• Home
  • Blogs
  • AWS-Advanced-Networking-Specialty Practice Exam Tests Latest Updated on Oct-2021 [Q45-Q66]

AWS-Advanced-Networking-Specialty Practice Exam Tests Latest Updated on Oct-2021 [Q45-Q66]

Share

AWS-Advanced-Networking-Specialty Practice Exam Tests Latest Updated on Oct-2021

Pass AWS-Advanced-Networking-Specialty Exam in First Attempt Guaranteed Dumps!

NEW QUESTION 45
A company deployed its production Amazon VPC using CIDR block 33.16.0.0/16. The company has nearly depleted its addresses and now needs to extend the VPC network.
Which CIDR blocks meet the company's requirement to extend the VPC network with a secondary CIDR? (Choose two.)

  • A. 192.168.1.0/24
  • B. 172.16.0.0/18
  • C. 10.0.0.0/8
  • D. 100.70.0.0/17
  • E. 33.17.0.0/16

Answer: D,E

 

NEW QUESTION 46
An organization wants to process sensitive information using the Amazon EMR service. The information is stored in on-premises databases. The output of processing will be encrypted using AWS KMS before it is uploaded to a customer-owned Amazon S3 bucket. The current configuration includes a VPS with public and private subnets, with VPN connectivity to the on-premises network. The security organization does not allow Amazon EC2 instances to run in the public subnet.
What is the MOST simple and secure architecture that will achieve the organization's goal?

  • A. Create a new VPS without an IGW and configure the VPN and Amazon EMR in a private subnet with an Amazon S3 endpoint and a NAT gateway.
  • B. Create a new VPS without an IGW and configure the VPN and Amazon EMR in a private subnet with an Amazon S3 endpoint.
  • C. use the existing VPS and a NAT gateway, and configure Amazon EMR in a private subnet with an Amazon S3 endpoint.
  • D. Use the existing VPC and configure Amazon EMR in a private subnet with an Amazon S3 endpoint.

Answer: C

Explanation:
Explanation
https://docs.aws.amazon.com/kms/latest/developerguide/kms-vpc-endpoint.html

 

NEW QUESTION 47
You are building an application in AWS that requires Amazon Elastic MapReduce (Amazon EMR). The application needs to resolve hostnames in your internal, on-premises Active Directory domain. You update your DHCP Options Set in the VPC to point to a pair of Active Directory integrated DNS servers running in your VPC.
Which action is required to support a successful Amazon EMR cluster launch?

  • A. Enable seamless domain join for the Amazon EMR cluster.
  • B. Configure an Amazon Route 53 private zone for the EMR cluster.
  • C. Launch an AD connector for the internal domain.
  • D. Add a conditional forwarder to the Amazon-provided DNS server.

Answer: A

Explanation:
Explanation
References:
https://aws.amazon.com/blogs/security/how-to-connect-your-on-premises-active-directory-to-awsusing-ad-connector/

 

NEW QUESTION 48
You have two public applications on different domains that use two front-end servers and two back-end servers each. You wish to achieve high availability for both applications. What two options should you configure?
Choose the 2 correct answers:

  • A. 4 load balancers: 2 public and 2 internal.
  • B. Route 53: 2 public zones and 2 private zones.
  • C. 3 load balancers: 2 public and 1 internal.
  • D. Route 53: 2 public zones and 1 private zone.

Answer: A,B

Explanation:
Route53: 2 public zones and 2 private zones and 4 load balancers: 2 public and 2 internal. This will allow one domain to be balanced over two application servers which will then have traffic balanced to the two backend servers.

 

NEW QUESTION 49
A customer is using ABC Telecom as a network provider. The customer has 10 different offices connected to ABC Telecom's MPLS backbone. The customer is setting up an AWS Direct Connect connection to AWS and has provided the LOA-CFA to ABC Telecom. ABC Telecom has terminated the Direct Connect circuit into their MPLS backbone. To uniquely identify the customer's traffic over the MPLS backbone, the customer must encapsulate all traffic with VLAN tag 100. The customer wants to send traffic to multiple VPCs.
Which two steps should be taken to meet the customer's requirement? (Select two.)

  • A. Create a support ticket with AWS to request the removal of the outer VLAN tag 100 as the traffic reaches AWS routers.
  • B. ABC Telecom removes the other tag before sending the packet to AWS.
  • C. Send the traffic for all VPCs with the same VLAN tag 100 and use BGP to ensure that proper routing takes place to the appropriate VPC.
  • D. ABC Telecom creates a support ticket with AWS to exchange MPLS labels and include the AWS port as part of their MPLS network.
  • E. The customer performs Q-in-Q tunneling, with the AWS-required VLAN tag in the inside and VLAN 100 as the outside tag.

