Act now and download your Amazon-Web-Services ANS-C00 test today! Do not waste time for the worthless Amazon-Web-Services ANS-C00 tutorials. Download Renovate Amazon-Web-Services AWS Certified Advanced Networking Specialty Exam exam with real questions and answers and begin to learn Amazon-Web-Services ANS-C00 with a classic professional.
Online Amazon-Web-Services ANS-C00 free dumps demo Below:
NEW QUESTION 1
The IPsec protocol suite is made up of various components covering aspects such as confidentiality, encryption, and integrity. Select the correct statement below regarding the correct configuration options for ensure IPsec confidentiality:
- A. The following protocols may be used to configure IPsec confidentiality, DES, 3DES, MD5
- B. The following protocols may be used to configure IPsec confidentiality, DES, 3DES, AES
- C. The following protocols may be used to configure IPsec confidentiality, PSK, RSA
- D. The following protocols may be used to configure IPsec confidentiality, PSK, MD5
- E. The following protocols may be used to configure IPsec confidentiality, PSK, RSA
NEW QUESTION 2
An AWS Config rule can be set to be evaluated if a certain set of resources undergoes a configuration change. The set of resources to which the rule applies can be restricted by the rule's ______ , which can include a combination of a resource type and a resource ID, for example.
- A. trigger
- B. domain
- C. manifest
- D. scope
NEW QUESTION 3
A user has created a VPC with CIDR 126.96.36.199/16 with only a private subnet and VPN connection using the VPC wizard. The user wants to connect to the instance in a private subnet over SSH. How should the user define the security rule for SSH?
- A. The user can connect to a instance in a private subnet using the NAT instance
- B. The user has to create an instance in EC2 Classic with an elastic IP and configure the security group of a private subnet to allow SSH from that elastic IP
- C. Allow Inbound traffic on port 22 from the user’s network
- D. Allow Inbound traffic on port 80 and 22 to allow the user to connect to a private subnet over the internet
NEW QUESTION 4
A user has enabled detailed CloudWatch monitoring with the AWS Simple Notification Service. Which of the below mentioned statements helps the user understand detailed monitoring better?
- A. SNS cannot provide data every minute
- B. There is no need to enable since SNS provides data every minute
- C. SNS will send data every minute after configuration
- D. AWS CloudWatch does not support monitoring for SNS
NEW QUESTION 5
Which of the following is true when you don't configure Amazon CloudFront to forward cookies to your origin?
- A. CloudFront removes the Cookie header from requests that it forwards to your origin.
- B. CloudFront disables viewer requests to your origin, including all cookies.
- C. CloudFront caches your objects based on cookie values.
- D. CloudFront automates code deployments to any instanc
NEW QUESTION 6
In AWS Direct Connect, to provide for failover, AWS recommends that you request and configure two dedicated connections to AWS.
These connections can terminate on one or two routers in your network. You can do this while _____ with AWS Direct Connect step.
- A. creating a Virtual Interface
- B. configuring redundant connections
- C. completing the cross-connect
- D. verifying your Virtual Interface
NEW QUESTION 7
Fill in the blanks: One of the basic characteristics of security groups for your VPC is that you ______ .
- A. can specify allow rules, but not deny rules
- B. can specify deny rules, but not allow rules
- C. can specify allow rules as well as deny rules
- D. can neither specify allow rules nor deny rules
NEW QUESTION 8
To determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it, you can use ______.
- A. trusted signers
- B. optimistic locking
- C. integrity validation
- D. root credentialing
NEW QUESTION 9
Which endpoint is considered to be best practise when analysing data within a Configuration Stream of AWS Config?
- A. SNS
- B. E-Mail
- C. SQS
- D. Kinesis
NEW QUESTION 10
Each custom AWS Config rule you create must be associated with a(n) AWS _____ , which contains the logic that evaluates whether your AWS resources comply with the rule.
- A. Lambda function
- B. Configuration trigger
- C. EC2 instance
- D. S3 bucket
NEW QUESTION 11
What is the maximum number of CloudTrails that you can create per AWS region?
- A. 10
- B. 2
- C. 16
- D. 5
NEW QUESTION 12
Imagine you are using AWS Direct Connect with just one connection from your router to the AWS Direct Connect router. If your connection becomes unavailable, the communication with AWS cloud is lost. What is the best method to prevent this from happening?
- A. AWS Direct Connect neither provides BGP nor provides the failover.
- B. AWS Direct Connect recommends to have the same configuration set up in a multi AZ zone to prevent such loss in connections.
- C. AWS Direct Connect recommends that you request and configure two dedicated connections to AWS either using BGP Multipath (Active/Active) connection or the failover (Active/Passive) connection.
