AWS ANS-C00 Certification Exam LATEST SOLUTION 2023/24 EDITION GUARANTED GRADE A+

Document Content and Description Below

Question: 01. Your application server instances reside in the private subnet of your VPC. These instances need to access a Git repository on the Internet. You create a NAT gateway in the public subnet... of your VPC. The NAT gateway can reach the Git repository, but instances in the private subnet cannot. You confirm that a default route in the private subnet route table points to the NAT gateway. The security group for your application server instances permits all traffic to the NAT gateway. What configuration change should you make to ensure that these instances can reach the patch server? a) Assign public IP addresses to the instances and route 0.0.0.0/0 to the Internet gateway. b) Configure an outbound rule on the application server instance security group for the Git repository. c) Configure inbound network access control lists (network ACLs) to allow traffic from the Git repository to the public subnet. d) Configure an inbound rule on the application server instance security group for the Git repository. Answer: b) Configure an outbound rule on the application server instance security group for the Git repository. Question: 02. You are deploying a web application in a VPC that requires SSL mutual authentication with a clientside, smartcard-stored certificate. The ELB Classic Load Balancer listener must support mutual authentication between the client and the application. Which load balancer protocol should you select for this application? a) HTTP b) HTTPS c) SSL d) TCP Answer: d) TCP Question: 03. Your company has installed an AWS Direct Connect connection in an ap-southeast-1 Direct Connect location. A public virtual interface is configured through a router to a dedicated firewall. You advertise your company's public /24 CIDR block to AWS with AS 65500. The company maintains a separate, corporate Internet firewall to map all outbound traffic to a single IP. This firewall maintains a BGP relationship with an upstream Internet provider that has delegated the public IP block your company uses. When the BGP session for the public virtual interface is up, corporate network users cannot access Amazon S3 resources in the ap-southeast-1 region. Which step should you take to provide concurrent AWS and Internet access? a) Configure AS-PATH prepending for the public virtual interface. b) Advertise a host route for the corporate firewall on the public virtual interface. c) Advertise a host route for the corporate firewall to the upstream Internet provider. d) NAT the traffic destined for AWS from the dedicated firewall using the public virtual interface. Answer: d) NAT the traffic destined for AWS from the dedicated firewall using the public virtual interface. Question: 04. You have a web application (app.mycompany.com) running on an EC2 instance with a single elastic network interface in a subnet in a VPC. Because of a network redesign, you need to move the web application to a different subnet in the same Availability Zone. Which of the following migration strategies meets the requirements? a) Create an elastic network interface in the new subnet. Attach this interface to the instance, and detach the old interface. b) Launch a new instance in the subnet via an AMI created from the instance, and redirect new connections to this new instance using DNS. Decommission the old instance. c) Make an API call to change the subnet association of the elastic network interface. d) Change the IP addresses manually to another subnet within the server operating system. Answer: b) Launch a new instance in the subnet via an AMI created from the instance, and redirect new connections to this new instance using DNS. Decommission the old instance. Question: 05. Your on-premises network has an IP address range of 11.11.0.0/16. Only IPs within this network range can be used for inter-server communication. The IP address range 11.11.253.0/24 has been allocated for the cloud. You need to design a VPC in AWS. The servers within the VPC should be able to communicate with hosts both on the Internet and on-premises through a VPN connection. What combination of configuration steps meets your needs? (Choose 2) a) Set up the VPC with an IP address range of 11.11.253.0/24. b) Set up the VPC with an RFC 1918 private IP address range (e.g., 10.10.10.0/24), and set up a NAT gateway to do translation between 10.10.10.0/24 and 11.11.253.0/24 for all outbound traffic. c) Set up a VPN connection between a VGW and an on-premises router, set the VGW as the default gateway for all traffic, and configure the on-premises router to forward traffic to the Internet. d) Set up a VPN connection between a VGW and an on-premises router, set the VGW as the default gateway for traffic destined to 11.11.0.0/24, and add a VPC subnet route to point the default gateway to an Internet gateway for Internet traffic. e) Set up the VPC with an RFC 1918 private IP address range (e.g., 10.10.10.0/24), and set the VGW to do a source IP translation of all outbound packets to 11.11.0.0/16. Answer: a) Set up the VPC with an IP address range of 11.11.253.0/24. c) Set up a VPN connection between a VGW and an on-premises router, set the VGW as the default gateway for all traffic, and configure the on-premises router to forward traffic to the Internet. Question: 06. You are architecting an HPC solution in AWS. The system consists of a cluster of EC2 instances that require low-latency communications between them. Which method should you use to set up a cluster to meet these requirements? a) Create a placement group. Choose an EC2 instance type compatible with placement groups for the cluster. Launch instances for the cluster in the placement group. b) Create a VPC with one subnet in a single Availability Zone. Keep the size of the subnet equal to the number of instances required in the cluster. Launch instances for the cluster in this small subnet to guarantee low-latency network performance. c) Launch Amazon EC2 instances with the largest available number of cores and RAM. Attach all instances to an Amazon EBS PIOPS volume. Implement a shared memory system across all instances in the cluster, using this shared EBS volume to minimize latency of communication. d) Choose an EC2 instance type that offers enhanced networking. Attach a 10-Gbps non-blocking elastic network interface to the instances. Configure the elastic network interface to optimize network performance to reduce latency. Answer: [Show More]

Last updated: 1 year ago

Preview 1 out of 6 pages