Amazon Web Services passguarantee aws Certified Specialty Ans-c01 Updated Exam by Ben q0 vce pdf

Page: 6 / 11

Exam Name:	Amazon AWS Certified Advanced Networking - Specialty
Exam Code:	ANS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	153 Q&A's	Shared By:	ben

Question 24

A company has deployed an application in a VPC that uses a NAT gateway for outbound traffic to the internet. A network engineer notices a large quantity of suspicious network traffic that is traveling from the VPC over the internet to IP addresses that are included on a deny list. The network engineer must implement a solution to determine which AWS resources are generating the suspicious traffic. The solution must minimize cost and administrative overhead.

Which solution will meet these requirements?

Options:

Launch an Amazon EC2 instance in the VPC. Use Traffic Mirroring by specifying the NAT gateway as the source and the EC2 instance as the destination. Analyze the captured traffic by using open-source tools to identify the AWS resources that are generating the suspicious traffic.

Use VPC flow logs. Launch a security information and event management (SIEM) solution in the VPC. Configure the SIEM solution to ingest the VPC flow logs. Run queries on the SIEM solution to identify the AWS resources that are generating the suspicious traffic.

Use VPC flow logs. Publish the flow logs to a log group in Amazon CloudWatch Logs. Use CloudWatch Logs Insights to query the flow logs to identify the AWS resources that are generating the suspicious traffic.

Configure the VPC to stream the network traffic directly to an Amazon Kinesis data stream. Send the data from the Kinesis data stream to an Amazon Kinesis Data Firehose delivery stream to store the data in Amazon S3. Use Amazon Athena to query the data to identify the AWS resources that are generating the suspicious traffic.

Discussion

Question 25

A company is building its website on AWS in a single VPC. The VPC has public subnets and private subnets in two Availability Zones. The website has static content such as images. The company is using Amazon S3 to store the content.

The company has deployed a fleet of Amazon EC2 instances as web servers in a private subnet. The EC2 instances are in an Auto Scaling group behind an Application Load Balancer. The EC2 instances will serve traffic, and they must pull content from an S3 bucket to render the webpages. The company is using AWS Direct Connect with a public VIF for on-premises connectivity to the S3 bucket.

A network engineer notices that traffic between the EC2 instances and Amazon S3 is routing through a NAT gateway. As traffic increases, the company's costs are increasing. The network engineer needs to change the connectivity to reduce the NAT gateway costs that result from the traffic between the EC2 instances and Amazon S3.

Which solution will meet these requirements?

Options:

Create a Direct Connect private VIF. Migrate the traffic from the public VIF to the private VIF.

Create an AWS Site-to-Site VPN tunnel over the existing public VIF.

Implement interface VPC endpoints for Amazon S3. Update the VPC route table.

Implement gateway VPC endpoints for Amazon S3. Update the VPC route table.

Discussion

Question 26

A company delivers applications over the internet. An Amazon Route 53 public hosted zone is the authoritative DNS service for the company and its internet applications, all of which are offered from the same domain name.

A network engineer is working on a new version of one of the applications. All the application's components are hosted in the AWS Cloud. The application has a three-tier design. The front end is delivered through Amazon EC2 instances that are deployed in public subnets with Elastic IP addresses assigned. The backend components are deployed in private subnets from RFC1918.

Components of the application need to be able to access other components of the application within the application's VPC by using the same host names as the host names that are used over the public internet. The network engineer also needs to accommodate future DNS changes, such as the introduction of new host names or the retirement of DNS entries.

Which combination of steps will meet these requirements? (Choose three.)

Options:

Add a geoproximity routing policy in Route 53.

Create a Route 53 private hosted zone for the same domain name Associate the application’s VPC with the new private hosted zone.

Enable DNS hostnames for the application's VPC.

Create entries in the private hosted zone for each name in the public hosted zone by using the corresponding private IP addresses.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule that runs when AWS CloudTrail logs a Route 53 API call to the public hosted zone. Create an AWS Lambda function as the target of the rule. Configure the function to use the event information to update the private hosted zone.

Add the private IP addresses in the existing Route 53 public hosted zone.

Discussion

Question 27

A company is using Amazon Route 53 Resolver DNS Firewall in a VPC to block all domains except domains that are on an approved list. The company is concerned that if DNS Firewall is unresponsive, resources in the VPC might be affected if the network cannot resolve any DNS queries. To maintain application service level agreements, the company needs DNS queries to continue to resolve even if Route 53 Resolver does not receive a response from DNS Firewall.

Which change should a network engineer implement to meet these requirements?

Options:

Update the DNS Firewall VPC configuration to disable fail open for the VPC.

Update the DNS Firewall VPC configuration to enable fail open for the VPC.

Create a new DHCP options set with parameter dns_firewall_fail_open=false. Associate the new DHCP options set with the VPC.

Create a new DHCP options set with parameter dns_firewall_fail_open=true. Associate the new DHCP options set with the VPC.

Discussion

Vienna

I highly recommend them. They are offering exact questions that we need to prepare our exam.

Jensen Oct 9, 2024

That's great. I think I'll give Cramkey a try next time I take a certification exam. Thanks for the recommendation!

Joey

I highly recommend Cramkey Dumps to anyone preparing for the certification exam. They have all the key information you need and the questions are very similar to what you'll see on the actual exam.

Dexter Aug 7, 2024

Agreed. It's definitely worth checking out if you're looking for a comprehensive and reliable study resource.

Mariam

Do anyone think Cramkey questions can help improve exam scores?

Katie Nov 2, 2024

Absolutely! Many people have reported improved scores after using Cramkey Dumps, and there are also success stories of people passing exams on the first try. I already passed this exam. I confirmed above questions were in exam.

Kylo

What makes Cramkey Dumps so reliable? Please guide.

Sami Aug 29, 2024

Well, for starters, they have a team of experts who are constantly updating their material to reflect the latest changes in the industry. Plus, they have a huge database of questions and answers, which makes it easy to study and prepare for the exam.

Page: 6 / 11

Title

Questions

Posted

amazon web services.udemy.selected ans-c01 aws certified specialty questions answers.by ishaan.q0.vce.pdf

2024-10-31

amazon web services.spoto.sure pass exam ans-c01 pdf.by kareem.q0.vce.pdf

2024-09-28

amazon web services.selftestengine.new release ans-c01 aws certified specialty questions.by malcolm.q0.vce.pdf

2024-11-08

amazon web services.pass4success.newly released ans-c01 exam pdf.by ivar.q0.vce.pdf

2024-11-17