Amazon ANS-C00 Exam Dumps PDF

Question 1

A company wants to use thin clients running virtual desktops to replace 500 desktop computers used by its call center employees The company is evaluating Amazon Workspaces as a solution A network engineer who is testing with a thin client is unable to conned to Amazon Workspaces After entering credentials the network engineer receives the following error: "An error occurred while launching your Workspace Please try again" What should the network engineer do to resolve this issue? 

A. Update the inbound rules on the network ACL on the subnets used for Amazon Workspaces to allow UDP on port 4172 and TCP on port 4172
B. Update the company's corporate firewall to allow outbound access to UDP on port 4172 and TCP on port 4172 Open inbound ephemeral ports explicitly to allow return communication
C. Update the inbound rules on the security group assigned to Amazon Workspaces to allow UDP on port 4172 and TCP on port 4172 
D. Update the company's corporate firewall to allow inbound access to UDP on port 4172 and TCP on port 4172 Open outbound ephemeral ports explicitly to allow return communication 

Answer: C

Question 2

A company installed an AWS Site-to-Site VPN and configured it to use two tunnels The company has learned that the VPN connectivity is unstable During a ping test from the onpremises data center to AWS: a network engineer notices that the first few ICMP replies time out but that subsequent requests are successful The AWS Management Console shows that the status for both tunnels last changed at the same time the ping responses were successfully received Which steps should the network engineer take to resolve the instability*? (Select TWO )

A. Enable dead peer detection (DPD) on the customer gateway device  
B. Change the tunnel configuration to active/standby on the virtual private gateway  
C. Use AS PATH prepending on one path to cause all traffic to prefer that tunnel  
D. Send ICMP requests to an instance in the VPC every 5 seconds from the on-premises network 
E. Use a higher multi-exit discriminator (MED) value on the preferred path to prefer that tunnel 

Answer: C,E

Question 3

A financial company is designing a secure AWS network architecture to support a hybrid cloud strategy. Systems deployed in the AWS Cloud are mission critical and have strict availability requirements. The company anticipates the need for hundreds of VPCs. Instances will be transient and rely heavily on DNS resolution The applications must be designed to have Availability Zone isolation and tolerate the loss of an Availability Zone What is the MOST reliable way to implement DNS in this scenario?

A. Create a new DHCP options set with DNS settings with on-premises DNS servers that traverse an AWS Direct Connect connection.
B. Create private hosted zones and share them with each VPC. Use Amazon Route 53 Resolver for hybrid DNS.
C. Modify the default DHCP options set with a fleet of proxy DNS servers that are deployed in each VPC
D. Create a fleet of DNS proxy servers in a central VPC. Share the proxy fleet with each VPC using AWS PrivateLink. 

Answer: C

Question 4

A company has a hybrid architecture with dual AWS Direct Connect connections andapplications running in the AWS Cloud and on premises The company uses its onpremises DNS servers to provide name resolution tor its internal domain company com Thecompany uses an Amazon Route 53 private hosted zone, aws company com for resolutionof AWS resource recordsA new application that runs on Amazon EC2 in the company's VPC needs to resolverecords in the company.com domain and on other AWS resourcesWhat should the company do to meet these requirements?

A. Create a new DHCP options set Configure the DHCP options set name servers to be the on-premises DNS servers, and configure the domain name to be company com Assign the DHCP options set to the VPC with the EC2 instances 
B. Create Route 53 Resolver outbound endpoints in each subnet in the VPC Configure a Route 53 forwarding rule with a rule type of Forward for company com that points to the onpremises DNS servers Configure a Route 53 forwarding rule with a rule type of System for aws company com
C. Create Route 53 Resolver outbound endpoints in each subnet in the VPC Configure conditional forwarding rules on the on-premises DNS servers to forward queries for the domain aws company com to the Route 53 Resolver endpoints Modify the DHCP options set to configure instances to resolve hostnames using the on-premises DNS servers D. Create a private hosted zone for company com within the AWS account Create Route 53 Resolver inbound endpoints in each subnet in the VPC Configure the on-premises DNS servers to send outbound zone transfers for company com to the Route 53 Resolver endpoints 

Answer: C

Question 5

A company is migrating a legacy storefront web application to the AWS Cloud. Theapplication is complex and will take several months to refactor A solutions architectrecommended an interim solution of using Amazon CloudFront with a custom originpointing to the SSL endpoint URL for the legacy web application until the replacement isready and deployedThe interim solution has worked for several weeks However, all browser connectionsrecently began showing an HTTP 502 Bad Gateway error with the header "X-Cache Errorfrom cloudfront" Monitoring services show that the HTTPS port 443 on the legacy webapplication is open and responding to requestsWhat is the likely cause of the error and what is the solution?

