Vendor | : | Amazon |
Exam Code | : | ANS-C00 |
Exam Name | : | AWS Certified Advanced Networking Specialty (ANS-C00) |
Questions and Answers | : | 359 Q & A |
Updated On | : | Click to Check Update |
PDF Download Mirror | : | ANS-C00 Brain Dump |
Get Full Version | : | Pass4sure ANS-C00 Full Version |
Question #346
To determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it, you can use .
trusted signers
optimistic locking
integrity validation
root credentialing
The AWS CloudTrail uses log file integrity validation to determine whether the log files were changed or modified since CloudTrail delivered them to an Amazon
S3 bucket. Reference:
https://aws.amazon.com/cloudtrail/
Question #347
An AWS CloudTrail log file provides the identity and source IP address of the API caller, and a time of the API call, request parameters, and
.
response elements
event selectors
port alarms
destination buckets
An AWS CloudTrail log file provide the following details.
Identity of the API caller Time of the API call
Source IP address of the API caller Request parameters
Response elements Reference:
https://aws.amazon.com/cloudtrail/
Question #348
What does the term "statistics" mean with respect to CloudWatch metrics?
Time of a metric collection
Data aggregation over a specific period of time
Status of a metric
Unit of a metric
Statistics represents data aggregation of the metric data values over a specific period of time. Reference:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#Statistic
Question #349
You are configuring a virtual interface for access to your VPC on a newly provisioned 1-Gbps AWS Direct
Connect connection. Which two configuration values do you need to provide? (Select two.)
Public AS number
VLAN ID
IP prefixes to advertise
Direct Connect location
Virtual private gateway
https://aws.amazon.com/directconnect/faqs/
Question #350
A corporate network routing table contains 624 individual RFC 1918 and public IP prefixes. You have two AWS
Direct Connect connectors. You configure a private virtual interface on both connections to a virtual private gateway. The virtual private gateway is not currently attached to a VPC. Neither BGP session wall maintain state on the customer router. The AWS Management Console reports the private virtual
What could you do to address the problem so that the AWS Management Console reports the private virtual
?
Attach the virtual private gateway to a VPC and enable route propagation.
Filter the public IP pre?xes on the corporate network from the private virtual interface.
Change the BGP advertisements from the corporate network to only be a default route.
Attach the second virtual interface to an alternative virtual private gateway.
A corporate network routing table contains 624 individual RFC 1918 and public IP prefixes. You have two AWS Direct Connect connectors. You configure a private virtual interface on both connections to a virtual private gateway. The virtual private gateway is not currently attached to a VPC. Neither BGP session wall
?
Attach the virtual private gateway to a VPC and enable route propagation.
Filter the public IP pre?xes on the corporate network from the private virtual interface.
Change the BGP advertisements from the corporate network to only be a default route.
Attach the second virtual interface to an alternative virtual private gateway.
DNS name resolution must be provided for services in the following four zones: company.private. emea.company.private. apac.company.private. amer.company.private.
The contents of these zones is not considered sensitive, however, the zones only need to be used by services hosted in these VPCs, one per geographic region.
Each VPC should resolve the names in all zones.
How can you use Amazon route 53 to meet these requirements?
Create a Route 53 Private Hosted Zone for each of the four zones and associate them with the three VPCs.
Create a single Route 53 Private Hosted Zone for the zone company.private and associate it with the three VPCs.
Create a Route Public Hosted Zone for each of the four zones and configure the VPS DNS Resolver to forward
Create a single Route 53 Public Hosted Zone for the zone company.private and configure the VPS DNS Resolver to forward
All IP addresses within a 10.0.0.0/16 VPC are fully utilized with application servers across two Availability Zones. The application servers need to send frequent
UDP probes to a single central authentication server on the Internet to confirm that is running up-to-date packages. The network is designed for application servers to use a single NAT gateway for internal access. Testing reveals that a few of the servers are unable to communicate with the authentication server.
The NAT gateway does not support UDP traffic.
The authentication server is not accepting traffic.
The NAT gateway cannot allocate more ports.
The NAT gateway is launched in a private subnet.
An AWS CloudFormation template is being used to create a VPC peering connection between two existing operational VPCs, each belonging to a different AWS account. All necessary components in the "˜Remote' (receiving) account are already in place.
The template below creates the VPC peering connection in the Originating account. It contains these components: AWSTemplateFormation Version: 2010-09-09
Parameters: Originating VCId:
Type: String - RemoteVPCId:
Type: String - RemoteVPCAccountId:
Type: String - Resources:
newVPCPeeringConnection:
Type: "˜AWS::EC2::VPCPeeringConnection' Properties:
VpcdId: !Ref OriginatingVPCId - PeerVpcId: !Ref RemoteVPCId -
PeerOwnerId: !Ref RemoteVPCAccountId
Which additional AWS CloudFormation components are necessary in the Originating account to create an operational cross-account VPC peering connection with AWS CloudFormation? (Select two.)
