Amazon Web Services braindumps2go ans-c01 Leak Questions by Bryan q0 vce pdf

Page: 15 / 21

Exam Name:	Amazon AWS Certified Advanced Networking - Specialty
Exam Code:	ANS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	288 Q&A's	Shared By:	bryan

Question 60

A company has been using an outdated application layer protocol for communication among applications. The company decides not to use this protocol anymore and must migrate allapplications to support a new protocol. The old protocol and the new protocol are TCP-based, but the protocols use different port numbers.

After several months of work, the company has migrated dozens of applications that run on Amazon EC2 instances and in containers. The company believes that all the applications have been migrated, but the company wants to verify this belief. A network engineer needs to verify that no application is still using the old protocol.

Which solution will meet these requirements without causing any downtime?

Options:

Use Amazon Inspector and its Network Reachability rules package. Wait until the analysis has finished running to find out which EC2 instances are still listening to the old port.

Enable Amazon GuardDuty. Use the graphical visualizations to filter for traffic that uses the port of the old protocol. Exclude all internet traffic to filter out occasions when the same port is used as an ephemeral port.

Configure VPC flow logs to be delivered into an Amazon S3 bucket. Use Amazon Athena to query the data and to filter for the port number that is used by the old protocol.

Inspect all security groups that are assigned to the EC2 instances that host the applications. Remove the port of the old protocol if that port is in the list of allowed ports. Verify that the applications are operating properly after the port is removed from the security groups.

Discussion

Aryan

Absolutely rocked! They are an excellent investment for anyone who wants to pass the exam on the first try. They save you time and effort by providing a comprehensive overview of the exam content, and they give you a competitive edge by giving you access to the latest information. So, I definitely recommend them to new students.

Jessie Sep 28, 2024

did you use PDF or Engine? Which one is most useful?

Yusra

I passed my exam. Cramkey Dumps provides detailed explanations for each question and answer, so you can understand the concepts better.

Alisha Aug 29, 2024

I recently used their dumps for the certification exam I took and I have to say, I was really impressed.

Lennox

Something Special that they provide a comprehensive overview of the exam content. They cover all the important topics and concepts, so you can be confident that you are well-prepared for the test.

Aiza Oct 25, 2024

That makes sense. What makes Cramkey Dumps different from other study materials?

Hassan

Highly Recommended Dumps… today I passed my exam! Same questions appear. I bought Full Access.

Kasper Oct 20, 2024

Hey wonderful….so same questions , sounds good. Planning to write this week, I will go for full access today.

Miriam

Highly recommended Dumps. 100% authentic and reliable. Passed my exam with wonderful score.

Milan Sep 24, 2024

I see. Thanks for the information. I'll definitely keep Cramkey in mind for my next exam.

Question 61

A company runs a workload in a single VPC on AWS. The company’s architecture contains several interface VPC endpoints for AWS services, including Amazon CloudWatch Logs and AWS Key Management Service (AWS KMS). The endpoints are configured to use a shared security group. The security group is not used for any other workloads or resources.

After a security review of the environment, the company determined that the shared security group is more permissive than necessary. The company wants to make the rules associated with the security group more restrictive. The changes to the security group rules must not prevent the resources in the VPC from using AWS services through interface VPC endpoints. The changes must prevent unnecessary access.

The security group currently uses the following rules:

• Inbound - Rule 1

Protocol: TCP

Port: 443

Source: 0.0.0.0/0

• Inbound - Rule 2

Protocol: TCP

Port: 443

Source: VPC CIDR

• Outbound - Rule 1

Protocol: All

Port: All

Destination: 0.0.0.0/0

Which rule or rules should the company remove to meet with these requirements?

Options:

Outbound - Rule 2

Inbound - Rule 1 and Outbound - Rule 1

Inbound - Rule 2 and Outbound - Rule 1

Outbound - Rule 1

Discussion

Question 62

A company wants to implement a distributed architecture on AWS that uses a Gateway Load Balancer (GWLB) and GWLB endpoints.

The company has chosen a hub-and-spoke model. The model includes a GWLB and virtual appliances that are deployed into a centralized appliance VPC and GWLB endpoints. The model also includes internet gateways that are configured in spoke VPCs.

Which sequence of traffic flow to the internet from the spoke VPC is correct?

Options:

1. An application in a spoke VPC sends traffic to the GWLB endpoint based on the VPC route table configuration.

2. Traffic is delivered securely and privately to the GWLB.

3. The GWLB sends the traffic to a virtual appliance for inspection.

4. Return traffic flows back to the GWLB endpoint and out to the internet through the internet gateway.

1. An application in a spoke VPC sends traffic to the GWLB endpoint based on the VPC route table configuration.

2. Traffic is delivered securely and privately to the GWLB endpoint.

3. The GWLB sets the X-Forwarded-For request header and sends the traffic to a virtual appliance for inspection.

4. Return traffic flows back to the GWLB and out to the internet through an internet gateway.

1. An application in a spoke VPC sends traffic to the GWLB endpoint.

2. Traffic is delivered securely and privately to the GWLB.

3. The GWLB sets the X-Forwarded-For request header and sends the traffic to a virtual appliance for inspection.

4. Return traffic flows back to the GWLB endpoint and out to the internet through the internet gateway.

1. An application in a spoke VPC sends traffic to the GWLB.

2. Traffic is delivered securely and privately to the GWLB endpoint.

3. The GWLB sends the traffic to a virtual appliance for inspection.

4. Return traffic flows back to the GWLB and out to the internet through an internet gateway.

Discussion

Question 63

A company has a data center in the us-west-1 Region with a 10 Gbps AWS Direct Connect dedicated connection to a Direct Connect gateway. There are two private VIFs from the same data center location in us-west-1 that are attached to the same Direct Connect gateway.

VIF 1 advertises 172.16.0.0/16 with an AS PATH attribute value of 65000. VIF 2 advertises 172.16.1.0/24 with an AS PATH attribute value of 65000 65000 65000.

How will AWS route traffic to the data center for traffic that has a destination address within the 172.16.1.0/24 network range?

Options:

AWS will route all traffic by using VIF 1.

AWS will route all traffic by using VIF 2.

AWS will use both VIFs for routing by using a round-robin policy.

AWS will use flow control to balance the traffic between the two VIFs.

Discussion

Page: 15 / 21

Title

Questions

Posted

amazon web services.udemy.selected ans-c01 aws certified specialty questions answers.by ishaan.q0.vce.pdf