CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-Certified-Advanced-Networking-Specialty

Free AWS-Certified-Advanced-Networking-Specialty Exam Braindumps (page: 12)

Page 12 of 102
PDF with 407 Questions

The Web Application Development team is worried about malicious activity from 200 random IP addresses.Which action will ensure security and scalability from this type of threat?

  1. Use inbound security group rules to block the IP addresses.
  2. Use inbound network ACL rules to block the IP addresses.
  3. Use AWS WAF to block the IP addresses.
  4. Write iptables rules on the instance to block the IP addresses.

Answer(s): B



You operate a production VPC with both a public and a private subnet. Your organization maintains a restricted Amazon S3 bucket to support this production workload. Only Amazon EC2 instances in the private subnet should access the bucket. You implement VPC endpoints(VPC-E) for Amazon S3 and remove the NAT that previously provided a network path to Amazon S3. The default VPC-E policy is applied. Neither EC2 instances in the public or private subnets are able to access the S3 bucket.
What should you do to enable Amazon S3 access from EC2 instances in the private subnet?

  1. Add the CIDR address range of the private subnet to the S3 bucket policy.
  2. Add the VPC-E identified to the S3 bucket policy.
  3. Add the VPC identifier for the production VPC to the S3 bucket policy.
  4. Add the VPC-E identifier for the production VPC to endpoint policy.

Answer(s): A



Your hybrid networking environment consists of two application VPCs, a shared services VPC, and your corporate network. The corporate network is connected to the shared services VPC via an IPsec VPN with dynamic (BGP) routing enabled.

The applications require access to a common authentication service in the shared services VPC. You need to enable native network access from the corporate network to both application VPCs.

Which step should you take to meet the requirements?

  1. Use VPC peering to peer the application VPCs with the shared services VPC, and enable associated routing in the shared services VPC via the corporate VPN.
  2. Configure an IPsec VPN between the virtual private gateway in each application VPC to the virtual private gateway in the shared services VPC.
  3. Configure additional IPsec VPNs for each application VPC back to the corporate network, and enable VPC peering to the shared services VP
  4. Enable CloudHub functionality to route traffic between the three VPCs and the corporate network using dynamic BGP routing.

Answer(s): C



You use a VPN to extend your corporate network into a VPC. Instances in the VPC are able to resolve resource records in an Amazon Route 53 private hosted zone. Your on-premises DNS server is configured with a forwarder to the VPC DNS server IP address. On-premises users are unable to resolve names in the private hosted zone, although instances in a peered VPC can.
What should you do to provide on-premises users with access to the private hosted zone?

  1. Create a proxy resolver within the VPC. Point the on-premises forwarder to the proxy resolver.
  2. Modify the network access control list on the VPC to allow DNS queries from on-premises systems.
  3. Configure the on-premises server as a secondary DNS for the private zone. Update the NS records.
  4. Update the on-premises forwarders with the four name servers assigned to the private hosted zone.

Answer(s): D


Reference:

https://aws.amazon.com/blogs/security/how-to-set-up-dns-resolution-between-on-premises-networks-and-aws-by-using-unbound/



Page 12 of 102



Post your Comments and Discuss Amazon AWS-Certified-Advanced-Networking-Specialty exam with other Community members:

Hello commented on September 04, 2024
awesome questions
Anonymous
upvote

Meenakshi commented on June 06, 2024
One of the best exam dumps site I have ever used. I have passed 3 of my exams with the help of this website.
INDIA
upvote