Free Amazon ANS-C01 Exam Questions

Question 1

A company uses an AWS Site-to-Site VPN to connect its corporate network The company recently added an AWS Direct Connect connection A network engineer wants all traffic to use the Direct Connect connection and for the VPN to be used as backup However after the Direct Connect connection was added traffic continued to pass through the VPN connection

What should the network engineer do to route the traffic through the Direct Connect connection'?

A : routes to the VPC route tables that specify the Direct Connect connection

B : t local preference BGP community tags on the on-premises router

C : vertise the same network routes over the Direct Connect connection and VPN connection

D : ure the Direct Connect connection AS_PATH is longer than the VPN connection AS_PATH

Answer: C

Question 2

A Network Engineer needs to create a public virtual interface on the company's AWS Direct Connect connection and only import routes which originated from the same region as the Direct Connect location.

What action should accomplish this?

A : nfigure a prefix list on the customer router containing the AWS IP address ranges for the specific region.

B : nfigure a filter on the company's router to only import routes with the 7224:8100 BGP community attribute.

C : nfigure a filter on the company's router to only import routes without a BGP community attribute and a maximum path length of 3.

D : nfigure a filter in the console and only allow routes advertised by AWS without a BGP community attribute and a maximum path length of 3.

Answer: B

Question 3

A global delivery company is modernizing its fleet management system. The company has several business units. Each business unit designs and maintains applications that are hosted in its own AWS account in separate application VPCs in the same AWS Region. Each business unit's applications are designed to get data from a central shared services VPC. The company wants the network connectivity architecture to provide granular security controls. The architecture also must be able to scale as more business units consume data from the central shared services VPC in the future. Which solution will meet these requirements in the MOST secure manner?

A : eate a central transit gateway. Create a VPC attachment to each application VPC. Provide full mesh connectivity between all the VPCs by using the transit gateway.

B : eate VPC peering connections between the central shared services VPC and each application VPC in each business unit's AWS account.

C : eate VPC endpoint services powered by AWS PrivateLink in the central shared services VPCreate VPC endpoints in each application VPC.

D : eate a central transit VPC with a VPN appliance from AWS Marketplace. Create a VPN attachment from each VPC to the transit VPC. Provide full mesh connectivity among all the VPCs.

Answer: C

Question 4

A legacy, on-premises web application cannot be load balances effectively. There are both planned and unplanned events that cause usage spikes to millions of concurrent users. The existing infrastructure cannot handle the usage spikes. The CIO has mandated that the application be moved to the cloud to avoid further disruptions, with the additional requirement that source IP addresses be unaltered to support network traffic-monitoring needs. Which of the following designs will meet these requirements?

A : an Auto Scaling group of Amazon EC2 instances behind a Classic Load Balancer.

B : an Auto Scaling group of EC2 instances in a target group behind an Application Load Balancer.

C : an Auto Scaling group of EC2 instances in a target group behind a Classic Load Balancer.

D : an Auto Scaling group of EC2 instances in a target group behind a Network Load Balancer.

Answer: D

Question 5

A company hosts an application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company recently experienced a network security breach. A network engineer must collect and analyze logs that include the client IP address, target IP address, target port, and user agent of each user that accesses the application. What is the MOST operationally efficient solution that meets these requirements?

A : nfigure the ALB to store logs in an Amazon S3 bucket. Download the files from Amazon S3, and use a spreadsheet application to analyze the logs.

B : nfigure the ALB to push logs to Amazon Kinesis Data Streams. Use Amazon Kinesis Data Analytics to analyze the logs.

C : nfigure Amazon Kinesis Data Streams to stream data from the ALB to Amazon OpenSearch Service (Amazon Elasticsearch Service). Use search operations in Amazon OpenSearch Service (Amazon Elasticsearch Service) to analyze the data.

D : nfigure the ALB to store logs in an Amazon S3 bucket. Use Amazon Athena to analyze the logs in Amazon S3.

Answer: D