Amazon ANS-C00 Exam Practice Test Instant Access

Question 1

A company's developers wrote an AWS Lambda function to modify existing private route tables in response to a security appliance's auto scaling events. The Lambda function will be invoked on lifecycle hooks for an Auto Scaling group and Is configured to run in a VPC The developers are unsure if the following 1AM policy provides sufficient permissions to be used as an execution role for this Lambda function.

The developers ask a network engineer to review the permissions.

Which set of permissions should the network engineer add lo the policy?

Alambda. ListFunctions, lambda:GetPolicy, and ec2 Delete RouteTable

Bec2:AssociateAddress, ec2 ModifylnstanceAttribute. and ec2 AssociateRouteTable

Cec2:CreateNetworklntertace ec2 DeleteNetworklnterface, and ec2 ReplaceRoute

Dec2:Describei.ifecydoHooks, ec2 DescribeScalingActivities, and ec2 DescribePolicies

Answer : C

Question 2

A company hosts several applications in the AWS Cloud across multiple VPCs that are connected to a transit gateway Redundant AWS Direct Connect connections and a Direct Connect gateway provide private network connectivity lo the company's on-premises environment

During a maintenance window, the networking team adds eight VPCs The application management team notices that there is no reachability between the newly created VPCs and the on-premises environment Connectivity between all VPCs through the transit gateway is working as expected.

Which of the following are possible causes of the connectivity issues? (Choose TWO)

AThe prefixes that are advertised from the Direct Connect gateway to the on-premises router are shorter than the CIDR blocks of the newly created VPCs

BThe route tables for the newly created A. VPCs do not have the routes to the on-premises environment that point to the transit gateway attachment

CThe on-premises route tables do not contain the exact CIDR blocks of the newly created VPCs

DThe route tables (or the newly created VPCs have only summary routes for (he on-premises environment (fiat point to the transit gateway attachment.

EThe prefixes that are advertised from the Direct Connect gateway to the on-premises router do not contain the CIDR blocks of the newly created VPCs

Answer : B, E

https://aws.amazon.com/premiumsupport/knowledge-center/transit-gateway-fix-vpc-connection/

Question 3

A financial services company receives real-time stock quotes in its ingestion VPC. The company plans to perform customer-specific data analysis on the stock quotes in various VPCs. The stock quotes must be distributed simultaneously from Amazon EC2 instances in the ingestion VPC to EC2 instances in the data analysis VPCs

Which set of configuration steps should the company lake to meet these requirements?

AConfigure EC2 instances m f he ingestion VPC as IP unicast senders Configure a transit gateway to serve as a unicast router for instances that send traffic destined for the EC2 instances in the data analysis VPCs.

BConfigure VPC peering between the ingestion VPC and the data analysis VPCs Configure an Application Load Balancer to distribute Virtual Extensible LAN (VXLAN)-encapsulated traffic from the sender EC2 instances to the receiver EC2 instances.

CConfigure EC2 instances m the ingestion VPC as IP multicast senders Configure a transit gateway to serve as a multicast router for instances that send traffic destined for the EC2 instances m the data analysis VPCs

DConfigure Amazon Kinesis Data Forehose to capture streaming data from the ingestion VPC and load the data into Amazon S3 Configure the instances in the data analysis VPCs to download the data from Amazon S3 for processing

Answer : C

Multicast is a communication protocol used for delivering a single stream of data to multiple receiving computers simultaneously. Transit Gateway supports routing multicast traffic between subnets of attached VPCs, and it serves as a multicast router for instances sending traffic destined for multiple receiving instances.

Question 4

A company runs a large-scale application on a feel of Amazon EC2 instances that ate distributed across several VPCs A Network Load Balancer (NLB) in a separate VPC routes traffic to the EC2 instances The NLB's VPC is peered to all the application VPCs

The application must process millions of requests each minute during times of peak utilization Users are reporting that the connections to the application are failing during peak times Monitoring shows an increase in port allocation errors on the NLB.