Resources: NewEC2SecurityGroup: Type: AWS::EC2::SecurityGroup
Resources: NetworkInterfaceToRemoteVPC: Type: "AWS::EC2NetworkInterface"
Resources: newEC2Route: Type: AWS::EC2::Route
Resources: VPCGatewayToRemoteVPC: Type: "AWS::EC2::VPCGatewayAttachment"
Resources: newVPCPeeringConnection: Type: "˜AWS::EC2VPCPeeringConnection' PeerRoleArn: !Ref PeerRoleArn
DNS name resolution must be provided for services in the following four zones: company.private. emea.company.private. apac.company.private. amer.company.private.
The contents of these zones is not considered sensitive, however, the zones only need to be used by services hosted in these VPCs, one per geographic region.
Each VPC should resolve the names in all zones.
How can you use Amazon route 53 to meet these requirements?
Create a Route 53 Private Hosted Zone for each of the four zones and associate them with the three VPCs.
Create a single Route 53 Private Hosted Zone for the zone company.private and associate it with the three VPCs.
Create a Route Public Hosted Zone for each of the four zones and configure the VPS DNS Resolver to forward
Create a single Route 53 Public Hosted Zone for the zone company.private and configure the VPS DNS Resolver to forward
A corporate network routing table contains 624 individual RFC 1918 and public IP prefixes. You have two AWS Direct Connect connectors. You configure a private virtual interface on both connections to a virtual private gateway. The virtual private gateway is not currently attached to a VPC. Neither BGP session will
?
Attach the virtual private gateway to a VPC and enable route propagation.
Filter the public IP pre?xes on the corporate network from the private virtual interface.
Change the BGP advertisements from the corporate network to only be a default route.
Attach the second virtual interface to an alternative virtual private gateway.
A corporate network routing table contains 624 individual RFC 1918 and public IP prefixes. You have two AWS Direct Connect connectors. You configure a private virtual interface on both connections to a virtual private gateway. The virtual private gateway is not currently attached to a VPC. Neither BGP session will
?
Attach the virtual private gateway to a VPC and enable route propagation.
Filter the public IP pre?xes on the corporate network from the private virtual interface.
Change the BGP advertisements from the corporate network to only be a default route.
Attach the second virtual interface to an alternative virtual private gateway.
DNS name resolution must be provided for services in the following four zones: company.private. emea.company.private. apac.company.private. amer.company.private.
The contents of these zones is not considered sensitive, however, the zones only need to be used by services hosted in these VPCs, one per geographic region.
Each VPC should resolve the names in all zones.
How can you use Amazon route 53 to meet these requirements?
Create a Route 53 Private Hosted Zone for each of the four zones and associate them with the three VPCs.
Create a single Route 53 Private Hosted Zone for the zone company.private and associate it with the three VPCs.
Create a Route Public Hosted Zone for each of the four zones and configure the VPS DNS Resolver to forward
Create a single Route 53 Public Hosted Zone for the zone company.private and configure the VPS DNS Resolver to forward
An AWS CloudFormation template is being used to create a VPC peering connection between two existing operational VPCs, each belonging to a different AWS account. All necessary components in the "˜Remote' (receiving) account are already in place.
The template below creates the VPC peering connection in the Originating account. It contains these components: AWSTemplateFormation Version: 2010-09-09
Parameters: Originating VCId:
Type: String - RemoteVPCId:
Type: String - RemoteVPCAccountId:
Type: String - Resources:
newVPCPeeringConnection:
Type: "˜AWS::EC2::VPCPeeringConnection' Properties:
VpcdId: !Ref OriginatingVPCId - PeerVpcId: !Ref RemoteVPCId -
PeerOwnerId: !Ref RemoteVPCAccountId
Which additional AWS CloudFormation components are necessary in the Originating account to create an operational cross-account VPC peering connection with AWS CloudFormation? (Select two.)
Resources: NewEC2SecurityGroup: Type: AWS::EC2::SecurityGroup
Resources: NetworkInterfaceToRemoteVPC: Type: "AWS::EC2NetworkInterface"
Resources: newEC2Route: Type: AWS::EC2::Route
Resources: VPCGatewayToRemoteVPC: Type: "AWS::EC2::VPCGatewayAttachment"
Resources: newVPCPeeringConnection: Type: "˜AWS::EC2VPCPeeringConnection' PeerRoleArn: !Ref PeerRoleArn