Free AWS-Certified-Advanced-Networking-Specialty Exam Braindumps (page: 21)

Page 21 of 102

A company has an application running on Amazon EC2 instances in a private subnet that connects to a third- party service provider's public HTTP endpoint through a NAT gateway. As request rates increase, new connections are starting to fail. At the same time, the ErrorPortAllocation Amazon CloudWatch metric count for the NAT gateway is increasing.

Which of the following actions should improve the connectivity issues? (Choose two.)

  1. Allocate additional elastic IP addresses to the NAT gateway.
  2. Request that the third-party service provider implement HTTP keepalive.
  3. Implement TCP keepalive on the client instances
  4. Create additional NAT gateways and update the private subnet route table to introduce the new NAT gateways.
  5. Create additional NAT gateways in the public subnet and split client instances into multiple private subnets, each with a route to a different NAT gateway.

Answer(s): C,D


Reference:

https://aws.amazon.com/premiumsupport/knowledge-center/vpc-resolve-port-allocation-errors/



An application runs on a fleet of Amazon EC2 instances in a VPC. All instances can reach one another using private IP addresses. The application owner has a new requirement that the domain name received via DHCP should be different for a particular set of instances that are currently in one particular subnet.

What changes should be made to meet this requirement while continuing to support the existing application requirements?

  1. Modify the existing DHCP option set and specify the different domain name for the specified subnet.
  2. Create a new DHCP option set with the different domain name, associate it with the specified subnet, and re-launch the Amazon EC2 instances.
  3. Create a new subnet, configure the DHCP option set with the different domain name, and re-launch the required instances there.
  4. Create a new peered VPC, configure the DHCP option set with the different domain name, and re-launch the required instances there.

Answer(s): B



A Network Engineer has enabled VPC Flow Logs to troubleshoot an ICMP reachability issue for an echo reply from an Amazon EC2 instance. The flow logs reveal an ACCEPT record for the request from the client to the EC2 instance, and a REJECT record for the response from the EC2 instance to the client.
What is the MOST likely reason for there to be a REJECT record?

  1. The security group is denying inbound ICMP.
  2. The network ACL is denying inbound ICMP.
  3. The security group is denying outbound ICMP.
  4. The network ACL is denying outbound ICMP.

Answer(s): B



An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF.

What additional configuration is required to enable the applications in VPCs to communicate with each other and access on-premises resources?

  1. Configure each application VPC with a static route entry pointing the on-premises CIDR block to the software VPN instances.
  2. Configure the central VPC with a static route entry pointing the on-premises CIDR block to local VGWs.
  3. Advertise all application VPC CIDR blocks to on-premises resources via the VGW in the central VP
  4. Configure IPSec tunnels from the on-premises router into the software VPN instances with dynamic routing.

Answer(s): B



Page 21 of 102



Post your Comments and Discuss Amazon AWS-Certified-Advanced-Networking-Specialty exam with other Community members:

Hello commented on September 04, 2024
awesome questions
Anonymous
upvote

Meenakshi commented on June 06, 2024
One of the best exam dumps site I have ever used. I have passed 3 of my exams with the help of this website.
INDIA
upvote