Answer: C,D

 

NEW QUESTION 50
A company has deployed a production environment in the AWS Cloud The environment is contained in a VPC and includes a virtual private gateway The company has established an AWS Direct Connect connection which includes a private virtual interface (VIF) and a VPN connection to the on-premises data center For traffic originating in the VPC what is the order of BGP path selection from MOST preferred to LEAST preferred?

  • A. Direct Connect BGP routes static routes longest prefix match, VPN BGP routes
  • B. Static routes longest prefix match Direct Connect BGP routes. VPN BGP routes
  • C. Longest prefix match static routes Direct Connect BGP routes VPN BGP routes
  • D. Longest prefix match VPN BGP routes, static routes. Direct Connect BGP routes

Answer: B

 

NEW QUESTION 51
What are two routing methods used by Route 53?
Choose the 2 correct answers:

  • A. AS_PATH
  • B. Latency
  • C. RIP
  • D. Failover

Answer: B,D

Explanation:
RIP is used for network routing and AS_PATH is used for BGP path manipulation.

 

NEW QUESTION 52
Your organization's corporate website must be available on www.acme.com and acme.com. How should you configure Amazon Route 53 to meet this requirement?

  • A. Configure acme.com with a CNAME record targeting the ELB. www.acme.com with a CNAME record targeting the acme.com record.
  • B. Configure acme.com with an A record targeting the ELB. www.acme.com with a CNAME record targeting the acme.com record.
  • C. Configure acme.com using a second ALIAS record with the ELB target. www.acme.com using a PTR record with the acme.com record target.
  • D. Configure acme.com with an ALIAS record targeting the ELB. www.acme.com with an ALIAS record targeting the ELB.

Answer: C

Explanation:
https://aws.amazon.com/blogs/security/how-to-manage-amazon-guardduty-security-findings- across-multiple-accounts/

 

NEW QUESTION 53
Your company runs an application for the US market in the us-east-1 AWS region. This application uses proprietary TCP and UDP protocols on Amazon Elastic Compute Cloud (EC2) instances. End users run a real-time, front-end application on their local PCs. This front-end application knows the DNS hostname of the service.
You must prepare the system for global expansion. The end users must access the application with lowest latency.
How should you use AWS services to meet these requirements?

  • A. Register the IP addresses of the service hosts as "A" records with latency-based routing policy in Amazon Route 53, and set a Route 53 health check for these hosts.
  • B. Set the Amazon API gateway in front of the service, and register the API gateway name of the main service as an ALIAS record in Route 53.
  • C. Set Amazon CloudFront in front of the host of the service, and register the CloudFront name of the main service as an ALIAS record in Route 53.
  • D. Set the Elastic Load Balancing (ELB) load balancer in front of the hosts of the service, and register the ELB name of the main service host as an ALIAS record with a latency-based routing policy in Route 53.

Answer: D

 

NEW QUESTION 54
Your security team implements a host-based firewall on all of your Amazon Elastic Compute Cloud (EC2) instances to block all outgoing traffic. Exceptions must be requested for each specific requirement. Until you request a new rule, you cannot access the instance metadata service. Which firewall rule should you request to be added to your instances to allow instance metadata access?

  • A. Inbound; Protocol tcp; Source [Instance's EIP]; Destination 169.254.169.254
  • B. Outbound; Protocol tcp; Destination 169 .254.169.254; Destination port 443
  • C. Inbound; Protocol tcp; Destination 169.254.169.254; Destination port 80
  • D. Outbound; Protocol tcp; Destination 169.254.169.254; Destination port 80

Answer: D

 

NEW QUESTION 55
You have an application that is processing confidential data. The data is currently stored in your data center. You are moving workloads to AWS, and you need to ensure confidentiality and integrity of the data in transit to your VPC. Your company has an existing AWS Direct Connect connection.
What combination of steps should you perform to set up the most cost-effective connection between your on-premises data center and AWS? (Choose 3)

  • A. Set up an IPsec tunnel between your customer gateway appliance and the virtual private gateway.
  • B. Configure a public virtual interface on your Direct Connect connection.
  • C. Configure a private virtual interface to the virtual private gateway.
  • D. Set up a VPC with a virtual private gateway.
  • E. Set up an IPsec tunnel between your customer gateway and a software VPN on Amazon EC2 in the VPC.
  • F. Set up a VPC with an Internet gateway.

