CertsTopics Logo

New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

ANS-C00 Exam Results

Page: 4 / 6
Total 154 questions
Get ANS-C00 Full Access Download ANS-C00 PDF

AWS Certified Advanced Networking-Specialty Questions and Answers

Question 13

Your company decides to use Amazon S3 to augment its on-premises data store. Instead of using the company’s highly controlled, on-premises Internet gateway, a Direct Connect connection is ordered to provide high bandwidth, low latency access to S3. Since the company does not own a publically routable IPv4 address block, a request was made to AWS for an AWS-owned address for a Public Virtual Interface (VIF).

The security team is calling this new connection a “backdoor”, and you have been asked to clarify the risk to the company.

Which concern from the security team is valid and should be addressed?

Options:

A.

AWS advertises its aggregate routes to the Internet allowing anyone on the Internet to reach the router.

B.

Direct Connect customers with a Public VIF in the same region could directly reach the router.

C.

EC2 instances in the same region with access to the Internet could directly reach the router.

D.

The S3 service could reach the router through a pre-configured VPC Endpoint.

Question 14

Your organization has a newly installed 1-Gbps AWS Direct Connect connection. You order the cross-connect from the Direct Connect location provider to the port on your router in the same facility. To enable the use of your first virtual interface, your router must be configured appropriately.

What are the minimum requirements for your router?

Options:

A.

1-Gbps Multi Mode Fiber Interface, 802.1Q VLAN, Peer IP Address, BGP Session with MD5.

B.

1-Gbps Single Mode Fiber Interface, 802.1Q VLAN, Peer IP Address, BGP Session with MD5.

C.

IPsec Parameters, Pre-Shared key, Peer IP Address, BGP Session with MD5

D.

BGP Session with MD5, 802.1Q VLAN, Route-Map, Prefix List, IPsec encrypted GRE Tunnel

Question 15

A customer is using ABC Telecom as a network provider. The customer has 10 different offices connected to ABC Telecom’s MPLS backbone. The customer is setting up an AWS Direct Connect connection to AWS and has provided the LOA-CFA to ABC Telecom. ABC Telecom has terminated the Direct Connect circuit into their MPLS backbone. To uniquely identify the customer’s traffic over the MPLS backbone, the customer must encapsulate all traffic with VLAN tag 100. The customer wants to send traffic to multiple VPCs.

Which two steps should be taken to meet the customer’s requirement? (Select two.)

Options:

A.

The customer performs Q-in-Q tunneling, with the AWS-required VLAN tag in the inside and VLAN 100 as the outside tag.

B.

Create a support ticket with AWS to request the removal of the outer VLAN tag 100 as the traffic reaches AWS routers.

C.

Send the traffic for all VPCs with the same VLAN tag 100 and use BGP to ensure that proper routing takes place to the appropriate VPC.

D.

ABC Telecom removes the other tag before sending the packet to AWS.

E.

ABC Telecom creates a support ticket with AWS to exchange MPLS labels and include the AWS port as part of their MPLS network.

Question 16

A legacy, on-premises web application cannot be load balances effectively. There are both planned and unplanned events that cause usage spikes to millions of concurrent users. The existing infrastructure cannot handle the usage spikes. The CIO has mandated that the application be moved to the cloud to avoid further disruptions, with the additional requirement that source IP addresses be unaltered to support network traffic-monitoring needs. Which of the following designs will meet these requirements?

Options:

A.

Use an Auto Scaling group of Amazon EC2 instances behind a Classic Load Balancer.

B.

Use an Auto Scaling group of EC2 instances in a target group behind an Application Load Balancer.

C.

Use an Auto Scaling group of EC2 instances in a target group behind a Classic Load Balancer.

D.

Use an Auto Scaling group of EC2 instances in a target group behind a Network Load Balancer.

Page: 4 / 6
Total 154 questions
Get ANS-C00 Full Access Download ANS-C00 PDF