Free Amazon ANS-C01 Exam Questions

Question 1

A Network Engineer needs to create a public virtual interface on the company's AWS Direct Connect connection and only import routes which originated from the same region as the Direct Connect location.

What action should accomplish this?

A : nfigure a prefix list on the customer router containing the AWS IP address ranges for the specific region.

B : nfigure a filter on the company's router to only import routes with the 7224:8100 BGP community attribute.

C : nfigure a filter on the company's router to only import routes without a BGP community attribute and a maximum path length of 3.

D : nfigure a filter in the console and only allow routes advertised by AWS without a BGP community attribute and a maximum path length of 3.

Answer: B

Question 2

A real estate company is building an internal application so that real estate agents can upload photos and videos of various properties. The application will store these photos and videos in an Amazon S3 bucket as objects and will use Amazon DynamoDB to store corresponding metadata. The S3 bucket will be configured to publish all PUT events for new object uploads to an Amazon Simple Queue Service (Amazon SQS) queue. A compute cluster of Amazon EC2 instances will poll the SQS queue to find out about newly uploaded objects. The cluster will retrieve new objects, perform proprietary image and video recognition and classification update metadata in DynamoDB and replace the objects with new watermarked objects. The company does not want public IP addresses on the EC2 instances. Which networking design solution will meet these requirements MOST cost-effectively as application usage increases?

A : ace the EC2 instances in a public subnet. Disable the Auto-assign Public IP option while launching the EC2 instances. Create an internet gateway. Attach the internet gateway to the VPC. In the public subnet's route table, add a default route that points to the internet gateway.

B : ace the EC2 instances in a private subnet. Create a NAT gateway in a public subnet in the same Availability Zone. Create an internet gateway. Attach the internet gateway to the VPC. In the public subnet's route table, add a default route that points to the internet gateway

C : ace the EC2 instances in a private subnet. Create an interface VPC endpoint for Amazon SQS. Create gateway VPC endpoints for Amazon S3 and DynamoDB.

D : ace the EC2 instances in a private subnet. Create a gateway VPC endpoint for Amazon SQS.Create interface VPC endpoints for Amazon S3 and DynamoDB.

Answer: C

Question 3

An organization runs a consumer-facing website on AWS. The Amazon EC2-based web fleet is load balanced using the AWS Application Load Balancer, Amazon Route 53 is used to provide the public DNS services.

The following URLs need to server content to end users:

test.example.com

web.example.com

example.com

Based on this information, what combination of services must be used to meet the requirement? (Select two.)

A : th condition in ALB listener to route example.com to appropriate target groups.

B : t condition in ALB listener to route *.example.com to appropriate target groups.

C : t condition a ALB listener to route example.com to appropriate target groups.

D : th condition in ALB listener to route *.example.com to appropriate target groups.

E : t condition in ALB listener to route $$$$.example.com to appropriate target groups.

Answer: B,C

Question 4

A Network Engineer is designing a system on AWS that will leverage Amazon CloudFront for content caching and for protecting the underlying origin. The security team has flagged a concern of a probable attack on the origin server IP addresses, despite it being served by CloudFront.

Suggest a solution that provides the strongest level of protection to the origin server?

A : nfigure CloudFront to use a custom header and configure an AWS WAF rule on the origin’s Application Load Balancer to accept only traffic that contains that header

B : nfigure Origin Access Identity(OAI) on the origin server, which will only allow requests originating from CloudFront

C : nfigure private access to content by using special CloudFront signed URLs or signed cookies

D : nfigure an AWS Lambda@Edge function to validate that the traffic to the Application Load Balancer originates from CloudFront

Answer: A

Question 5

You deploy an Amazon EC2 instance that runs a web server into a subnet in a VPC. An Internet gateway is attached, and the main route table has a default route (0.0.0.0/0) configured with a target of the Internet gateway.

The instance has a security group configured to allow as follows:

Protocol: TCP

Port: 80 inbound, nothing outbound

The Network ACL for the subnet is configured to allow as follows:

Protocol: TCP

Port: 80 inbound, nothing outbound

When you try to browse to the web server, you receive no response.

Which additional step should you take to receive a successful response?

A : an entry to the security group outbound rules for Protocol: TCP, Port Range: 80

B : an entry to the security group outbound rules for Protocol: TCP, Port Range: 1024-65535

C : an entry to the Network ACL outbound rules for Protocol: TCP, Port Range: 80

D : an entry to the Network ACL outbound rules for Protocol: TCP, Port Range: 1024-65535

Answer: D