A. The origin access identity is not correct Edit the CloudFront distribution and update the identity in the origins settings
B. The SSL certificate on the CloudFront distribution has expired Use AWS Certificate Manager (ACM) in the us-east-1 Region to replace the SSL certificate in the CloudFront distribution with a new certificate
C. The SSL certificate on the legacy web application server has expired Use AWS Certificate Manager (ACM) in the us-east-1 Region to create a new SSL certificate Export the public and private keys and install the certificate on the legacy web application
D. The SSL certificate on the legacy web application server has expired Replace the SSL certificate on the web server with one signed by a globally recognized certificate authority (CA) Install the full certificate chain onto the legacy web application server 

Answer: A

Question 6

A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in us-west-2 To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses How should an engineer configure the network to meet these requirements? 

A. Configure an AWS Direct Connect private virtual interface to the company's AWS VPC in us-west-2 Create a VPC endpoint and configure the on-premises systems to leverage an HTTPS proxy in the VPC to access Amazon S3 
B. Configure a VPN connection to the company's AWS VPC in us-west-2 and use BGP to advertise routes for Amazon S3 
C. Configure a Direct Connect connection public virtual interface to us-west-2 Leverage an on-premises HTTPS proxy to send traffic to Amazon S3 over a Direct Connect connection 
D. Configure a VPN connection to the company's AWS VPC in us-west-2 Create a NAT gateway and configure the on-premises systems to leverage an HTTPS proxy in the VPC to access Amazon S3 

Answer: C

Question 7

A company uses an Application Load Balancer (ALB) to provide access to a multi-tenant web application for 25 customers The company creates a unique hostname for each customer to use to access the application Hostnames use the format customer-name example.com. Each customer has a dedicated group of Amazon EC2 instances that run their own version of the web application. When a customer visits customer-name example com, the ALB should route the request to the correct group of EC2 instances The company requires a highly available solution that is easy to maintain Which solution meets these requirements at the LOWEST cost?

A. Create one ALB for all customers Create a listener rule that includes an HTTP header condition to match the URL Add a forward action to route the request to the customer target group Use Amazon Route 53 to create an alias record for each customer-name example com hostname that points to the ALB 
B. Create one ALB for each customer Configure the listener to route requests to the customer target group Configure an NGINX proxy server to manage connections to each ALB Use Amazon Route 53 to create a CNAME record for each customer-name example com hostname that points to the NGINX proxy server
C. Create one ALB for ail customers Create a listener rule that includes a Host header condition to match the hostname Add a forward action to route the request to the customer target group Use Amazon Route 53 to create an alias record for each customer-name example com hostname that points to the ALB 
D. Create one ALB for each customer Configure the listener to route requests to the customer target group Create an Amazon CloudFront distribution Add each ALB to the distribution as a custom origin Use Amazon Route 53 to create an alias for each customername example com hostname that points to the CloudFront distribution

Answer: A

Question 8

A Network Engineer needs to create a public virtual interface on the company's AWS Direct Connect connection and only import routes which originated from the same region as the Direct Connect location. What action should accomplish this?

A. Configure a prefix list on the customer router containing the AWS IP address ranges for the specific region.
B. Configure a filter on the company's router to only import routes with the 7224:8100 BGP community attribute.
C. Configure a filter on the company's router to only import routes without a BGP community attribute and a maximum path length of 3
D. Configure a filter in the console and only allow routes advertised by AWS without a BGP community attribute and a maximum path length of 3. 

Answer: B

Question 9

A Systems Administrator is designing a hybrid DNS solution with spilt-view. The apexdomain “example.com” should be served through name servers across multiple top-level domains (TLDs). The name server for subdomain “dev.example.com” should reside onpremises. The administrator has decided to use Amazon Route 53 to achieve this scenario. What procedurals steps must be taken to implement the solution?

A. Use a Route 53 public hosted zone for example.com and a private hosted zone for dev.example.com
B. Use a Route 53 public and private hosted zone for example.com and perform subdomain delegation for dev.example.com 
C. Use a Route 53 public hosted zone for example.com and perform subdomain delegation for dev.example.com 
D. Use a Route 53 private hosted zone for example.com and perform subdomain delegation for dev.example.com

Answer: A

Question 10

A company uses a newly provisioned 1-Gbps AWS Direct Connect connection to configure a virtual interface for access to Amazon S3 Which configuration values is the network engineer required to provide? (Select TWO.)

A. Connection speed
B. VLAN ID
C. IP prefixes to advertise
D. Direct Connect location
E. Virtual private gateway

Answer: B,E