• Home
  • Blogs
  • Steps Necessary To Pass The ANS-C00 Exam from Training Expert ActualTestsQuiz [Q10-Q35]

Steps Necessary To Pass The ANS-C00 Exam from Training Expert ActualTestsQuiz [Q10-Q35]

Share

Steps Necessary To Pass The ANS-C00 Exam from Training Expert ActualTestsQuiz

Valid Way To Pass AWS Certified Advanced Networking Specialty's  ANS-C00 Exam

NEW QUESTION 10
A customer is using ABC Telecom as a network provider. The customer has 10 different offices connected to ABC Telecom's MPLS backbone. The customer is setting up an AWS Direct Connect connection to AWS and has provided the LOA-CFA to ABC Telecom. ABC Telecom has terminated the Direct Connect circuit into their MPLS backbone. To uniquely identify the customer's traffic over the MPLS backbone, the customer must encapsulate all traffic with VLAN tag 100. The customer wants to send traffic to multiple VPCs.
Which two steps should be taken to meet the customer's requirement? (Select two.)

  • A. Create a support ticket with AWS to request the removal of the outer VLAN tag 100 as the traffic reaches AWS routers.
  • B. ABC Telecom removes the other tag before sending the packet to AWS.
  • C. Send the traffic for all VPCs with the same VLAN tag 100 and use BGP to ensure that proper routing takes place to the appropriate VPC.
  • D. ABC Telecom creates a support ticket with AWS to exchange MPLS labels and include the AWS port as part of their MPLS network.
  • E. The customer performs Q-in-Q tunneling, with the AWS-required VLAN tag in the inside and VLAN 100 as the outside tag.

Answer: C,D

 

NEW QUESTION 11
Your company uses an NTP server to synchronize time across systems. The company runs multiple versions of Linux and Windows systems. You discover that the NTP server has failed, and you need to add an alternate NTP server to your instances.
Where should you apply the NTP server update to propagate information without rebooting your running instances?

  • A. instance user-data
  • B. DHCP Options Set
  • C. instance meta-data
  • D. cfn-init scripts

Answer: B

Explanation:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-dhcp-options.html

 

NEW QUESTION 12
A customer is using ABC Telecom as a network provider. The customer has 10 different offices connected to ABC Telecom's MPLS backbone. The customer is setting up an AWS Direct Connect connection to AWS and has provided the LOA-CFA to ABC Telecom. ABC Telecom has terminated the Direct Connect circuit into their MPLS backbone. To uniquely identify the customer's traffic over the MPLS backbone, the customer must encapsulate all traffic with VLAN tag 100. The customer wants to send traffic to multiple VPCs.
Which two steps should be taken to meet the customer's requirement? (Select two.)

  • A. Create a support ticket with AWS to request the removal of the outer VLAN tag 100 as the traffic reaches AWS routers.
  • B. ABC Telecom removes the other tag before sending the packet to AWS.
  • C. Send the traffic for all VPCs with the same VLAN tag 100 and use BGP to ensure that proper routing takes place to the appropriate VPC.
  • D. The customer performs Q-in-Q tunneling, with the AWS-required VLAN tag in the inside and VLAN
    100 as the outside tag.
  • E. ABC Telecom creates a support ticket with AWS to exchange MPLS labels and include the AWS port as part of their MPLS network.

Answer: C,E

 

NEW QUESTION 13
Which of these modes is not a configuration mode for a WAF? Choose the correct answer:

  • A. Allow
  • B. Sleep
  • C. Block
  • D. Monitor

Answer: B

Explanation:
There is no sleep mode for a WAF. WAFs are hard workers.

 

NEW QUESTION 14
A company with several VPCs in the us-east-1 Region wants to reduce the cost of its workloads A network engineer has identified that all traffic bound to Amazon services is flowing through a NAT gateway. Additionally, all the VPCs are peered to a hub VPC for access to common services.

