CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-Certified-Advanced-Networking-Specialty

Free AWS-Certified-Advanced-Networking-Specialty Exam Braindumps (page: 2)

Page 2 of 102
PDF with 407 Questions

Your company decides to use Amazon S3 to augment its on-premises data store. Instead of using the company’s highly controlled, on-premises Internet gateway, a Direct Connect connection is ordered to provide high bandwidth, low latency access to S3. Since the company does not own a publically routable IPv4 address block, a request was made to AWS for an AWS-owned address for a Public Virtual Interface (VIF).

The security team is calling this new connection a “backdoor”, and you have been asked to clarify the risk to the company.

Which concern from the security team is valid and should be addressed?

  1. AWS advertises its aggregate routes to the Internet allowing anyone on the Internet to reach the router.
  2. Direct Connect customers with a Public VIF in the same region could directly reach the router.
  3. EC2 instances in the same region with access to the Internet could directly reach the router.
  4. The S3 service could reach the router through a pre-configured VPC Endpoint.

Answer(s): A



Your organization uses a VPN to connect to your VPC but must upgrade to a 1-G AWS Direct Connect connection for stability and performance. Your telecommunications provider has provisioned the circuit fromyour data center to an AWS Direct Connect facility and needs information on how to cross-connect (e.g., which rack/port to connect).

What is the AWS-recommended procedure for providing this information?

  1. Create a support ticket. Provide your AWS account number and telecommunications company’s name and where you need the Direct Connect connection to terminate.
  2. Create a new connection through your AWS Management Console and wait for an email from AWS with information.
  3. Ask your telecommunications provider to contact AWS through an AWS Partner Channel. Provide your AWS account number.
  4. Contact an AWS Account Manager and provide your AWS account number, telecommunications company’s name, and where you need the Direct Connect connection to terminate.

Answer(s): A



You manage a web service that is used by client applications deployed in 300 offices worldwide. The web service architecture is an Elastic Load balancer (ELB) distributing traffic across four application servers deployed in an autoscaling group across two availability zones.

The ELB is configured to use round robin, and sticky sessions are disabled. You have configured the NACLs and Security Groups to allow port 22 from your bastion host, and port 80 from 0.0.0.0/0. The client configuration is managed by each regional IT team.

Upon inspection you find that a large amount of requests from incorrectly configured sites are causing a single application server to degrade. The remainder of the requests are equally distributed across all servers with no negative effects.

What should you do to remedy the situation and prevent future occurrences?

  1. Mark the affected instance as degraded in the ELB and raise it with the client application team.
  2. Update the NACL to only allow port 80 to the application servers from the ELB servers.
  3. Update the Security Groups to only allow port 80 to the application servers from the ELB.
  4. Terminate the affected instance and allow Auto Scaling to create a new instance.

Answer(s): D



A multinational organization has applications deployed in three different AWS regions. These applications must securely communicate with each other by VPN. According to the organization’s security team, the VPN must meet the following requirements:

-AES 128-bit encryption
-SHA-1 hashing
-User access via SSL VPN
-PFS using DH Group 2
-Ability to maintain/rotate keys and passwords
-Certificate-based authentication

Which solution should you recommend so that the organization meets the requirements?

  1. AWS hardware VPN between the virtual private gateway and customer gateway
  2. A third-party VPN solution deployed from AWS Marketplace
  3. A private MPLS solution from an international carrier
  4. AWS hardware VPN between the virtual private gateways in each region

Answer(s): D



Page 2 of 102



Post your Comments and Discuss Amazon AWS-Certified-Advanced-Networking-Specialty exam with other Community members:

Hello commented on September 04, 2024
awesome questions
Anonymous
upvote

Meenakshi commented on June 06, 2024
One of the best exam dumps site I have ever used. I have passed 3 of my exams with the help of this website.
INDIA
upvote