- D. AWS Direct connect does not have a provision to prevent the situation but when you design the system, it is recommended to request a back-up instance to which the traffic can be re-routed.
NEW QUESTION 13
Which of the following statements is true of AWS Elastic Beanstalk?
- A. AWS Elastic Beanstalk uses CloudWatch for monitoring and alarms, meaning CloudWatch costs are applied to your AWS account for any alarms that you use.
- B. AWS Elastic Beanstalk uses CloudWatch for monitoring and alarms, and both are free of charge.
- C. AWS Elastic Beanstalk doesn't use CloudWatch for monitoring and alarms, but you pay extra for any AWS Elastic Beanstalk Alarm you set in the monitoring tool.
- D. AWS Elastic Beanstalk has its own free-of-charge monitoring tool, and you are not charged for the alarm you set.
NEW QUESTION 14
To directly manage your CloudTrail security layer, you can use ______ for your CloudTrail log files.
- A. SSE-S3
- B. SCE-KMS
- C. SCE-S3
- D. SSE-KMS
NEW QUESTION 15
Considering the rules of IPv4 subnetting, how many subnets and hosts per subnet are possible given the following network 192.168.130.130/28? (in this question ignore the fact that AWS reserves 5 IP addresses)
- A. 8 subnets and 30 hosts per subnet
- B. 16 subnets and 14 hosts per subnet
- C. 32 subnets and 30 hosts per subnet
- D. 8 subnets and 14 hosts per subnet
NEW QUESTION 16
By default, all AWS accounts are limited to EIPs, because public (IPv4) Internet addresses are a scarce public resource.
- A. 5
- B. 8
- C. 6
- D. 2
NEW QUESTION 17
In AWS, which tool records API calls for a specific AWS account and also delivers the log files for that account?
- A. CloudTrail
- B. Redshift
- C. Beanstalk
- D. Cognito
NEW QUESTION 18
Select the VPC Peering statement below that is NOT true
- A. VPC peering supports transitive peering relationships for IPv6 traffic but not IPv4
- B. VPC peering can be performed between VPCs in different AWS accounts in the same region
- C. TCP connections can be performed between peered VPCs
- D. UDP connections can be performed between peered VPCs
NEW QUESTION 19
You have just provisioned a new VPC a with a CIDR block of 172.16.12.0/24. The entire CIDR block is fully utilised by subdividing it into 6 subnets, we will refer to these as Subnet1 through to Subnet6.
The first 2 subnets (Subnet1 and Subnet2) are the same size. The last 4 subnets (Subnet3, Subnet4, Subnet5, Subnet6) are also the same size. Subnet5 is half the size of Subnet2. The address space as occupied by the first two subnets is contiguous, as is the address space occupied by the last 4 subnets. Within Subnet3 AWS reserves the address 172.16.12.129 for the VPC router. Select the correct IP address reserved by AWS for DNS in the Subnet2.
- A. 172.16.64.1
- B. 172.16.64.65
- C. 172.16.12.66
- D. 172.16.12.64
NEW QUESTION 20
Which other AWS service is used to track ‘Related Events’ within the Configuration Item?
- A. AWS WAF
- B. SQS
- C. AWS CloudTrail
- D. S3
NEW QUESTION 21
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be ______.
- A. http://d111111abcdef8.cloudfront.net/images/image.jpg
- B. http://d111111abcdef8.dns/images/image.jpg
- C. http://d111111abcdef8.dns/image.jpg
- D. http://d111111abcdef8.cloudfront.net/image.jpg
NEW QUESTION 22
Which of the following statements does not describe Jumbo Frames in an AWS VPC environment?
- A. For instances that are collocated inside a placement group, jumbo frames help to achieve the maximum network throughput possible
- B. Jumbo Frames are not supported for traffic that exits the Virtual Private Gateway
- C. Jumbo Frames are not supported for traffic that exits the Internet Gateway
- D. T2.micro instances do not support Jumbo Frames
NEW QUESTION 23
Which of the following characters is not allowed while creating a Namespace for a CloudWatch metric?
- A. /
- B. :
- C. #
- D. @
NEW QUESTION 24
For web distributions in Amazon CloudFront, your origin can be either an Amazon S3 bucket or _____ .
- A. a DNS server
- B. a proxy server
- C. an FTP server
- D. an HTTP server
NEW QUESTION 25
100% Valid and Newest Version ANS-C00 Questions & Answers shared by Surepassexam, Get Full Dumps HERE: https://www.surepassexam.com/ANS-C00-exam-dumps.html (New 76 Q&As)