  • A. Disable the private DNS name for the SOS endpoint. Create an Amazon Route 53 private hosted zone for the domain sqs.us-east-1 .amazonaws.com. Create an alias record to the DNS name of the SOS endpoint. Share the private hosted zone with all other VPCs
  • B. Disable the private DNS name for the SQS endpoint. Create an Amazon Route 53 private hosted zone for the domain us-east-1.sqs.amazonaws.com. Create a CNAME record to the DNS name of the SQS endpoint Share the private hosted zone with ail other VPCs
  • C. Enable the private DNS name for the SQS endpoint. Create an Amazon Route 53 private hosted zone for the domain us-east-1 .sqs.amazonaws.com. Create an alias record to the DNS name of the SQS endpoint. Share the private hosted zone with all other VPCs.
  • D. Enable the private DNS name for the SOS endpoint Create an Amazon Route 53 private hosted zone for the domain SQS.us-east-t.amazonaws.com. Create a CNAME record to the DNS name of the SQS endpoint. Share the private hosted zone with all other VPCs.

Answer: B

 

NEW QUESTION 15
When an AWS Config rule is triggered a JSON object known as an AWS Config Event is created.
This object contains another JSON string in its ____ parameter, which describes the event that triggered the rule.

  • A. resultToken
  • B. eventLeftScope
  • C. invokingEvent
  • D. configRuleName

Answer: C

Explanation:
The JSON object for an AWS Config event contains an invoking Event attribute, which describes the event that triggers the evaluation for a rule. If the event is published in response to a resource configuration change, the value for this attribute is a string that contains a JSON configuration Item or a configuration Item Summary (for oversized configuration items). The configuration item represents the state of the resource at the moment that AWS Config detected the change. If the event is published for a periodic evaluation, the value is a string that contains a JSON object. The object includes information about the evaluation that was triggered. For each type of event, a function must parse the string with a JSON parser to be able to evaluate its contents.
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_exa mple-events.html

 

NEW QUESTION 16
A company uses an AWS Site-to-Site VPN to connect its corporate network The company recently added an AWS Direct Connect connection A network engineer wants all traffic to use the Direct Connect connection and for the VPN to be used as backup However after the Direct Connect connection was added traffic continued to pass through the VPN connection What should the network engineer do to route the traffic through the Direct Connect connection'?

  • A. Advertise the same network routes over the Direct Connect connection and VPN connection
  • B. Add routes to the VPC route tables that specify the Direct Connect connection
  • C. Set local preference BGP community tags on the on-premises router
  • D. Ensure the Direct Connect connection AS_PATH is longer than the VPN connection AS_PATH

Answer: A

 

NEW QUESTION 17
What does the term "statistics" mean with respect to CloudWatch metrics?

  • A. Data aggregation over a specific period of time
  • B. Unit of a metric
  • C. Time of a metric collection
  • D. Status of a metric

Answer: A

Explanation:
Statistics represents data aggregation of the metric data values over a specific period of time.
Reference:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.ht ml#Statistic

 

NEW QUESTION 18
You are a holdings company that buys many businesses and must integrate their VPCs into your network. You are constantly encountering networks with similar or overlapping subnets. What is the best way to manage this.
Choose the correct answer:

  • A. A standby router for the overlapping subnets.
  • B. A strict IP addressing policy that forces new companies to change the IP addresses of their VPCs.
  • C. BFD
  • D. VRF

Answer: D

Explanation:
VRF, or Virtual Routing and Forwarding will allow you to have multiple routing tables on your router.

 

NEW QUESTION 19
You have 4 Direct Connect connections from your datacenter. Site A advertises 172.16.0.0/16 AS
65000, Site B advertises 172.16.0.128/25 AS 65000 65000 65000, Site C advertises 172.0.0.0/8 AS 65000 and Site D advertises 172.16.0.0/24 AS 65000. Which site will AWS choose to reach your network?
Choose the correct answer:

  • A. Site A: 172.16.0.0/16 AS 65000
  • B. Site B: 172.16.0.128/25 AS 65000 65000 65000
  • C. Site D: 172.16.0.0/24 AS 65000
  • D. Site C: 172.0.0.0/8 AS 65000

Answer: B

Explanation:
172.16.0.128/25 AS 65000 65000 65000. The most specific prefix is always the first choice for BGP routing. Also, AWS will not accept an advertisement of a network less than /16.

