CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-Certified-Advanced-Networking-Specialty

Free AWS-Certified-Advanced-Networking-Specialty Exam Braindumps (page: 14)

Page 14 of 102
PDF with 407 Questions

You deploy an Amazon EC2 instance that runs a web server into a subnet in a VPC. An Internet gateway isattached, and the main route table has a default route (0.0.0.0/0) configured with a target of the Internet gateway.

The instance has a security group configured to allow as follows:
-Protocol: TCP
-Port: 80 inbound, nothing outbound

The Network ACL for the subnet is configured to allow as follows:
-Protocol: TCP
-Port: 80 inbound, nothing outbound

When you try to browse to the web server, you receive no response. Which additional step should you take to receive a successful response?

  1. Add an entry to the security group outbound rules for Protocol: TCP, Port Range: 80
  2. Add an entry to the security group outbound rules for Protocol: TCP, Port Range: 1024-65535
  3. Add an entry to the Network ACL outbound rules for Protocol: TCP, Port Range: 80
  4. Add an entry to the Network ACL outbound rules for Protocol: TCP, Port Range: 1024-65535

Answer(s): C



An organization launched an IPv6-only web portal to support IPv6-native mobile clients. Front-end instances launch in an Amazon VPC associated with an appropriate IPv6 CIDR. The VPC IPv4 CIDR is fully utilized. A single subnet exists in each of two Availability Zones with appropriately configured IPv6 CIDR associations. Auto Scaling is properly configured, and no Elastic Load Balancing is used.

Customers say the service is unavailable during peak load times. The network engineer attempts to launch an instance manually and receives the following message: “There are not enough free addresses in subnet ‘subnet-12345678’ to satisfy the requested number of instances.”

What action will resolve the availability problem?

  1. Create a new subnet using a VPC secondary IPv6 CIDR, and associate an IPv6 CIDR. Include the new subnet in the Auto Scaling group.
  2. Create a new subnet using a VPC secondary IPv4 CIDR, and associate an IPv6 CIDR. Include the new subnet in the Auto Scaling group.
  3. Resize the IPv6 CIDR on each of the existing subnets. Modify the Auto Scaling group maximum number of instances.
  4. Add a secondary IPv4 CIDR to the Amazon VPC. Assign secondary IPv4 address space to each of the existing subnets.

Answer(s): B



A Network Engineer is designing a new system on AWS that will take advantage of Amazon CloudFront for both content caching and for protecting the underlying origin. There is concern that an external agency might be able to access the IP addresses for the application’s origin and then attack the origin despite it being served by CloudFront. Which of the following solutions provides the strongest level of protection to the origin?

  1. Use an IP whitelist rule in AWS WAF within CloudFront to ensure that only known-client IPs are able to access the application.
  2. Configure CloudFront to use a custom header and configure an AWS WAF rule on the origin’s Application Load Balancer to accept only traffic that contains that header.
  3. Configure an AWS Lambda@Edge function to validate that the traffic to the Application Load Balancer originates from CloudFront.
  4. Attach an origin access identity to the CloudFront origin that allows traffic to the origin that originates from only CloudFront.

Answer(s): A



A network engineer is managing two AWS Direct Connect connections. Each connection has a public virtual interface configured with a private ASN. The engineer wants to configure active/passive routing between the Direct Connect connections to access Amazon public endpoints. What BGP configuration is required for the on- premises equipment? (Choose two.)

  1. Use Local Pref to control outbound traffic.
  2. Use AS Prepending to control inbound traffic.
  3. Use eBGP multi-hop between loopback interfaces.
  4. Use BGP Communities to control outbound traffic.
  5. Advertise more specific prefixes over one Direct Connect connection.

Answer(s): C,E



Page 14 of 102



Post your Comments and Discuss Amazon AWS-Certified-Advanced-Networking-Specialty exam with other Community members:

Hello commented on September 04, 2024
awesome questions
Anonymous
upvote

Meenakshi commented on June 06, 2024
One of the best exam dumps site I have ever used. I have passed 3 of my exams with the help of this website.
INDIA
upvote