• Home
  • Articles
  • Amazon AWS-Advanced-Networking-Specialty Exam Dumps - PDF Questions and Testing Engine [Q87-Q106]

Amazon AWS-Advanced-Networking-Specialty Exam Dumps - PDF Questions and Testing Engine [Q87-Q106]

Share

Amazon AWS-Advanced-Networking-Specialty Exam Dumps - PDF Questions and Testing Engine

Latest AWS-Advanced-Networking-Specialty Exam Dumps for Pass Guaranteed

NEW QUESTION 87
A company has an AWS Direct Connect connection between its on-premises data center and Amazon VPC.
An application running on an Amazon EC2 instance in the VPC needs to access confidential data stored in the on-premises data center with consistent performance For compliance purposes, data encryption is required.
What should the network engineer do to meet these requirements?

  • A. Configure a private virtual interface on the Direct Connect connection. Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.
  • B. Configure a public virtual interface on the Direct Connect connection. Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.
  • C. Configure an internet gateway in the VPC Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.
  • D. Configure an internet gateway in the VPC Set up a software VPN between the customer gateway and an EC2 instance in the VPC.

Answer: C

 

NEW QUESTION 88
Which service would you use to see who changed your infrastructure? Choose the correct answer:

  • A. Flow Logs
  • B. Config
  • C. CloudTrail

Answer: C

 

NEW QUESTION 89
A manufacturing company has a hybrid environment that includes an AWS Direct Connect gateway that is associated with an AWS Transit Gateway. The company wants to extend a third- party application that is hosted in its on-premises data center into one of its VPCs. The application vendor has stated that It must use an overlay IP address to meet the company's requirement for high availability. The DHCP administrator has assigned a non-overlapping RFC1918 private address for use as the overlay IP address. The security team requires connectivity to remain private.
Which solution meets these requirements with the LEAST management overhead?

  • A. Create a layer 2 VPN across a public VIF by using a software-based VPN on a pair of Amazon EC2 instances Use BGP to advertise the routes over the VPN
  • B. Create an external Network Load Balancer by using Amazon Route 53 to create records that point to the target application's overlay IP address Create static entries in the VPC route table
  • C. Create a transit VIF with automatically propagated routes in the transit gateway route table Create a new subnet in the VPC for the overlay IP address, and propagate the route to the VPC route table.
    Update the route tables on premises as needed.
  • D. Create a transit VIF Then create static routes in the transit gateway route table to point to the VPC that contains the overlay IP address Create static routes in the VPC route table that point to the transit gateway Update the route tables on premises as needed

Answer: D

 

NEW QUESTION 90
You are moving a two-tier application into an Amazon VPC. An Elastic Load Balancing (ELB) load balancer is configured in from of the application tier. The application tier is driven through RESTful interfaces. The data tier uses relational database service (RDS) MySQL. Company policy requires end-to-end encryption of all data in transit.
What ELB configuration complies with the corporate encryption policy?

  • A. Configure the ELB protocols in TCP mode. Configure the application instances for SSL termination.
    Configure Amazon RDS for SSL, and use REQUIRE SSL grants.
  • B. Configure the ELB load balancer protocol as HTTP. Configure the application instances for SSL termination. Configure Amazon RDS for SSL, and use REQUIRE SSL grants.
  • C. Configure the ELB protocols in SSL mode. Offload application instance encryption to the load balancer.
    Install your SSL/TLS certificate on Amazon RDS, and configure SSL.
  • D. Configure the ELB load balancer protocol as HTTPS. Offload application instance encryption to the load balancer. Install your SSL certificate on Amazon RDS, and configure SSL.

Answer: D

 

NEW QUESTION 91
A Network Engineer needs to create a public virtual interface on the company's AWS Direct Connect connection and only import routes which originated from the same region as the Direct Connect location.
What action should accomplish this?

  • A. Configure a filter in the console and only allow routes advertised by AWS without a BGP community attribute and a maximum path length of 3.
  • B. Configure a filter on the company's router to only import routes without a BGP community attribute and a maximum path length of 3.
  • C. Configure a prefix list on the customer router containing the AWS IP address ranges for the specific region.
  • D. Configure a filter on the company's router to only import routes with the 7224:8100 BGP community attribute.

Answer: C

 

NEW QUESTION 92
A Lambda function needs to access the private address of an Amazon ElastiCache cluster in a VPC. The Lambda function also needs to write messages to Amazon SQS. The Lambda function has been configured to run in a subnet in the VPC.
Which of the following actions meet the requirements? (Select two.)

