Special Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

Amazon Web Services Updated ANS-C01 Exam Questions and Answers by malcolm

Page: 4 / 11

Amazon Web Services ANS-C01 Exam Overview :

Exam Name: Amazon AWS Certified Advanced Networking - Specialty
Exam Code: ANS-C01 Dumps
Vendor: Amazon Web Services Certification: AWS Certified Specialty
Questions: 153 Q&A's Shared By: malcolm
Question 16

A network engineer is designing the architecture for a healthcare company's workload that is moving to the AWS Cloud. All data to and from the on-premises environment must be encrypted in transit. All traffic also must be inspected in the cloud before the traffic is allowed to leave the cloud and travel to the on-premises environment or to the internet.

The company will expose components of the workload to the internet so that patients can reserve appointments. The architecture must secure these components and protect them against DDoS attacks. The architecture also must provide protection against financial liability for services that scale out during a DDoS event.

Which combination of steps should the network engineer take to meet all these requirements for the workload? (Choose three.)

Options:

A.

Use Traffic Mirroring to copy all traffic to a fleet of traffic capture appliances.

B.

Set up AWS WAF on all network components.

C.

Configure an AWS Lambda function to create Deny rules in security groups to block malicious IP addresses.

D.

Use AWS Direct Connect with MACsec support for connectivity to the cloud.

E.

Use Gateway Load Balancers to insert third-party firewalls for inline traffic inspection.

F.

Configure AWS Shield Advanced and ensure that it is configured on all public assets.

Discussion
Question 17

A software-as-a-service (SaaS) provider hosts its solution on Amazon EC2 instances within a VPC in the AWS Cloud. All of the provider's customers also have their environments in the AWS Cloud.

A recent design meeting revealed that the customers have IP address overlap with the provider's AWS deployment. The customers have stated that they will not share their internal IP addresses and that they do not want to connect to the provider's SaaS service over the internet.

Which combination of steps is part of a solution that meets these requirements? (Choose two.)

Options:

A.

Deploy the SaaS service endpoint behind a Network Load Balancer.

B.

Configure an endpoint service, and grant the customers permission to create a connection to the endpoint service.

C.

Deploy the SaaS service endpoint behind an Application Load Balancer.

D.

Configure a VPC peering connection to the customer VPCs. Route traffic through NAT gateways.

E.

Deploy an AWS Transit Gateway, and connect the SaaS VPC to it. Share the transit gateway with the customers. Configure routing on the transit gateway.

Discussion
Question 18

A company's AWS infrastructure is spread across more than 50 accounts and across five AWS Regions. The company needs to manage its security posture with simplified administration and maintenance for all the AWS accounts. The company wants to use AWS Firewall Manager to manage the firewall rules and requirements.

The company creates an organization with all features enabled in AWS Organizations.

Which combination of steps should the company take next to meet the requirements? (Select THREE.)

Options:

A.

Configure only the Firewall Manager administrator account to join the organization.

B.

Configure all the accounts to join the organization.

C.

Set an account as the Firewall Manager administrator account.

D.

Set an account as the Firewall Manager child account.

E.

Set up AWS Config for all the accounts and all the Regions where the company has resources.

F.

Set up AWS Config for only the organization's management account.

Discussion
Question 19

An international company provides early warning about tsunamis. The company plans to use IoT devices to monitor sea waves around the world. The data that is collected by the IoT devices must reach the company’s infrastructure on AWS as quickly as possible. The company is using three operation centers around the world. Each operation center is connected to AWS through Its own AWS Direct Connect connection. Each operation center is connected to the internet through at least two upstream internet service providers.

The company has its own provider-independent (PI) address space. The IoT devices use TCP protocols for reliable transmission of the data they collect. The IoT devices have both landline and mobile internet connectivity. The infrastructure and the solution will be deployed in multiple AWS Regions. The company will use Amazon Route 53 for DNS services.

A network engineer needs to design connectivity between the IoT devices and the services that run in the AWS Cloud.

Which solution will meet these requirements with the HIGHEST availability?

Options:

A.

Set up an Amazon CloudFront distribution with origin failover. Create an origin group for each Region where the solution is deployed.

B.

Set up Route 53 latency-based routing. Add latency alias records. For the latency alias records, set the value of Evaluate Target Health to Yes.

C.

Set up an accelerator in AWS Global Accelerator. Configure Regional endpoint groups and health checks.

D.

Set up Bring Your Own IP (BYOIP) addresses. Use the same PI addresses for each Region where the solution is deployed.

Discussion
Freddy
I passed my exam with flying colors and I'm confident who will try it surely ace the exam.
Aleksander Sep 26, 2024
Thanks for the recommendation! I'll check it out.
Syeda
I passed, Thank you Cramkey for your precious Dumps.
Stella Aug 25, 2024
That's great. I think I'll give Cramkey Dumps a try.
Pippa
I was so happy to see that almost all the questions on the exam were exactly what I found in their Dumps.
Anastasia Sep 21, 2024
You are right…It was amazing! The Cramkey Dumps were so comprehensive and well-organized, it made studying for the exam a breeze.
Sarah
Yeah, I was so relieved when I saw that the question appeared in the exam were similar to their exam dumps. It made the exam a lot easier and I felt confident going into it.
Aaliyah Aug 27, 2024
Same here. I've heard mixed reviews about using exam dumps, but for us, it definitely paid off.
Page: 4 / 11

ANS-C01
PDF

$36.75  $104.99

ANS-C01 Testing Engine

$43.75  $124.99

ANS-C01 PDF + Testing Engine

$57.75  $164.99