Amazon Web Services spoto sure Pass Exam Ans-c01 Pdf by Kareem q0 vce pdf

Page: 3 / 6

Exam Name:	AWS Certified Advanced Networking- Specialty
Exam Code:	ANS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	110 Q&A's	Shared By:	kareem

Question 12

A company is using an Amazon CloudFront distribution that is configured with an Application Load Balancer (ALB) as an origin. A network engineer needs to implement a solution that requires

all inbound traffic to the ALB to come from CloudFront. The network engineer must implement the solution at the network layer rather than in the application.

Which solution will meet these requirements in the MOST operationally efficient way?

Options:

Add an inbound rule to the ALB's security group to allow the AWS managed prefix list for CloudFront.

Add an inbound rule to the network ACLs that are associated with the ALB's subnets. Use the AWS managed prefix list for CloudFront as the source in the rule.

Configure CloudFront to add a custom HTTP header to the requests that CloudFront sends to the ALB.

Associate an AWS WAF web ACL with the ALB. Configure the AWS WAF rules to allow traffic from the CloudFront IP set. Automatically update the CloudFront IP set by using an AWS Lambda function.

Discussion

Question 13

A company plans to deploy a two-tier web application to a new VPC in a single AWS Region. The company has configured the VPC with an internet gateway and four subnets. Two of the subnets are public and have default routes that point to the internet gateway. Two of the subnets are private and share a route table that does not have a default route.

The application will run on a set of Amazon EC2 instances that will be deployed behind an external Application Load Balancer. The EC2 instances must not be directly accessible from the internet. The application will use an Amazon S3 bucket in the same Region to store data. The application will invoke S3 GET API operations and S3 PUT API operations from the EC2 instances. A network engineer must design a VPC architecture that minimizes data transfer cost.

Which solution will meet these requirements?

Options:

Deploy the EC2 instances in the public subnets. Create an S3 interface endpoint in the VPC. Modify the application configuration to use the S3 endpoint-specific DNS hostname.

Deploy the EC2 instances in the private subnets. Create a NAT gateway in the VPC. Create default routes in the private subnets to the NAT gateway. Connect to Amazon S3 by using the NAT gateway.

Deploy the EC2 instances in the private subnets. Create an S3 gateway endpoint in the VPSpecify die route table of the private subnets during endpoint creation to create routes to Amazon S3.

Deploy the EC2 instances in the private subnets. Create an S3 interface endpoint in the VPC. Modify the application configuration to use the S3 endpoint-specific DNS hostname.

Discussion

River

Hey, I used Cramkey Dumps to prepare for my recent exam and I passed it.

Lewis (not set)

Yeah, I used these dumps too. And I have to say, I was really impressed with the results.

Lennie

I passed my exam and achieved wonderful score, I highly recommend it.

Emelia (not set)

I think I'll give Cramkey a try next time I take a certification exam. Thanks for the recommendation!

Mylo

Excellent dumps with authentic information… I passed my exam with brilliant score.

Dominik (not set)

That's amazing! I've been looking for good study material that will help me prepare for my upcoming certification exam. Now, I will try it.

Everleigh

I must say that they are updated regularly to reflect the latest exam content, so you can be sure that you are getting the most accurate information. Plus, they are easy to use and understand, so even new students can benefit from them.

Huxley (not set)

That's great to know. So, you think new students should buy these dumps?

Question 14

All IP addresses within a 10.0.0.0/16 VPC are fully utilized with application servers across two Availability Zones. The application servers need to send frequent UDP probes to a single central authentication server on the Internet to confirm that is running up-to-date packages. The network is designed for application servers to use a single NAT gateway for internal access. Testing reveals that a few of the servers are unable to communicate with the authentication server.

Options:

The NAT gateway does not support UDP traffic.

The authentication server is not accepting traffic.

The NAT gateway cannot allocate more ports.

The NAT gateway is launched in a private subnet.

Discussion

Question 15

A company has deployed a web application on AWS. The web application uses an Application Load Balancer (ALB) across multiple Availability Zones. The targets of the ALB are AWS Lambda functions. The web application also uses Amazon CloudWatch metrics for monitoring.

Users report that parts of the web application are not loading properly. A network engineer needs to troubleshoot the problem. The network engineer enables access logging for the ALB.

What should the network engineer do next to determine which errors the ALB is receiving?

Options:

Send the logs to Amazon CloudWatch Logs. Review the ALB logs in CloudWatch Insights to determine which error messages the ALB is receiving.

Configure the Amazon S3 bucket destination. Use Amazon Athena to determine which error messages the ALB is receiving.

Configure the Amazon S3 bucket destination. After Amazon CloudWatch Logs pulls the ALB logs from the S3 bucket automatically, review the logs in CloudWatch Logs to determine which error messages the ALB is receiving.

Send the logs to Amazon CloudWatch Logs. Use the Amazon Athena CloudWatch Connector to determine which error messages the ALB is receiving.