Answer: A,B,D

Explanation:
Setting up a VPN over your Direct Connect connection will secure the data in transit. The steps to do so are: adding a VGW to the VPC; setting up a public virtual interface; and creating the IPsec tunnel between your data center and the VGW via the public virtual interface. B would send traffic over the public Internet. D is not possible because a public virtual interface is needed to announce the VGW endpoint IPs. E would not take advantage of the already existing Direct Connect connection.

 

NEW QUESTION 56
Your organization uses a VPN to connect to your VPC but must upgrade to a 1-G AWS Direct Connect connection for stability and performance. Your telecommunications provider has provisioned the circuit from your data center to an AWS Direct Connect facility and needs information on how to cross-connect (e.g., which rack/port to connect).
What is the AWS-recommended procedure for providing this information?

  • A. Create a support ticket. Provide your AWS account number and telecommunications company's name and where you need the Direct Connect connection to terminate.
  • B. Create a new connection through your AWS Management Console and wait for an email from AWS with information.
  • C. Ask your telecommunications provider to contact AWS through an AWS Partner Channel. Provide your AWS account number.
  • D. Contact an AWS Account Manager and provide your AWS account number, telecommunications company's name, and where you need the Direct Connect connection to terminate.

Answer: A

 

NEW QUESTION 57
You manage a web service that is used by client applications deployed in 300 offices worldwide. The web service architecture is an Elastic Load balancer (ELB) distributing traffic across four application servers deployed in an autoscaling group across two availability zones.
The ELB is configured to use round robin, and sticky sessions are disabled. You have configured the NACLs and Security Groups to allow port 22 from your bastion host, and port 80 from 0.0.0.0/0. The client configuration is managed by each regional IT team.
Upon inspection you find that a large amount of requests from incorrectly configured sites are causing a single application server to degrade. The remainder of the requests are equally distributed across all servers with no negative effects.
What should you do to remedy the situation and prevent future occurrences?

  • A. Terminate the affected instance and allow Auto Scaling to create a new instance.
  • B. Update the Security Groups to only allow port 80 to the application servers from the ELB.
  • C. Mark the affected instance as degraded in the ELB and raise it with the client application team.
  • D. Update the NACL to only allow port 80 to the application servers from the ELB servers.

Answer: A

 

NEW QUESTION 58
An unfortunate situation has just come to your attention. A business critical application with sensitive data running on-prem will run out of storage disk space in 24hrs. This business critical application is dependent a very large set of routes - required for integration with other system.
You make a quick but well informed decision to migrate this application quickly to AWS. You are able to quickly launch a new VPC and within it equivalent infrastructure to re-home the application. In order to complete the replication of application data and ensure the application remains operational beyond the next 24hrs, select the best implementation.

  • A. Within the new VPC - deploy a Virtual Private Gateway, Customer Gateway, and establish a new IPsec VPN Connection with BGP dynamic routing
  • B. Within the new VPC - deploy a software based virtual router (for example a Cisco CSR).
    Configure with dual ENIs (external and internal), create and attach an EIP to the external ENI, Configure and setup IPsec VPN tunnels, and ensure Jumbo Frames is enabled.
  • C. Within the new VPC - deploy a Virtual Private Gateway, Customer Gateway, and establish a new IPsec VPN Connection with static routing, and ensure Jumbo Frames is enabled.
  • D. Within the new VPC - establish a Direct Connect connection with max 10Gbps port speed for data replication. Establish a 802.1Q VLAN and configure a Virtual Private Gateway and Private Virtual Interface, and ensure Jumbo Frames is enabled.

Answer: A

Explanation:
Answer A - Let's start by stating that all possible options are actually workable solutions. The key criteria of the question is to complete the data migration aspects as *quickly* as possible. With this in mind we can immediately rule out Answer A - due to the time it takes to provision and activate a fully functional Direct Connect connection, 72+ hrs. Answer C is the same as Answer D but lacks BGP - therefore we would need to setup the routes manually - more time and effort.
Additionally Answer D uses Jumbo Frames - but AWS does not support Jumbo frames over the Virtual Private Gateway - therefore Answer D's use of Jumbo Frames is negated. Overall Answer B is considered the quickest option.
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/GenericConfig.html

 

NEW QUESTION 59
When an AWS Config rule is triggered a JSON object known as an AWS Config Event is created.
This object contains a(n) ____ attribute, which is a JSON-formatted set of key/value pairs the receiving AWS Lambda function processes as part of its evaluation logic.

