Exam 1: AWS Certified Advanced Networking - Specialty (ANS-C00)

You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?

A network engineer is managing two AWS Direct Connect connections. Each connection has a public virtual interface configured with a private ASN. The engineer wants to configure active/passive routing between the Direct Connect connections to access Amazon public endpoints. What BGP configuration is required for the on-premises equipment? (Choose two.)

Which path will be chosen first?

Your organization has placed a project on hold and has stopped 30 public EC2 instances. These instances use instance store volumes and do not have custom AMIs associated. You are still being charged every month. What is the charge probably for?

What are two routing methods used by Route 53? (Choose two.)

You would like to ensure that all Amazon S3 buckets going forward, current and newly created ones, have logging enabled. What type of trigger(s) should you use?

You are a network admin of a US company called Webby Widgets that is expanding to Europe. The company has a website that serves dynamic and static content. You have been instructed to ensure the European clients receive the least latency possible, no matter where in Europe they live, while still allowing the US clients to receive the same user experience and performance they have been accustomed to. You have also been instructed to ensure both countries use the same URL to access the site and keep costs low. What two things should you do? (Choose two.)

Your company has signed up to trial AWS WorkSpaces. You aren't sure you're going to keep it, but you want to try it out to see if it works for your organization of 112 users. You need to deploy it with as little work and up-front expense as possible while still allowing access to your Active Directory for authentication. What two things should you do? (Choose two.)

Your company needs an inexpensive solution to host their AD data in the cloud. They do not need all of the features of AD but do need to be able to use it with WorkSpaces. What is the best solution?

You need to ensure the files served by your CloudFront distribution are only accessible to authorized users. You hope to serve thousands of users. What two steps should you take? (Choose two.)

You need to set up an Amazon Elastic Compute Cloud (EC2) instance for an application that requires the lowest latency and the highest packet-per-second network performance. The application will talk to other servers in a peered VPC. Which two of the following components should be part of the design? (Select two.)

How many BGP advertised routes can you have per route table?

Which statement about Elastic IP addresses is incorrect?

You need to find the subnet, the security group and the VPC that your instance is associated with. You only have access to the terminal of an instance with an admin role attached. What is the first part of the command you would use?

You are deploying a web application in a VPC that requires SSL mutual authentication with a client- side, smartcard-stored certificate. The ELB Classic Load Balancer listener must support mutual authentication between the client and the application. Which load balancer protocol should you select for this application?

What number does the binary number 10101000 correspond to?

Your company has installed an AWS Direct Connect connection in an ap-southeast-1 Direct Connect location. A public virtual interface is configured through a router to a dedicated firewall. You advertise your company's public /24 CIDR block to AWS with AS 65500. The company maintains a separate, corporate Internet firewall to map all outbound traffic to a single IP. This firewall maintains a BGP relationship with an upstream Internet provider that has delegated the public IP block your company uses. When the BGP session for the public virtual interface is up, corporate network users cannot access Amazon S3 resources in the ap-southeast-1 region. Which step should you take to provide concurrent AWS and Internet access?

You are building an application that provides real-time audio and video services to customers on the Internet. The application requires high throughput. To ensure proper audio and video transmission, minimal latency is required. Which of the following will improve transmission quality?

You can use the ____ page of the AWS Config console to look up resources that AWS Config has discovered, including deleted resources and resources that are not currently being recorded.

A company is connecting to a VPC over an AWS Direct Connect using a private VIF, and a dynamic VPN connection as a backup. The company's Reliability Engineering team has been running failover and resiliency tests on the network and the existing VPC by simulating an outage situation on the Direct Connect connection. During the resiliency tests, traffic failed to switch over to the backup VPN connection. How can this failure be troubleshot?