Free Amazon ANS-C00 Exam Dumps and ANS-C00 Exam Questions

Question No: 1

MultipleChoice

A company's network engineer needs to evaluate and monitor DNS traffic The company uses Amazon Route 53 as the DNS service for its public hosted zone All DNS queries must be captured for future analysis

What should the network engineer do to meet these requirements?

Options

AUse AWS WAF to log information to Amazon CloudWatch Logs about the queries that Route 53 receives

BUse VPC Flow Logs to log information to Amazon CloudWatch Logs Insights about the queries that Route 53 receives

CUse Route 53 query logging to log information to Amazon CloudWatch Logs about the queries that Route 53 receives

DUse AWS CloudTrail to log information to Amazon CloudWatch Logs Insights about the queries that Route 53 receives

Question No: 2

MultipleChoice

You deploy an Amazon EC2 instance that runs a web server into a subnet in a VPC. An Internet gateway is attached, and the main route table has a default route (0.0.0.0/0) configured with a target of the Internet gateway.

The instance has a security group configured to allow as follows:

* Protocol: TCP

* Port: 80 inbound, nothing outbound

The Network ACL for the subnet is configured to allow as follows:

* Protocol: TCP

* Port: 80 inbound, nothing outbound

When you try to browse to the web server, you receive no response.

Which additional step should you take to receive a successful response?

Options

AAdd an entry to the security group outbound rules for Protocol: TCP, Port Range: 80

BAdd an entry to the security group outbound rules for Protocol: TCP, Port Range: 1024-65535

CAdd an entry to the Network ACL outbound rules for Protocol: TCP, Port Range: 80

DAdd an entry to the Network ACL outbound rules for Protocol: TCP, Port Range: 1024-65535

Question No: 3

MultipleChoice

A multinational organization has applications deployed in three different AWS regions. These applications must securely communicate with each other by VPN. According to the organization's security team, the VPN must meet the following requirements:

* AES 128-bit encryption

* SHA-1 hashing

* User access via SSL VPN

* PFS using DH Group 2

* Ability to maintain/rotate keys and passwords

* Certificate-based authentication

Which solution should you recommend so that the organization meets the requirements?

Options

AAWS hardware VPN between the virtual private gateway and customer gateway

BA third-party VPN solution deployed from AWS Marketplace

CA private MPLS solution from an international carrier

DAWS hardware VPN between the virtual private gateways in each region

Question No: 4

MultipleChoice

A Network Engineer needs to create a public virtual interface on the company's AWS Direct Connect connection and only import routes which originated from the same region as the Direct Connect location

What action should accomplish this?

Options

AConfigure a prefix list on the customer router containing the AWS IP address ranges for the specific region.

BConfigure a filter on the company's router to only import routes with the 7224:8100 BGP community attribute.

CConfigure a filter on the company's router to only import routes without a BGP community attribute and a maximum path length of 3.

DConfigure a filter in the console and only allow routes advertised by AWS without a BGP community attribute and a maximum path length of 3.