  • A. ruleConfiguration
  • B. invokingEvent
  • C. mappingTemplate
  • D. inputParameters

Answer: D

Explanation:
The JSON object for an AWS Config event contains a ruleParameters attribute, which is a set of key/value pairs that the AWS Lambda function receiving the event processes as part of its evaluation logic. You define parameters when you use the AWS Config console to create a custom rule. You can also define parameters with the InputParametersattribute in the PutConfigRule AWS Config API request or the put-config-rule AWS CLI command. The JSON code for the parameters is contained within a string, so a function must parse the string with a JSON parser to be able to evaluate its contents Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop- rules_example-events.html

 

NEW QUESTION 60
With AWS CloudTrail, creating multiple trails in one region allows ____ to focus on one aspect of AWS operation.

  • A. buckets
  • B. events
  • C. callers
  • D. stakeholders

Answer: D

Explanation:
With multiple trails, different stakeholders such as security administrators, software developers, and IT auditors can create and manage their own trails. For example, a security administrator can create a trail that applies to all regions and configure encryption using one Key Management Service key. A developer can create a trail that applies to one region for troubleshooting operational issues.
Reference: https://aws.amazon.com/cloudtrail/faqs/

 

NEW QUESTION 61
Your company has signed up to trial AWS WorkSpaces. You aren't sure you're going to keep it, but you want to try it out to see if it works for your organization of 112 users. You need to deploy it with as little work and up-front expense as possible while still allowing access to your Active Directory for authentication. What two things should you do? Choose the 2 correct answers:

  • A. Create an AD connector
  • B. Create a Direct Connect connection to AWS.
  • C. Create a VPN connection.
  • D. Setup AWS hosted Microsoft AD

Answer: A,C

Explanation:
A VPN connection and an AD connector will allow you to get up and running without having to migrate users, setup expensive equipment or pay for another directory service.

 

NEW QUESTION 62
Your company is connecting one data center with one router to several VPCs and needs to access them transitively. What should you do?
Choose the correct answer:

  • A. Use a transit VPC with a VPN running on one or more EC2 instances to route traffic between the VPCs.
  • B. This is not possible.
  • C. Just connect; VPCs are transitive in nature.
  • D. Create a VPN to one VPC and peer the others.

Answer: A

Explanation:
VPCs are not transitive, so you will need a "transit VPN" in order to route between the VPCs.

 

NEW QUESTION 63
Which service would you use to see who changed your infrastructure? Choose the correct answer:

  • A. Flow Logs
  • B. Config
  • C. CloudTrail

Answer: C

 

NEW QUESTION 64
An organization processes consumer information submitted through its website. The organization's security policy requires that personally identifiable information (PII) elements are specifically encrypted at all times and as soon as feasible when received. The front-end Amazon EC2 instances should not have access to decrypted PII. A single service within the production VPC must decrypt the PII by leveraging an iAM role.
Which combination of services will support these requirement? (Select two.)

  • A. Amazon Aurora in a private subnet
  • B. Amazon CloudFront using AWS Lambda@Edge
  • C. AWS Key Management Services
  • D. Customer-managed MySQL with Transparent Data Encryption
  • E. Application Load Balancer using HTTPS listeners and targets

Answer: C,D

Explanation:
Explanation/Reference:
References: https://noise.getoto.net/tag/aws-kms/

 

NEW QUESTION 65
An organization delivers high-resolution, dynamic web content. Internet users access the content from a variety of platforms, including mobile, tablet and desktop. Each platform receives a customized experience to account for the differences in viewing modes. A dedicated, automatic-scaling fleet of Amazon EC2 instances is used for each platform to server content based on path-based headers.
Which combination of services will MINIMIZE cost and MAXIMIZE performance? (Select two.)

  • A. Application Load Balancer
  • B. Amazon Route 53 with traffic flow policies
  • C. Amazon CloudFront with Lambda@Edge
  • D. Amazon S3 static websites
  • E. Network Load Balancer

Answer: A,C

Explanation:
Explanation/Reference:
References: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-at-the- edge.html

 

NEW QUESTION 66
......

AWS Certified Advanced Networking Specialty  Free Certification Exam Material from Actual4Cert with 155 Questions: https://www.actual4cert.com/AWS-Advanced-Networking-Specialty-real-questions.html

AWS-Advanced-Networking-Specialty Dumps Full Questions - Exam Study Guide: https://drive.google.com/open?id=1m6npFNyhtFCWBzJUVXzZdDW9Sq7Vw_RR

Related Blogs

more
Amazon AWS-Advanced-Networking-Specialty Certification Practice Exam

Copyright © 2026 ACTUAL4CERT.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.