Which action will solve this issue with the LEAST change to the architecture?

AIncrease the number of EC2 instances in the target group

BCreate an Application Load Balancer for the target group

CAdd a new target group to the same NLB listener

DChange the target group type to 'instance'

Answer : C

Question 5

A space exploration firm possesses a collection of telescopes that take many photographs and data of the night sky. The pictures and data are processed on an AWS Fargate application that is allocated to a target group by an Application Load Balancer (ALB). The program is accessible at https://space.example.com.

Additionally, scientists demand a custom-built application that is hosted on many Amazon EC2 instances inside an Auto Scaling group. This application will be accessible at the following link: https://space.example.com/meteor. The firm need a system that can grow automatically from a low number of requests overnight to a high volume of demands during a future meteor shower.

What is the MOST OPTIMAL option that satisfies these requirements?

AUpdate the existing target group with the new EC2 instances. Update the application's ALB by adding a listener rule that redirects /meteor to the newly added EC2 instances.

BCreate a new target group. Configure the Auto Scaling group of the EC2 instances to use the target group Update the ALB by adding a listener rule that redirects /meteor to the new target group.

CCreate a Network Load Balancer (NLB). Configure the NLB to listen on two ports. Configure a target group for one port to deliver all IP traffic to the Auto Scaling group to process the custom images. Configure a target group for the second port to deliver all IP traffic to Fargate Use path-based routing in the ALB to route traffic for the URL prefix /meteor to the first target group. Route all other paths to the second target group.

DPlace the ALB behind an Amazon CloudFront distribution. Create a Lambda@Edge function that parses the request URI and adds the path-pattern header with the IP addresses of the EC2 instances to any request for /meteor. Add a listener rule to the ALB that looks for the HTTP header and uses the IP addresses of the EC2 instances to forward the traffic.

Answer : B

Question 6

An organization has three AWS accounts with each containing VPCs in Virginia, Canada and the Sydney regions. The organization wants to determine whether all available Elastic IP addresses (EIPs) in these accounts are attached to Amazon EC2 instances or in use elastic network interfaces (ENIs) in all of the specified regions for compliance and cost-optimization purposes.

Which of the following meets the requirements with the LEAST management overhead?

Ause an Amazon CloudWatch Events rule to schedule an AWS Lambda function in each account in all three regions to find the unattached and unused EIPs.

BUse a CloudWatch event bus to schedule Lambda functions in each account in all three regions to find the unattached and unused EIPs.

CAdd an AWS managed, EIP-attached AWS Config rule in each region in all three accounts to find unattached and unused EIPs.

DUse AWS CloudFormation StackSets to deploy an AWS Config EIP-attached rule in all accounts and regions to find the unattached and unused EIPs.

Answer : D

https://docs.aws.amazon.com/config/latest/developerguide/eip-attached.html

Question 7

An organization wants to process sensitive information using the Amazon EMR service. The information is stored in on-premises databases. The output of processing will be encrypted using AWS KMS before it is uploaded to a customer-owned Amazon S3 bucket. The current configuration includes a VPS with public and private subnets, with VPN connectivity to the on-premises network. The security organization does not allow Amazon EC2 instances to run in the public subnet.

What is the MOST simple and secure architecture that will achieve the organization's goal?

AUse the existing VPC and configure Amazon EMR in a private subnet with an Amazon S3 endpoint.

Buse the existing VPS and a NAT gateway, and configure Amazon EMR in a private subnet with an Amazon S3 endpoint.

CCreate a new VPS without an IGW and configure the VPN and Amazon EMR in a private subnet with an Amazon S3 endpoint.

DCreate a new VPS without an IGW and configure the VPN and Amazon EMR in a private subnet with an Amazon S3 endpoint and a NAT gateway.

Answer : A

https://docs.aws.amazon.com/kms/latest/developerguide/kms-vpc-endpoint.html

Amazon ANS-C00 AWS Advanced Networking Specialty Exam Practice Test