ANS-C00 Online Practice Questions and Answers

An organization will be extending its existing on-premises infrastructure into the cloud. The design consists of a transit VPC that contains stateful firewalls that will be deployed in a highly available configuration across two Availability Zones for automatic failover.

What MUST be configured for this design to work? (Choose two.)

A. A different Autonomous System Number (ASN) for each firewall.

B. Border Gateway Protocol (BGP) routing

C. Autonomous system (AS) path prepending

D. Static routing

E. Equal-cost multi-path routing (ECMP)

A network engineer is managing two AWS Direct Connect connections. Each connection has a public virtual interface configured with a private ASN. The engineer wants to configure active/passive routing between the Direct Connect connections to access Amazon public endpoints. What BGP configuration is required for the on-premises equipment? (Choose two.)

A. Use Local Pref to control outbound traffic.

B. Use AS Prepending to control inbound traffic.

C. Use eBGP multi-hop between loopback interfaces.

D. Use BGP Communities to control outbound traffic.

E. Advertise more specific prefixes over one Direct Connect connection.

You are responsible for several EC2 instances deployed from Amazon AMIs that are required to upload information to an S3 bucket. This information must not traverse the public internet. You must also be able to update the instances. Which option is your best solution?

A. An S3 endpoint and a NAT

B. An S3 endpoint

C. A VPN to the IP addresses specified in the AWS official S3 prefix list

D. A NACL with the AWS prefix list added to it and a VPN.

Which of these is not a requirement to set up a DX connection?

A. Support for 802.1q VLANs

B. BGP MD5 Authentication

C. Autonegotiation enabled

D. Single mode fiber capability

Which service would you use to see CPU usage?

A. CloudTrail

B. Config

C. CloudWatch

D. None of the above

Which of the following physical layer standards is required for connection to AWS Direct Connect over a standard 1 gigabit or 10 gigabit Ethernet fiber-optic cable?

A. Single mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-ER for 10 gigabit Ethernet

B. Multi mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-ER for 10 gigabit Ethernet

C. Single mode fiber, 1000BASE-LX for 1 gigabit Ethernet, or 10GBASE-LR for 10 gigabit Ethernet

D. Multi mode fiber, 1000BASE-SX for 1 gigabit Ethernet, or 10GBASE-SR for 10 gigabit Ethernet

You have 99 routes in your dynamic BGP propagated route table and you wish to add 2 more: 10.1.0.0 and 10.3.0.0. You cannot modify or remove routes that have already been announced.

What should you do?

A. Summarize the two routes to combine them into one and advertise it.

B. Just advertise them, the 100 route limit is a "soft limit" and will be expanded automatically.

C. You cannot add these routes.

D. Call AWS support to increase your route limit.

In Amazon CloudFront, while creating a web distribution, which of the following can be used as origin servers?

A. Any combination AWS Glacier archives and Oracle server

B. Any combination of Amazon DB intances and XML servers

C. Any combination of Amazon S3 buckets and HTTP servers

D. Any combination of Amazon Data Insights and PHP servers

A company hosts several applications in the AWS Cloud across multiple VPCs that are connected to a transit gateway. Redundant AWS Direct Connect connections and a Direct Connect gateway provide private network connectivity to the company's on-premises environment.

During a maintenance window, the networking team adds eight VPCs. The application management team notices that there is no reachability between the newly created VPCs and the on-premises environment. Connectivity between all VPCs through the transit gateway is working as expected.

Which of the following are possible causes of the connectivity issues? (Choose two.)

A. The prefixes that are advertised from the Direct Connect gateway to the on-premises router are shorter than the CIDR blocks of the newly created VPCs

B. The route tables for the newly created VPCs do not have the routes to the on-premises environment that point to the transit gateway attachment

C. The on-premises route tables do not contain the exact CIDR blocks of the newly created VPCs

D. The route tables for the newly created VPCs have only summary routes for the on-premises environment that point to the transit gateway attachment

E. The prefixes that are advertised from the Direct Connect gateway to the on-premises router do not contain the CIDR blocks of the newly created VPCs

A company offers a web-based service that uses Amazon EC2 instances behind an Application Load Balancer (ALB). One of the company's large customers reports slow bulk transfer throughput. The company's network engineer suspects that this problem is the result of the TCP window size setting in the customer's corporate laptop computers.

How can the network engineer check the value of the TCP window size?

A. Configure VPC Flow Logs on the ALB elastic network interface. Use custom flow logs to add the TCP window size parameter to the captured metadata.

B. Configure VPC Traffic Mirroring. Set the traffic mirror source to the ALB elastic network interface. Set the traffic mirror target to Amazon S3 for analysis with Amazon Athena.

C. Configure VPC Traffic Mirroring. Set the traffic mirror source to the ALB elastic network interface. Set the traffic mirror target to an EC2 instance with packet capture software.

D. Configure VPC Flow Logs on the ALB elastic network interface. Send the flow logs to Amazon S3 in the same AWS Region for analysis by AWS Network Manager.