  • A. The Lambda function must consume auto-assigned public IP addresses but not elastic IP addresses.
  • B. The ElastiCache server outbound security group rules must be configured to permit the Lambda function's security group.
  • C. The Lambda function needs an IAM role to access Amazon SQS
  • D. The Lambda function must route through a NAT gateway or NAT instance in another subnet to access the public SQS API.
  • E. The Lambda function must be assigned a public IP address to access the public Amazon SQS API.

Answer: C,E

Explanation:
Explanation/Reference:
References: https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/

 

NEW QUESTION 93
Your company uses an NTP server to synchronize time across systems. The company runs multiple versions of Linux and Windows systems. You discover that the NTP server has failed, and you need to add an alternate NTP server to your instances.
Where should you apply the NTP server update to propagate information without rebooting your running instances?

  • A. DHCP Options Set
  • B. instance meta-data
  • C. instance user-data
  • D. cfn-init scripts

Answer: A

Explanation:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-dhcp-options.html

 

NEW QUESTION 94
You are building an application in AWS that requires Amazon Elastic MapReduce (Amazon EMR). The application needs to resolve hostnames in your internal, on-premises Active Directory domain. You update your DHCP Options Set in the VPC to point to a pair of Active Directory integrated DNS servers running in your VPC.
Which action is required to support a successful Amazon EMR cluster launch?

  • A. Add a conditional forwarder to the Amazon-provided DNS server.
  • B. Configure an Amazon Route 53 private zone for the EMR cluster.
  • C. Enable seamless domain join for the Amazon EMR cluster.
  • D. Launch an AD connector for the internal domain.

Answer: C

Explanation:
Explanation
References:
https://aws.amazon.com/blogs/security/how-to-connect-your-on-premises-active-directory-to-awsusing-ad-connector/

 

NEW QUESTION 95
A company has an application running on Amazon EC2 instances in a private subnet that connects to a third-party service provider's public HTTP endpoint through a NAT gateway.
As request rates increase, new connections are starting to fail. At the same time, the ErrorPortAllocation Amazon CloudWatch metric count for the NAT gateway is increasing.
Which of the following actions should improve the connectivity issues? (Choose two.)

  • A. Create additional NAT gateways in the public subnet and split client instances into multiple private subnets, each with a route to a different NAT gateway.
  • B. Request that the third-party service provider implement HTTP keepalive.
  • C. Allocate additional elastic IP addresses to the NAT gateway.
  • D. Implement TCP keepalive on the client instances.
  • E. Create additional NAT gateways and update the private subnet route table to introduce the new NAT gateways.

Answer: A,D

Explanation:
https://aws.amazon.com/premiumsupport/knowledge-center/vpc-resolve-port-allocation-errors/ Limit the number of connections that clients can make to a single destination. Keeplive reduce the number of new connection establish.

 

NEW QUESTION 96
A company has an application running in an Amazon VPC that must be able to communicate with on- premises resources in a data center. Network traffic between AWS and the data center will initially be minimal, but will increase to more than 10 Gbps over the next few months. The company's goal is to launch the application as quickly as possible.
The Network Engineer has been asked to design a hybrid IT connectivity solution.
What should be done to meet these requirements?

  • A. Provision an AWS VPN connection between an Amazon VPC and the data center, then submit an AWS Direct Connect connection request. Later, cut over from the VPN connection to one or more Direct Connect connections, as needed.
  • B. Provision a 100 Mbps AWS Direct Connect connection between an Amazon VPC and the data center, then submit a Direct Connect connection request. Later, cut over from the hosted connection to one or more Direct Connect connections, as needed.
  • C. Submit a 1 Gbps AWS Direct Connect connection request, then increase the number of Direct Connect connections, as needed.
  • D. Allocate elastic IPs to Amazon EC2 instances for temporary access to on-premises resources, then provision AWS VPN connections between an Amazon VPC and the data center.

Answer: A

 

NEW QUESTION 97
A company wants to use thin clients running virtual desktops to replace 500 desktop computers used by its call center employees The company is evaluating Amazon Workspaces as a solution A network engineer who is testing with a thin client is unable to conned to Amazon Workspaces After entering credentials the network engineer receives the following error:
"An error occurred while launching your Workspace Please try again"
What should the network engineer do to resolve this issue?