 

NEW QUESTION 20
All IP addresses within a 10.0.0.0/16 VPC are fully utilized with application servers across two Availability Zones. The application servers need to send frequent UDP probes to a single central authentication server on the Internet to confirm that is running up-to-date packages. The network is designed for application servers to use a single NAT gateway for internal access. Testing reveals that a few of the servers are unable to communicate with the authentication server.

  • A. The NAT gateway is launched in a private subnet.
  • B. The NAT gateway cannot allocate more ports.
  • C. The authentication server is not accepting traffic.
  • D. The NAT gateway does not support UDP traffic.

Answer: B

Explanation:
Explanation
Ref: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
"A NAT gateway can support up to 55,000 simultaneous connections to each unique destination. This limit also applies if you create approximately 900 connections per second to a single destination (about 55,000 connections per minute). If the destination IP address, the destination port, or the protocol (TCP/UDP/ICMP) changes, you can create an additional 55,000 connections. For more than 55,000 connections, there is an increased chance of connection errors due to port allocation errors. These errors can be monitored by viewing the ErrorPortAllocation CloudWatch metric for your NAT gateway. For more information, see Monitoring NAT Gateways Using Amazon CloudWatch."

 

NEW QUESTION 21
You manage a website that uses a load balancer. You are noticing one of the servers is receiving more traffic than the other. What is probably the cause of this? Choose the correct answer:

  • A. You have sticky sessions configured and there are several power users that happen to be on the other server.
  • B. You have DNS latency routing set, so it is diverting traffic to a different instance.
  • C. An Elastic Load Balancer sends traffic based on server load. One server must be a larger instance.
  • D. The server has more connections available.

Answer: A

Explanation:
Sticky sessions can keep users on a particular server throughout their session. Latency routing would route to the load balancer, not the instances. Load balancers use a round-robin algorithm to balance.

 

NEW QUESTION 22
A network architect is designing an internet website. It has web, application, and database tiers that will run in AWS. The website uses Amazon DynamoDB.
Which architecture will minimize public exposure of the back-end instances?

  • A. A VPC with public subnets for the ALB, public subnets for the web tier, private subnets for the application tier, and private subnets for DynamoDB.
  • B. A VPC with public subnets for the NLB, public subnets for the web tier, private subnets for the application tier, and private subnets for DynamoDB.
  • C. A VPC with public subnets for the ALB, private subnets for the web tier, and private subnets for the application tier. The application tier connects DynamoDB through a VPC endpoint.
  • D. A VPC with public subnets for the NLB, private subnets for the web tier, and public subnets for the application tier. The application tier connects DynamoDB through a VPC endpoint.

Answer: C

 

NEW QUESTION 23
You operate a production VPC with both a public and a private subnet. Your organization maintains a restricted Amazon S3 bucket to support this production workload. Only Amazon EC2 instances in the private subnet should access the bucket. You implement VPC endpoints(VPC-E) for Amazon S3 and remove the NAT that previously provided a network path to Amazon S3. The default VPC-E policy is applied. Neither EC2 instances in the public or private subnets are able to access the S3 bucket.
What should you do to enable Amazon S3 access from EC2 instances in the private subnet?

  • A. Add the VPC-E identifier for the production VPC to endpoint policy.
  • B. Add the VPC identifier for the production VPC to the S3 bucket policy.
  • C. Add the VPC-E identified to the S3 bucket policy.
  • D. Add the CIDR address range of the private subnet to the S3 bucket policy.

Answer: D

 

NEW QUESTION 24
An organization processes consumer information submitted through its website. The organization's security policy requires that personally identifiable information (PII) elements are specifically encrypted at all times and as soon as feasible when received. The front-end Amazon EC2 instances should not have access to decrypted PII. A single service within the production VPC must decrypt the PII by leveraging an iAM role.
Which combination of services will support these requirement? (Select two.)

