpaces is great for running Linux applications.

Answer: B

 

NEW QUESTION 84
A manufacturing company has a hybrid environment that includes an AWS Direct Connect gateway that is associated with an AWS Transit Gateway The company wants to extend a third-party application that is hosted in its on-premises data center into one of its VPCs The application vendor has stated that It must use an overlay IP address to meet the company's requirement for high availability. The DHCP administrator has assigned a non-overlapping RFC1918 private address for use as the overlay IP address The security team requires connectivity to remain private Which solution meets these requirements with the LEAST management overhead''

  • A. Create a transit VIF with automatically propagated routes in the transit gateway route table Create a new subnet in the VPC for the overlay IP address, and propagate the route to the VPC route table. Update the route tables on premises as needed.
  • B. Create a transit VIF Then create static routes in the transit gateway route table to point to the VPC that contains the overlay IP address Create static routes in the VPC route table that point to the transit gateway Update the route tables on premises as needed
  • C. Create a layer 2 VPN across a public VIF by using a software-based VPN on a pair of Amazon EC2 instances Use BGP to advertise the routes over the VPN
  • D. Create an external Network Load Balancer by using Amazon Route 53 to create records that point to the target application's overlay IP address. Create static entries in the VPC route table

Answer: B

 

NEW QUESTION 85
You are moving a two-tier application into an Amazon VPC. An Elastic Load Balancing (ELB) load balancer is configured in front of the application tier. The application tier is driven through RESTful interfaces. The data tier uses relational database service (RDS) MySQL. Company policy requires end-to-end encryption of all data in transit. in front What ELB configuration complies with the corporate encryption policy?

  • A. Configure the ELB load balancer protocol as HTTPS. Offload application instance encryption to the load balancer. Install your SSL certificate on Amazon RDS, and configure SSL.
  • B. Configure the ELB protocols in TCP mode. Configure the application instances for SSL termination.
    Configure Amazon RDS for SSL, and use REQUIRE SSL grants.
  • C. Configure the ELB load balancer protocol as HTTP. Configure the application instances for SSL termination. Configure Amazon RDS for SSL, and use REQUIRE SSL grants.
  • D. Configure the ELB protocols in SSL mode. Offload application instance encryption to the load balancer.
    Install your SSL/TLS certificate on Amazon RDS, and configure SSL.

Answer: B

Explanation:
Explanation
Refer: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-listener-config.html

 

NEW QUESTION 86
An organization will be expanding its current network design. When fully built out, there will be 99 VPCs spread across 11 AWS accounts (9 VPCs per account). There is currently an AWS Direct Connect connection into one account with 9 VPCs, each with a virtual network interface (VIF) per VPC.
Which of the following designs will minimize cost while allowing the organization to expand?

  • A. Order 10 new Direct Connect connections, one from each of the accounts that will be provisioned.
    Create private VIFs in each account. Attach one private VIF per VPC.
  • B. Create a public VIF on the Direct Connect connection. Leverage the public VIF to create a VPN connection to each VPC.
  • C. Create a transit VPC in the existing account that consists of two routers in separate Availability Zones.
    Connect each VPC to the two routers in the transit VPC by using VPN.
  • D. Create hosted private VIFs in the existing account. Connect a private VIF to an AWS Direct Connect gateway in each account. Connect the gateway in each account to the VPCs.

Answer: C

 

NEW QUESTION 87
......


How to Prepare for AWS Certified Advanced Networking - Specialty

Preparation Guide for AWS Certified Advanced Networking - Specialty

Introduction for AWS Certified Advanced Networking - Specialty

The AWS Certified Advanced Networking – Specialty (ANS-C00) examination is intended for individuals who perform complex networking tasks. This examination validates advanced technical skills and experience in designing and implementing AWS and hybrid IT network architectures at scale. AWS Certified Advanced Networking - Specialty validates an examinee’s ability to:

  • Design and maintain network architecture for all AWS services
  • Leverage tools to automate AWS networking tasks
  • Implement core AWS services according to basic architectural best practices
  • Design, develop, and deploy cloud-based solutions using AWS

AWS Certified Advanced Networking - Specialty is recommended for:

  • Professional experience using AWS technology
  • AWS storage options and their underlying consistency models
  • AWS Security best practices
  • AWS networking nuances and how they relate to the integration of AWS services

In this guide, we will cover the AWS Certified Advanced Networking - Specialty, tips and tricks, salary, certififcation path and also share the benefits of AMAZON ADVANCED-NETWORKING-SPECIALITY practice exam and AMAZON ADVANCED-NETWORKING-SPECIALITY practice tests.

 

Tested Material Used To ANS-C00 Test Engine: https://www.passtestking.com/Amazon/ANS-C00-practice-exam-dumps.html

 

Related Articles

more
Go To ANS-C00 Questions