  • A. Update the inbound rules on the security group assigned to Amazon Workspaces to allow UDP on port 4172 and TCP on port 4172
  • B. Update the inbound rules on the network ACL on the subnets used for Amazon Workspaces to allow UDP on port 4172 and TCP on port 4172
  • C. Update the company's corporate firewall to allow inbound access to UDP on port 4172 and TCP on port 4172 Open outbound ephemeral ports explicitly to allow return communication
  • D. Update the company's corporate firewall to allow outbound access to UDP on port 4172 and TCP on port 4172 Open inbound ephemeral ports explicitly to allow return communication

Answer: A

Explanation:
You might also receive this error on the Amazon WorkSpaces client after a long delay if the WorkSpaces security group is modified to restrict outbound traffic. An outbound traffic restriction prevents Windows from communicating with your directory controllers for login. Verify that your security groups allow your WorkSpaces to communicate with your directory controllers on all required ports over its primary network interface. https://aws.amazon.com/premiumsupport/knowledge-center/workspaces-no-access-using-client/

 

NEW QUESTION 98
What must be added to your web server configuration to view the true requesting IP address?
Choose the correct answer:

  • A. X-Amzn-Trace-ID
  • B. X-Forwarded-For
  • C. X-Forwarded-Proto
  • D. X-Actual-IP

Answer: B

Explanation:
X-Forwarded-For. X-Forwarded-Proto is to see the protocol, X-Actual-IP doesn't exist and X- Amzn-Trace-ID is for Amazon's unique identifier.

 

NEW QUESTION 99
Accompany has a public domain, company.com, that is hosted by a DNS provider. The company creates a public hosted zone, cloud.company.com, in Amazon Route 53. The company wants to keep all public AWS application DNS records under this hosted zone.
The company recently deployed its first public application behind an Elastic Load Balancer in its AWS environment. The domain name app1.cloud.company.comneeds to access the application.
Which solution will meet these requirements?

  • A. On the DNS provider, create a subdomain for cloudunder company.com. Create a CNAME record for app1under cloud.company.com. Point this record to the Elastic Load Balancer public DNS name. In Route 53, create A records for cloud.company.com. Point these records to the DNS provider name servers.
  • B. On the DNS provider, create A records for cloudunder company.com. Point these records to Route 53 name server IP addresses of the public hosted zone. In Route 53, create an ALIAS (A) record for app1under cloud.company.com. Point this record to the Elastic Load Balancer.
  • C. On the DNS provider, create NS records for cloudunder company.com. Point these records to Route 53 name servers of the public hosted zone. In Route 53, create an ALIAS (A) record for app1under cloud.company.com. Point this record to the Elastic Load Balancer.
  • D. On the DNS provider, create a subdomain for cloudunder company.com. Create a CNAME record for app1under cloud.company.com. Point this record to the Elastic Load Balancer public DNS name. In Route 53, create NS records for cloud.company.com. Point these records to the DNS provider name servers.

Answer: B

Explanation:
https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Route53/dns-alias-record-for-root-domain.html

 

NEW QUESTION 100
What is the IPv6 subnet CIDR used by a VPC?
Choose the correct answer:

  • A. /16
  • B. /128
  • C. /48
  • D. /56

Answer: D

Explanation:
A VPC will always use /56 as its CIDR

 

NEW QUESTION 101
A customer is using ABC Telecom as a network provider. The customer has 10 different offices connected to ABC Telecom's MPLS backbone. The customer is setting up an AWS Direct Connect connection to AWS and has provided the LOA-CFA to ABC Telecom. ABC Telecom has terminated the Direct Connect circuit into their MPLS backbone. To uniquely identify the customer's traffic over the MPLS backbone, the customer must encapsulate all traffic with VLAN tag 100. The customer wants to send traffic to multiple VPCs.
Which two steps should be taken to meet the customer's requirement? (Select two.)

  • A. ABC Telecom creates a support ticket with AWS to exchange MPLS labels and include the AWS port as part of their MPLS network.
  • B. Create a support ticket with AWS to request the removal of the outer VLAN tag 100 as the traffic reaches AWS routers.
  • C. The customer performs Q-in-Q tunneling, with the AWS-required VLAN tag in the inside and VLAN
    100 as the outside tag.
  • D. ABC Telecom removes the other tag before sending the packet to AWS.
  • E. Send the traffic for all VPCs with the same VLAN tag 100 and use BGP to ensure that proper routing takes place to the appropriate VPC.

