CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-Certified-Advanced-Networking-Specialty

Free AWS-Certified-Advanced-Networking-Specialty Exam Braindumps (page: 22)

Page 22 of 102
PDF with 407 Questions

A Network Engineer needs to create a public virtual interface on the company's AWS Direct Connect connection and only import routes which originated from the same region as the Direct Connect location.What action should accomplish this?

  1. Configure a prefix list on the customer router containing the AWS IP address ranges for the specific region.
  2. Configure a filter on the company's router to only import routes with the 7224:8100 BGP community attribute.
  3. Configure a filter on the company's router to only import routes without a BGP community attribute and a maximum path length of 3.
  4. Configure a filter in the console and only allow routes advertised by AWS without a BGP community attribute and a maximum path length of 3.

Answer(s): B


Reference:

https://docs.aws.amazon.com/directconnect/latest/UserGuide/routing-and-bgp.html



A network engineer has configured a private hosted zone using Amazon Route 53. The engineer needs to configure health checks for record sets within the zone that are associated with instances.
How can the engineer meet the requirements?

  1. Configure a Route 53 health check to a private IP associated with the instances inside the VPC to be checked.
  2. Configure a Route 53 health check pointing to an Amazon SNS topic that notifies an Amazon CloudWatch alarm when the Amazon EC2 StatusCheckFailed metric fails.
  3. Create a CloudWatch metric that checks the status of the EC2 StatusCheckFailed metric, add an alarm to the metric, and then create a health check that is based on the state of the alarm.
  4. Create a CloudWatch alarm for the StatusCheckFailed metric and choose Recover this instance, selecting a threshold value of 1.

Answer(s): A



An architecture is being designed to support an Amazon WorkSpaces deployment of 1,000 desktops. Which architecture will support this deployment while allowing for future expansion?

  1. A VPC with a /16 CIDR and one /21 subnet
  2. A VPC with a /20 CIDR and two /21 subnets
  3. A VPC with a /16 CIDR and one /22 subnet
  4. A VPC with a /20 CIDR and two /23 subnets

Answer(s): C



An organization is deploying an application in a VPC that requires SSL mutual authentication with a client-side certificate, as that is the primary method of identifying clients. The Network Engineer has been tasked with defining the mechanism used within AWS to provide the SSL mutual authentication.
Which of the following options meets the organization's requirements?

  1. Use a Classic Load Balancer and upload the client certificate private keys to it. Perform SSL mutual authentication of the client-side certificate there.
  2. Use a Network Load Balancer with a TCP listener on port 443, and pass the request through for the SSL mutual authentication to be handled by a backend instance.
  3. Use an Application Load Balancer and upload the client certificate private keys to it by using the native server name indication (SNI) features with smart certificate selection to handle multiple calling applications.
  4. Front the application with Amazon API Gateway, and use its client-side SSL mutual authentication feature that uses the backend instances to verify the source of the request.

Answer(s): C


Reference:

https://aws.amazon.com/about-aws/whats-new/2017/10/elastic-load-balancing-application-load- balancers-now-support-multiple-ssl-certificates-and-smart-certificate-selection-using-server-name-indication-sni/



Page 22 of 102



Post your Comments and Discuss Amazon AWS-Certified-Advanced-Networking-Specialty exam with other Community members:

Hello commented on September 04, 2024
awesome questions
Anonymous
upvote

Meenakshi commented on June 06, 2024
One of the best exam dumps site I have ever used. I have passed 3 of my exams with the help of this website.
INDIA
upvote