CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-Certified-Advanced-Networking-Specialty

Free AWS-Certified-Advanced-Networking-Specialty Exam Braindumps (page: 28)

Page 28 of 102
PDF with 407 Questions

A company’s web application is deployed on Amazon EC2 instances behind a public Application Load Balancer. The application flags malicious requests and uses an AWS Lambda function to add the offending IP addresses to the network ACL to block any further request for 24 hours. Recently, the application has been receiving more malicious requests, which causes the network ACL to reach its limit of allowed entries.

Which action should be taken to block more IP addresses, without compromising the existing security requirements?

  1. Update the AWS Lambda function to remove blocked entries from the network ACL after 2 hours.
  2. Update the AWS Lambda function to block malicious IPs in security groups rather than the network ACL.
  3. Update the AWS Lambda function to block malicious IPs in AWS WAF attached to the Application Load Balancer.
  4. Update the AWS Lambda function to add an additional network ACL to the subnets once the limit for the previous ones has been reached.

Answer(s): D



A company is using AWS to host all of its applications. Each application is isolated in its own Amazon VPC. Different environments such as Development, Test, and Production are also isolated in their own VPCs. The Network Engineer needs to automate VPC creation to enforce the company’s network and security standards. Additionally, the CIDR range used in each VPC needs to be unique.
Which solution meets all of these requirements?

  1. Use AWS CloudFormation to deploy the VPC infrastructure and a custom resource to request a CIDR range from an external IP address management (IPAM) service.
  2. Use AWS OpsWorks to deploy the VPC infrastructure and a custom resource to request a CIDR range from an external IP address management (IPAM) service.
  3. Use the VPC wizard in the AWS Management Console. Type in the CIDR blocks for the VPC and subnets.
  4. Create the VPCs using AWS CLI and use the dry-run flag to validate if the current CIDR range is in use.

Answer(s): A



You can turn on the AWS Config service from the AWS CLI by running the subscribe command and passing as parameters a valid IAM role, SNS topic, and _____________.

  1. EBS volume
  2. EC2 instance
  3. S3 bucket
  4. Kinesis stream

Answer(s): C

Explanation:

You can use the AWS CLI to turn on AWS Config. All it takes is the subscribe command and a few additional parameters. The parameters are -s3-bucket, which specifies the S3 bucket to which AWS Config data will be saved, -sns-topic, which specifies to which SNS topic messages from AWS Config will be sent, and -iam-role, which is an IAM role containing appropriate permissions for AWS Config to access the resources it monitors.


Reference:

http://docs.aws.amazon.com/config/latest/developerguide/gs-cli-subscribe.html



You would like to automate the monitoring of changes in the configurations of your AWS resources and respond programmatically to configurations of only a certain type. To do this, you could use Amazon __________as the endpoint for the Amazon SNS topics that generate messages from AWS Config.

  1. Kinesis
  2. Simple Email Service (SES)
  3. Simple Storage Service (S3)
  4. Simple Queue Service (SQS)

Answer(s): D

Explanation:

AWS Config uses Amazon Simple Notification Service (SNS) to send you notifications every time a supported AWS resource is created, updated, or otherwise modified as a result of user API activity. However, you might be interested in only certain resource configuration changes. For example, you might consider it critical to know when someone modifies the configuration of a security group, but not need to know every time there is a change to tags on your Amazon EC2 instances. Or, you might want to write a program that performs specific actions when specific resources are updated. For example, you might want to start a certain workflow when a security group configuration is changed. If you want to programmatically consume the data from AWS Config in these or other ways, use an Amazon Simple Queue Service queue as the notification endpoint for Amazon SNS.


Reference:

http://docs.aws.amazon.com/config/latest/developerguide/monitor-resource-changes.html



Page 28 of 102



Post your Comments and Discuss Amazon AWS-Certified-Advanced-Networking-Specialty exam with other Community members:

Hello commented on September 04, 2024
awesome questions
Anonymous
upvote

Meenakshi commented on June 06, 2024
One of the best exam dumps site I have ever used. I have passed 3 of my exams with the help of this website.
INDIA
upvote