Get instant access to AWS-Advanced-Networking-Specialty Practice Tests 2021 Free Updated Today! [Q52-Q67]

Get instant access to AWS-Advanced-Networking-Specialty Practice Tests 2021 Free Updated Today!

Welcome to download the newest PassLeader AWS-Advanced-Networking-Specialty PDF dumps ( 155  Q&As)

NEW QUESTION 52
You run a well-architected, multi-AZ application in the eu-central-1 (Frankfurt) AWS region. The application is hosted in a VPC and is only accesses from the corporate network. To support large volumes of data transfer and administration of the application, you use a single 10-Gbps AWS Direct Connect connection with multiple private virtual interfaces. As part of a review, you decide to improve the resilience of your connection to AWS and make sure that any additional connectivity does not share the same Direct Connect routers at AWS. You need to provide the best levels of resilience to meet the application's needs.
Which two options should you consider? (Select two.)

• A. Install a second 10-Gbps Direct Connect connection to the same Direct Connection location.
• B. Install a second 10-Gbps Direct Connect connection to a second Direct Connect location for eu-central-
  1.
• C. Install a second 10-Gbps Direct Connect connection to a Direct Connect location in eu-west-1.
• D. Deploy an IPsec VPN over the Internet to the eu-west-1 region for diversity.
• E. Deploy an IPsec VPN over a public virtual interface on a new 10-Gbps Direct Connect connection.

Answer: C,E

 

NEW QUESTION 53
DNS name resolution must be provided for services in the following four zones:
company.private.
emea.company.private.
apac.company.private.
amer.company.private.
The contents of these zones is not considered sensitive, however, the zones only need to be used by services hosted in these VPCs, one per geographic region. Each VPC should resolve the names in all zones.
How can you use Amazon route 53 to meet these requirements?

• A. Create a single Route 53 Private Hosted Zone for the zone company.private and associate it with the three VPCs.
• B. Create a Route 53 Private Hosted Zone for each of the four zones and associate them with the three VPCs.
• C. Create a single Route 53 Public Hosted Zone for the zone company.private and configure the VPS DNS Resolver to forward
• D. Create a Route Public Hosted Zone for each of the four zones and configure the VPS DNS Resolver to forward

Answer: C

 

NEW QUESTION 54
A company deployed its production Amazon VPC using CIDR block 33.16.0.0/16. The company has nearly depleted its addresses and now needs to extend the VPC network.
Which CIDR blocks meet the company's requirement to extend the VPC network with a secondary CIDR?
(Choose two.)

• A. 192.168.1.0/24
• B. 172.16.0.0/18
• C. 10.0.0.0/8
• D. 100.70.0.0/17
• E. 33.17.0.0/16

Answer: D,E

 

NEW QUESTION 55
Your organization requires strict adherence to a change control process for its Amazon Elastic Compute Cloud (EC2) and VPC environments. The organization uses AWS CloudFormation as the AWS service to control and implement changes. Which combination of three services provides an alert for changes made outside of AWS CloudFormation? (Select three.)

• A. AWS Config
• B. AWS CloudWatch metrics
• C. AWS Identify and Access Management
• D. AWS Lambda
• E. AWS CloudFormation
• F. AWS Simple Notification Service

Answer: B,D,F

 

NEW QUESTION 56
Refer to the image.

You have three VPCs: A, B, and C.
VPCs A and C are both peered with VPC B.
The IP address ranges are as follows:
* VPC A: 10.0.0.0/16
* VPC B: 192.168.0.0/16
* VPC C: 10.0.0.0/16
Instance i-1 in VPC A has the IP address 10.0.0.10. Instance i-2 in VPC C has the IP address 10.0.0.10.
Instances i-3 and i-4 in VPC B have the IP addresses 192.168.1.10 and 192.168.1.20, respectively, i-3 and
* i-4 are in the subnet 192.168.1.0/24.
* i-3 must be able to communicate with i-1
* i-4 must be able to communicate with i-2
* i-3 and i-4 are able to communicate with i-1, but not with i-2.
Which two steps will fix this problem? (Select two.)