  • A. Amazon Aurora in a private subnet
  • B. Amazon CloudFront using AWS Lambda@Edge
  • C. AWS Key Management Services
  • D. Customer-managed MySQL with Transparent Data Encryption
  • E. Application Load Balancer using HTTPS listeners and targets

Answer: C,D

Explanation:
Explanation
References: https://noise.getoto.net/tag/aws-kms/

 

NEW QUESTION 25
You have two placement groups in a VPC. What communication speed can be expected between the two placement groups?
Choose the correct answer:

  • A. 5Gbps
  • B. You cannot communicate between two placement groups.
  • C. 10Gbps
  • D. 20Gbps

Answer: A

Explanation:
5Gbps is the maximum speed for traffic outside of a placement group.

 

NEW QUESTION 26
A company is about to migrate an application from its on-premises data center to AWS. As part of the planning process, the following requirements involving DNS have been identified.
On-premises systems must be able to resolve the entries in an Amazon Route 53 private hosted zone.
Amazon EC2 instances running in the organization's VPC must be able to resolve the DNS names of on-premises systems The organization's VPC uses the CIDR block 172.16.0.0/16.
Assuming that there is no DNS namespace overlap, how can these requirements be met?

  • A. Change the DHCP options set for the VPC to use both the on-premises DNS systems. Configure the on-premises DNS systems with a stub-zone, delegating the Route 53 private hosted zone's name servers as authoritative for the Route 53 private hosted zone.
  • B. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies.
    Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to 172.16.0.2. Change the DHCP options set for the VPC to use the new DNS proxies. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.
  • C. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies.
    Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to the Amazon-provided DNS server (172.16.0.2). Change the DHCP options set for the VPC to use the new DNS proxies. Configure the on-premises DNS systems with a stub- zone, delegating the proxies as authoritative for the Route 53 private hosted zone.
  • D. Change the DHCP options set for the VPC to use both the Amazon-provided DNS server and the on- premises DNS systems. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.

Answer: C

 

NEW QUESTION 27
When an AWS Config rule is triggered a JSON object known as an AWS Config Event is created.
This object contains a(n) ____ attribute, which is a JSON-formatted set of key/value pairs the receiving AWS Lambda function processes as part of its evaluation logic.

  • A. ruleConfiguration
  • B. invokingEvent
  • C. mappingTemplate
  • D. inputParameters

Answer: D

Explanation:
The JSON object for an AWS Config event contains a ruleParameters attribute, which is a set of key/value pairs that the AWS Lambda function receiving the event processes as part of its evaluation logic. You define parameters when you use the AWS Config console to create a custom rule. You can also define parameters with the InputParametersattribute in the PutConfigRule AWS Config API request or the put-config-rule AWS CLI command. The JSON code for the parameters is contained within a string, so a function must parse the string with a JSON parser to be able to evaluate its contents Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop- rules_example-events.html

 

NEW QUESTION 28
You are configuring a virtual interface for access to your VPC on a newly provisioned 1-Gbps AWS Direct Connect connection. Which two configuration values do you need to provide? (Select two.)

  • A. Direct Connect location
  • B. VLAN ID
  • C. Public AS number
  • D. Virtual private gateway
  • E. IP prefixes to advertise

Answer: C,D

Explanation:
Explanation
References: https://aws.amazon.com/directconnect/faqs/

 

NEW QUESTION 29
You need to set up an Amazon Elastic Compute Cloud (EC2) instance for an application that requires the lowest latency and the highest packet-per-second network performance. The application will talk to other servers in a peered VPC.
Which two of the following components should be part of the design? (Select two.)

  • A. Select an instance with support for single root I/O virtualization.
  • B. Select an instance with Amazon Elastic Block Store (EBS)-optimization.
  • C. Ensure that the instance supports jumbo frames and set 9001 MTU.
  • D. Ensure that proper OS drivers are installed.
  • E. Select an instance that has support for multiple ENIs.

Answer: A,D

Explanation:
References: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html

 

NEW QUESTION 30
In AWS Direct Connect, to provide for failover, AWS recommends that you request and configure two dedicated connections to AWS.
These connections can terminate on one or two routers in your network. You can do this while
__________________ with AWS Direct Connect step.

