Amazon Web Services selftestengine new Release Ans-c01 Aws Certified Specialty Questions by Malcolm q0 vce pdf

Page: 4 / 11

Exam Name:	Amazon AWS Certified Advanced Networking - Specialty
Exam Code:	ANS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	153 Q&A's	Shared By:	malcolm

Question 16

A network engineer is designing the architecture for a healthcare company's workload that is moving to the AWS Cloud. All data to and from the on-premises environment must be encrypted in transit. All traffic also must be inspected in the cloud before the traffic is allowed to leave the cloud and travel to the on-premises environment or to the internet.

The company will expose components of the workload to the internet so that patients can reserve appointments. The architecture must secure these components and protect them against DDoS attacks. The architecture also must provide protection against financial liability for services that scale out during a DDoS event.

Which combination of steps should the network engineer take to meet all these requirements for the workload? (Choose three.)

Options:

Use Traffic Mirroring to copy all traffic to a fleet of traffic capture appliances.

Set up AWS WAF on all network components.

Configure an AWS Lambda function to create Deny rules in security groups to block malicious IP addresses.

Use AWS Direct Connect with MACsec support for connectivity to the cloud.

Use Gateway Load Balancers to insert third-party firewalls for inline traffic inspection.

Configure AWS Shield Advanced and ensure that it is configured on all public assets.

Discussion

Question 17

A software-as-a-service (SaaS) provider hosts its solution on Amazon EC2 instances within a VPC in the AWS Cloud. All of the provider's customers also have their environments in the AWS Cloud.

A recent design meeting revealed that the customers have IP address overlap with the provider's AWS deployment. The customers have stated that they will not share their internal IP addresses and that they do not want to connect to the provider's SaaS service over the internet.

Which combination of steps is part of a solution that meets these requirements? (Choose two.)

Options:

Deploy the SaaS service endpoint behind a Network Load Balancer.

Configure an endpoint service, and grant the customers permission to create a connection to the endpoint service.

Deploy the SaaS service endpoint behind an Application Load Balancer.

Configure a VPC peering connection to the customer VPCs. Route traffic through NAT gateways.

Deploy an AWS Transit Gateway, and connect the SaaS VPC to it. Share the transit gateway with the customers. Configure routing on the transit gateway.

Discussion

Kingsley

Do anyone guide my how these dumps would be helpful for new students like me?

Haris Sep 11, 2024

Absolutely! They are highly recommended for anyone looking to pass their certification exam. The dumps are easy to understand and follow, making it easier for you to study and retain the information.

Wyatt

Passed my exam… Thank you so much for your excellent Exam Dumps.

Arjun Sep 18, 2024

That sounds really useful. I'll definitely check it out.

Ivan

I tried these dumps for my recent certification exam and I found it pretty helpful.

Elis Sep 17, 2024

Agree!!! The questions in the dumps were quite similar to what came up in the actual exam. It gave me a good idea of the types of questions to expect and helped me revise efficiently.

Elise

I've heard that Cramkey is one of the best websites for exam dumps. They have a high passing rate and the questions are always up-to-date. Is it true?

Cian Sep 26, 2024

Definitely. The dumps are constantly updated to reflect the latest changes in the certification exams. And I also appreciate how they provide explanations for the answers, so I could understand the reasoning behind each question.

Esmae

I highly recommend Cramkey Dumps to anyone preparing for the certification exam.

Mollie Aug 15, 2024

Absolutely. They really make it easier to study and retain all the important information. I'm so glad I found Cramkey Dumps.

Question 18

A company's AWS infrastructure is spread across more than 50 accounts and across five AWS Regions. The company needs to manage its security posture with simplified administration and maintenance for all the AWS accounts. The company wants to use AWS Firewall Manager to manage the firewall rules and requirements.

The company creates an organization with all features enabled in AWS Organizations.

Which combination of steps should the company take next to meet the requirements? (Select THREE.)

Options:

Configure only the Firewall Manager administrator account to join the organization.

Configure all the accounts to join the organization.

Set an account as the Firewall Manager administrator account.

Set an account as the Firewall Manager child account.

Set up AWS Config for all the accounts and all the Regions where the company has resources.

Set up AWS Config for only the organization's management account.

Discussion

Question 19

An international company provides early warning about tsunamis. The company plans to use IoT devices to monitor sea waves around the world. The data that is collected by the IoT devices must reach the company’s infrastructure on AWS as quickly as possible. The company is using three operation centers around the world. Each operation center is connected to AWS through Its own AWS Direct Connect connection. Each operation center is connected to the internet through at least two upstream internet service providers.

The company has its own provider-independent (PI) address space. The IoT devices use TCP protocols for reliable transmission of the data they collect. The IoT devices have both landline and mobile internet connectivity. The infrastructure and the solution will be deployed in multiple AWS Regions. The company will use Amazon Route 53 for DNS services.

A network engineer needs to design connectivity between the IoT devices and the services that run in the AWS Cloud.

Which solution will meet these requirements with the HIGHEST availability?

Options:

Set up an Amazon CloudFront distribution with origin failover. Create an origin group for each Region where the solution is deployed.

Set up Route 53 latency-based routing. Add latency alias records. For the latency alias records, set the value of Evaluate Target Health to Yes.

Set up an accelerator in AWS Global Accelerator. Configure Regional endpoint groups and health checks.

Set up Bring Your Own IP (BYOIP) addresses. Use the same PI addresses for each Region where the solution is deployed.