Answer: C,D

 

NEW QUESTION 102
You have two placement groups in a VPC. What communication speed can be expected between the two placement groups?
Choose the correct answer:

  • A. 5Gbps
  • B. 20Gbps
  • C. 10Gbps
  • D. You cannot communicate between two placement groups.

Answer: A

Explanation:
5Gbps is the maximum speed for traffic outside of a placement group.

 

NEW QUESTION 103
A Lambda function needs to access the private address of an Amazon ElastiCache cluster in a VPC. The Lambda function also needs to write messages to Amazon SQS. The Lambda function has been configured to run in a subnet in the VPC.
Which of the following actions meet the requirements? (Select two.)

  • A. The Lambda function must consume auto-assigned public IP addresses but not elastic IP addresses.
  • B. The ElastiCache server outbound security group rules must be configured to permit the Lambda function's security group.
  • C. The Lambda function needs an IAM role to access Amazon SQS
  • D. The Lambda function must be assigned a public IP address to access the public Amazon SQS API.
  • E. The Lambda function must route through a NAT gateway or NAT instance in another subnet to access the public SQS API.

Answer: C,E

Explanation:
Explanation
https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html
https://docs.aws.amazon.com/lambda/latest/dg/vpc.html

 

NEW QUESTION 104
A Network Engineer needs to be automatically notified when a certain TCP port is accessed on a fleet of Amazon EC2 instances running in an Amazon VPC.
Which of the following is the MOST reliable solution?

  • A. Install intrusion detection software on each Amazon EC2 instance and configure it to use the AWS CLI to notify the Administrator with Amazon SNS each time the TCP port is accessed.
  • B. Create VPC Flow Logs that write to Amazon CloudWatch Logs, with a metric filter matching connections on the required port. Create a CloudWatch alarm on the resulting metric that uses Amazon SNS to notify the Administrator when the metric is greater than zero.
  • C. Install intrusion detection software on each Amazon EC2 instance and configure it to use the AWS CLI to publish to a custom Amazon CloudWatch metric each time the TCP port is accessed. Create a CloudWatch alarm on the resulting metric that uses Amazon SNS to notify the Administrator when the metric is greater than zero.
  • D. Create an inbound rule in the VPC's network ACL that matches the TCP port. Create an Amazon CloudWatch alarm on the NetworkPackets metric for the ACL that uses Amazon SNS to notify the Administrator when the metric is greater than zero.

Answer: B

Explanation:
NetworkPacketsIn metrics is not even relevant for this question. The definition is as follows The number of packets received by the instance on all network interfaces. This metric identifies the volume of incoming traffic in terms of the number of packets on a single instance.

 

NEW QUESTION 105
A Lambda function needs to access the private address of an Amazon ElastiCache cluster in a VPC. The Lambda function also needs to write messages to Amazon SQS. The Lambda function has been configured to run in a subnet in the VPC.
Which of the following actions meet the requirements? (Select two.)

  • A. The Lambda function must consume auto-assigned public IP addresses but not elastic IP addresses.
  • B. The ElastiCache server outbound security group rules must be configured to permit the Lambda function's security group.
  • C. The Lambda function needs an IAM role to access Amazon SQS
  • D. The Lambda function must route through a NAT gateway or NAT instance in another subnet to access the public SQS API.
  • E. The Lambda function must be assigned a public IP address to access the public Amazon SQS API.

Answer: C,E

Explanation:
Explanation
References: https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/

 

NEW QUESTION 106
......


Salary of AWS Certified Advanced Networking - Specialty certified professionals

The salary of AWS Certified Advanced Networking - Specialty certified professionals varies from $101K to $135K depending on the years of experience.

 

Reliable AWS Certified Advanced Networking Specialty AWS-Advanced-Networking-Specialty Dumps PDF Oct 20, 2022 Recently Updated Questions: https://www.passexamdumps.com/AWS-Advanced-Networking-Specialty-valid-exam-dumps.html

Pass Your Amazon AWS-Advanced-Networking-Specialty Exam with Correct 156 Questions and Answers: https://drive.google.com/open?id=1XH5dDwihM_Vpn4yhNnSse0WnjJWtTlEk

Related Articles

more
Amazon AWS-Advanced-Networking-Specialty Certification Practice Exam