Exam 1: AWS Certified Advanced Networking - Specialty (ANS-C00)

You need to find the MTU used by another instance, but tracepath is not working. You know the instance you are trying to tracepath has open security group and NACL rules. Which protocol do you need to allow to access your instance to remedy this?

You have been asked to monitor traffic flows on your Amazon EC2 instance. You will be performing deep packet inspection, looking for atypical patterns. Which tool will enable you to look at this data?

You need to set up an Amazon Elastic Compute Cloud (EC2) instance for an application that requires the lowest latency and the highest packet-per-second network performance. The application will talk to other servers in a peered VPC. Which two of the following components should be part of the design? (Choose two.)

An organization processes consumer information submitted through its website. The organization's security policy requires that personally identifiable information (PII) elements are specifically encrypted at all times and as soon as feasible when received. The front-end Amazon EC2 instances should not have access to decrypted PII. A single service within the production VPC must decrypt the PII by leveraging an IAM role. Which combination of services will support these requirement? (Choose two.)

Which is not a valid Route 53 record?

Your company just deployed a WAF to protect its resources. You need to create a baseline before you start blocking traffic. How will you achieve this?

Which of these metrics cannot help detect a DDoS?

An organization is replacing a tape backup system with a storage gateway. there is currently no connectivity to AWS. Initial testing is needed. What connection option should the organization use to get up and running at minimal cost?

Your company needs to leverage Amazon Simple Storage Solution (S3) for backup and archiving. According to company policy, data should not flow on the public Internet even if data is encrypted. You have set up two S3 buckets in us-east-1 and us-west-2. Your company data center is located on the West Coast of the United States. The design must be cost-effective and enable minimal latency. Which design should you set up?

You would like to automate the monitoring of changes in the configurations of your AWS resources and respond programmatically to configurations of only a certain type. To do this, you could use Amazon ____ as the endpoint for the Amazon SNS topics that generate messages from AWS Config.

Your company has set up AWS Direct Connect to connect on-premises to an Amazon VPC instance. Two Direct Connect connections terminate at two different Direct Connect locations. You are using two routers, R1 and R2, at your end (one of each Direct Connect connection). R1 and R2 do NOT have connectivity between them. Both routers advertise the same routers over BGP to the VGW. You have a stateful firewall on each router. The routers drop some of the traffic coming from the VPC. Which two actions should you take to fix this problem? (Choose two.)

Your website utilizes EC2, S3, ELB-Classic, and CloudFront. Your manager has shifted focus to security and wants you to ensure the site is as secure as possible. What two items could you recommend? (Choose two.)

A company has a hybrid architecture with dual AWS Direct Connect connections and applications running in the AWS Cloud and on premises. The company uses its on-premises DNS servers to provide name resolution for is internal domain company.com. The company uses an Amazon Route 53 private hosted zone, aws.company.com, for resolution of AWS resource records. A new application that runs on Amazon EC2 in the company's VPC needs to resolve records in the company.com domain and on other AWS resources. What should the company do to meet these requirements?

A company uses a single connection to the internet when connecting its on-premises location to AWS. It has selected an AWS Partner Network (APN) Partner to provide a point-to-point circuit for its first-ever 10 Gbps AWS Direct Connect connection. What steps must be taken to order the cross-connect at the Direct Connect location?

You manage a web service that is used by client applications deployed in 300 offices worldwide. The web service architecture is an Elastic Load balancer (ELB) distributing traffic across four application servers deployed in an autoscaling group across two availability zones. The ELB is configured to use round robin, and sticky sessions are disabled. You have configured the NACLs and Security Groups to allow port 22 from your bastion host, and port 80 from 0.0.0.0/0. The client configuration is managed by each regional IT team. Upon inspection you find that a large amount of requests from incorrectly configured sites are causing a single application server to degrade. The remainder of the requests are equally distributed across all servers with no negative effects. What should you do to remedy the situation and prevent future occurrences?

You have just deployed a website that utilizes CloudFront, ELB, and S3 to serve content. When users access your site, they are seeing broken image links. What is most likely the problem?

Your company was recently acquired and a Direct Connection connection was extended from your new parent corporation to your AWS VPC using a hosted VIF. What data charges are billed to your account for that connection?

You have two placement groups in a VPC. What communication speed can be expected between the two placement groups?

What value in a packet dictates the priority of the packet in a QoS enabled network?

A company hosts its application, example.com, behind Application Load Balancers in the us-east-1 and eu-west-1 Regions. Users should be routed to the resources geographically nearest to them. Users must not be routed to the application when it is considered unhealthy. How should a network engineer configure Amazon Route 53 to route clients to example.com?