• A. Create two route tables: one with a route for destination VPC A, and another for destination VPC C.
• B. Create a new route table for VPC B, with unique route entries for destination VPC A and destination VPC C.
• C. Create subnets 192.168.1.0/28 and 192.168.1.16/28. Move i-3 and i-4 to these subnets, respectively.
• D. Create subnets 192.168.1.0/27 and 192.168.1.16/27. Move i-3 and i-4 to these subnets, respectively.
• E. Change the IP address of i-2 to 10.0.0.100. Assign it an elastic IP address.

Answer: B,D

 

NEW QUESTION 57
A customer is using ABC Telecom as a network provider. The customer has 10 different offices connected to ABC Telecom's MPLS backbone. The customer is setting up an AWS Direct Connect connection to AWS and has provided the LOA-CFA to ABC Telecom. ABC Telecom has terminated the Direct Connect circuit into their MPLS backbone. To uniquely identify the customer's traffic over the MPLS backbone, the customer must encapsulate all traffic with VLAN tag 100. The customer wants to send traffic to multiple VPCs.
Which two steps should be taken to meet the customer's requirement? (Select two.)

• A. Create a support ticket with AWS to request the removal of the outer VLAN tag 100 as the traffic reaches AWS routers.
• B. ABC Telecom removes the other tag before sending the packet to AWS.
• C. Send the traffic for all VPCs with the same VLAN tag 100 and use BGP to ensure that proper routing takes place to the appropriate VPC.
• D. ABC Telecom creates a support ticket with AWS to exchange MPLS labels and include the AWS port as part of their MPLS network.
• E. The customer performs Q-in-Q tunneling, with the AWS-required VLAN tag in the inside and VLAN 100 as the outside tag.

Answer: C,D

 

NEW QUESTION 58
Your company runs an application for the US market in the us-east-1 AWS region. This application uses proprietary TCP and UDP protocols on Amazon Elastic Compute Cloud (EC2) instances. End users run a real-time, front-end application on their local PCs. This front-end application knows the DNS hostname of the service.
You must prepare the system for global expansion. The end users must access the application with lowest latency.
How should you use AWS services to meet these requirements?

• A. Register the IP addresses of the service hosts as "A" records with latency-based routing policy in Amazon Route 53, and set a Route 53 health check for these hosts.
• B. Set the Amazon API gateway in front of the service, and register the API gateway name of the main service as an ALIAS record in Route 53.
• C. Set Amazon CloudFront in front of the host of the service, and register the CloudFront name of the main service as an ALIAS record in Route 53.
• D. Set the Elastic Load Balancing (ELB) load balancer in front of the hosts of the service, and register the ELB name of the main service host as an ALIAS record with a latency-based routing policy in Route 53.

Answer: D

 

NEW QUESTION 59
AWS CloudTrail can be configured to ____ log files across multiple accounts and regions so that log files are delivered to a single bucket.

• A. encrypt
• B. aggregate
• C. disperse
• D. replicate

Answer: B

Explanation:
You can configure CloudTrail to aggregate log files from multiple regions and deliver them to a single S3 bucket for a single account.
Reference: https://aws.amazon.com/cloudtrail/

 

NEW QUESTION 60
A company deployed its production Amazon VPC using CIDR block 33.16.0.0/16. The company has nearly depleted its addresses and now needs to extend the VPC network.
Which CIDR blocks meet the company's requirement to extend the VPC network with a secondary CIDR? (Choose two.)

• A. 192.168.1.0/24
• B. 172.16.0.0/18
• C. 10.0.0.0/8
• D. 100.70.0.0/17
• E. 33.17.0.0/16

Answer: D,E

 

NEW QUESTION 61
An organization runs a consumer-facing website on AWS. The Amazon EC2-based web fleet is load balanced using the AWS Application Load Balancer, Amazon Route 53 is used to provide the public DNS services.
The following URLs need to server content to end users:
test.example.com
web.example.com
example.com
Based on this information, what combination of services must be used to meet the requirement? (Select two.)

• A. Host condition a ALB listener to route example.com to appropriate target groups.
• B. Path condition in ALB listener to route example.com to appropriate target groups.
• C. Host condition in ALB listener to route $$$$.example.com to appropriate target groups.
• D. Host condition in ALB listener to route *.example.com to appropriate target groups.
• E. Path condition in ALB listener to route *.example.com to appropriate target groups.

