Free ANS-C01 Practice Exam Questions Online

Why Amazon ANS-C01 Practice Exam Questions?

Ready to level up your Amazon ANS-C01 exam study? Just TheExamsLab ANS-C01 practice tests free.

ANS-C01 exam questions are expertly crafted practice tests designed to simulate the real Amazon certification exam environment and help you assess your knowledge and figure out where you are lacking. From our free AWS Certified Advanced Networking Specialty ANS-C01 practice exam, you will feel secure in passing any question type or time limit. TheExamsLab offers the ANS-C01 exam questions 2024. Don’t settle or do it half-heartedly get the best and invest in the best what you want is what you get.

Page: 1 / 47

Total 232 Questions | Updated On: Nov 20, 2024

Add To Cart

Question 1

A Network Engineer is designing a system on AWS that will leverage Amazon CloudFront for content caching and for protecting the underlying origin. The security team has flagged a concern of a probable attack on the origin server IP addresses, despite it being served by CloudFront.

Suggest a solution that provides the strongest level of protection to the origin server?

A : Configure CloudFront to use a custom header and configure an AWS WAF rule on the origin’s Application Load Balancer to accept only traffic that contains that header

B : Configure Origin Access Identity(OAI) on the origin server, which will only allow requests originating from CloudFront

C : Configure private access to content by using special CloudFront signed URLs or signed cookies

D : Configure an AWS Lambda@Edge function to validate that the traffic to the Application Load Balancer originates from CloudFront

Answer: A

Question 2

A company provisions an AWS Direct Connect connection to permit access to Amazon EC2 resources in several Amazon VPCs and to data stored in private Amazon S3 buckets. The Network Engineer needs to configure the company's on-premises router for this Direct Connect connection.

Which of the following actions will require the LEAST amount of configuration overhead on the customer router?

A : Configure private virtual interfaces for the VPC resources and for Amazon S3.

B : Configure private virtual interfaces for the VPC resources and a public virtual interface for Amazon S3.

C : Configure a private virtual interface to a Direct Connect gateway for the VPC resources and for Amazon S3

D : Configure a private virtual interface to a Direct Connect gateway for the VPC resources and a public virtual interface for Amazon S3.

Answer: A

Question 3

A gaming company is running an online multiplayer game in multiple AWS Regions The company needs traffic from its end users to be routed to the Region that is closest to the end users geographically When maintenance occurs in a Region, traffic must be routed to the next closest Region with no changes to the IP addresses being used as connections by the end users

Which solution will meet these requirements?

A : Create an Amazon CloudFront distribution in front of all the Regions

B : Use an Amazon Route 53 geoproximity routing policy to navigate traffic to the closest Region

C : Use an Amazon Route 53 geolocation routing policy to navigate traffic to the closest Region

D : Configure AWS Global Accelerator in front of all the Regions

Answer: D

Question 4

The security team in its report has flagged malicious activity from 100 random IP addresses for malicious activity. As a network security engineer, you have to ensure the safety and accessibility of the AWS resources.

Which of the following actions would you suggest to ensure safety from such types of threats?

A : Use Route Table propagation to pass the data of malicious IP addresses to the network routers and block them using WAF

B : Use inbound Network ACL rules of the VPC to block the IP addresses

C : Use AWS WAF rate-based rule capability to block the IP addresses

D : Use inbound security group rules of the VPC to block the IP addresses

Answer: C

Question 5

A company has an application running on Amazon EC2 instances in a VPC The application must publish custom metrics to Amazon CloudWatch in the same AWS Region The metrics include proprietary information All connectivity must be over private IP addresses.

Which solution will meet these requirements'?

A : Connect to CloudWatch through a NAT gateway

B : Connect to CloudWatch through a gateway endpoint

C : Connect to CloudWatch through an internet gateway

D : Connect to CloudWatch through an interface endpoint

Answer: D

Page: 1 / 47

Total 232 Questions | Updated On: Nov 20, 2024

Add To Cart