  • A. verifying your Virtual Interface
  • B. configuring redundant connections
  • C. creating a Virtual Interface
  • D. completing the cross-connect

Answer: B

Explanation:
In AWS Direct Connect, to provide for failover, AWS recommends that you request and configure two dedicated connections to AWS.
These connections can terminate on one or two routers in your network. You can do this in Configure Redundant Connections with AWS Direct Connect step.
Reference:
http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.html#RedundantCo nnections

 

NEW QUESTION 31
What are 2 possible ALIAS records?
Choose the 2 correct answers:

  • A. EC2 Instance
  • B. DynamoDB
  • C. Elastic Beanstalk
  • D. CloudFront

Answer: C,D

Explanation:
You cannot create an ALIAS record that points to an EC2 instance or DynamoDB

 

NEW QUESTION 32
An application runs on a fleet of Amazon EC2 instances in a VPC. All instances can reach one another using private IP addresses. The application owner has a new requirement that the domain name received via DHCP should be different for a particular set of instances that are currently in one particular subnet.
What changes should be made to meet this requirement while continuing to support the existing application requirements?

  • A. Create a new peered VPC, configure the DHCP option set with the different domain name, and re-launch the required instances there.
  • B. Create a new subnet, configure the DHCP option set with the different domain name, and re-launch the required instances there.
  • C. Modify the existing DHCP option set and specify the different domain name for the specified subnet.
  • D. Create a new DHCP option set with the different domain name, associate it with the specified subnet, and re-launch the Amazon EC2 instances.

Answer: D

 

NEW QUESTION 33
You are building an application that provides real-time audio and video services to customers on the Internet. The application requires high throughput. To ensure proper audio and video transmission, minimal latency is required.
Which of the following will improve transmission quality?

  • A. Use multiple elastic network interfaces
  • B. Enable enhanced networking
  • C. Select G2 instance types
  • D. Enable jumbo frames

Answer: B

Explanation:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html

 

NEW QUESTION 34
You are architecting an HPC solution in AWS. The system consists of a cluster of EC2 instances that require low-latency communications between them.
Which method should you use to set up a cluster to meet these requirements?

  • A. Launch Amazon EC2 instances with the largest available number of cores and RAM. Attach all instances to an Amazon EBS PIOPS volume. Implement a shared memory system across all instances in the cluster, using this shared EBS volume to minimize latency of communication.
  • B. Create a placement group. Choose an EC2 instance type compatible with placement groups for the cluster. Launch instances for the cluster in the placement group.
  • C. Create a VPC with one subnet in a single Availability Zone. Keep the size of the subnet equal to the number of instances required in the cluster. Launch instances for the cluster in this small subnet to guarantee low-latency network performance.
  • D. Choose an EC2 instance type that offers enhanced networking. Attach a 10-Gbps non-blocking elastic network interface to the instances. Configure the elastic network interface to optimize network performance to reduce latency.

Answer: B

Explanation:
Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. A is incorrect because the size of a subnet has no impact on network performance. C is incorrect because an EBS volume cannot be shared between EC2 instances. D is only half the solution because the enhanced networking affects the network behavior of an EC2 instance but not the network infrastructure between instances.

 

NEW QUESTION 35
......

All ANS-C00 Dumps and AWS Certified Advanced Networking Specialty (ANS-C00) Exam Training Courses: https://www.actualtestsquiz.com/ANS-C00-test-torrent.html

Free Test Engine For AWS Certified Advanced Networking Specialty (ANS-C00) Exam Certification Exams: https://drive.google.com/open?id=1VGyF6ZimsjeB2AolT7ZOfjs_PPzjMxBQ

Related Blogs

more
Amazon ANS-C00 Certification Practice Exam

ActualTestsQuiz offers best test Quiz materials to help all candidates pass exams and obtain certification successfully all over the world. If you are eager to obtain a certification, we will be your best select.

Latest Update

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ACTUALTESTSQUIZ.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor. Privacy Policy