Answer: A,B

 

NEW QUESTION 62
Your company decides to use Amazon S3 to augment its on-premises data store. Instead of using the company's highly controlled, on-premises Internet gateway, a Direct Connect connection is ordered to provide high bandwidth, low latency access to S3. Since the company does not own a publically routable IPv4 address block, a request was made to AWS for an AWS-owned address for a Public Virtual Interface (VIF).
The security team is calling this new connection a "backdoor", and you have been asked to clarify the risk to the company.
Which concern from the security team is valid and should be addressed?

• A. EC2 instances in the same region with access to the Internet could directly reach the router.
• B. AWS advertises its aggregate routes to the Internet allowing anyone on the Internet to reach the router.
• C. The S3 service could reach the router through a pre-configured VPC Endpoint.
• D. Direct Connect customers with a Public VIF in the same region could directly reach the router.

Answer: B

 

NEW QUESTION 63
A Network Engineer is troubleshooting a network connectivity issue for an instance within a public subnet that cannot connect to the internet. The first step the Engineer takes is to SSH to the instance via a local bastion within the VPC and runs an ifconfig command to inspect the IP addresses configured on the instance. The output is as follows:

The Engineer notices that the command output does not contain a public IP address. In the AWS Management Console, the public subnet has a route to the internet gateway. The instance also has a public IP address associated with it.
What should the Engineer do next to troubleshoot this situation?

• A. Evaluate the security groups and the network access control list.
• B. Associate an Elastic IP address to the interface.
• C. Disable source/destination checking for the instance.
• D. Configure the public IP on the interface.

Answer: A

 

NEW QUESTION 64
A company has two redundant AWS Direct Connect connections to a VPC. The VPC is configured using BGP metrics so that one Direct Connect connection is used as the primary traffic path. The company wants the primary Direct Connect connection to fail to the secondary in less than one second.
What should be done to meet this requirement?

• A. Configure BGP on the company's router with a keep-alive to 300 ms and the BGP hold timer to 900 ms.
• B. Enable Dead Peer Detection (DPD) on the company's router with a detection minimum interval of 300 ms and a DPD liveliness detection multiplier of 3.
• C. Enable Bidirectional Forwarding Detection (BFD) echo mode on the company's router and disable sending the Internet Control Message Protocol (ICMP) IP packet requests.
• D. Enable Bidirectional Forwarding Detection (BFD) on the company's router with a detection minimum interval of 300 ms and a BFD liveness detection multiplier of 3.

Answer: D

 

NEW QUESTION 65
A corporate network routing table contains 624 individual RFC 1918 and public IP prefixes. You have two AWS Direct Connect connectors. You congure a private virtual interface on both connections to a virtual private gateway. The virtual private gateway is not currently attached to a VPC. Neither BGP session will maintain the Established state on the customer router. The AWS Management Console reports the private virtual interfaces as Down.
What could you do to address the problem so that the AWS Management Console reports the private virtual interface as Available?

• A. Attach the virtual private gateway to a VPC and enable route propagation.
• B. Attach the second virtual interface to an alternative virtual private gateway.
• C. Change the BGP advertisements from the corporate network to only be a default route.
• D. Filter the public IP prexes on the corporate network from the private virtual interface.

Answer: C

Explanation:
Explanation
https://aws.amazon.com/es/premiumsupport/knowledge-center/virtual-interface-bgp-down/

 

NEW QUESTION 66
An organization's Security team has a requirement that all data leaving its on-premises data center be encrypted at the network layer and use dedicated connectivity. There is also a requirement to centrally log all traffic flow in Amazon VPC environments. An AWS Direct Connect connection has been ordered to build out this design.
What steps should be taken to ensure that connectivity to AWS meets these security requirements? (Choose two.)

• A. Enable VPC Flow Logs for each VPC.
• B. Use AWS KMS to encrypt traffic between on-premises and AWS.
• C. Provision a private virtual interface for each VPC connection.
• D. Provision a VPN connection to each VPC over the internet.
• E. Provision a public virtual interface on AWS Direct Connect and set up a VPN to each VPC.

Answer: A,E

Explanation:
References:

 

NEW QUESTION 67
......

Nov-2021 Latest DumpsFree AWS-Advanced-Networking-Specialty Exam Dumps with PDF and Exam Engine: https://www.dumpsfree.com/AWS-Advanced-Networking-Specialty-valid-exam.html