CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-Certified-Advanced-Networking-Specialty

Free AWS-Certified-Advanced-Networking-Specialty Exam Braindumps (page: 40)

Page 40 of 102
PDF with 407 Questions

You have a static VPN connecting your data center and your VPC. You currently have 50 routes added to your route table. You want to add more; how should you do this?

  1. 50 is the most you can have for any connection.
  2. Just add them, you have a maximum of 100 static routes per route table.
  3. Set up Direct Connect. A VPN will not support more routes.
  4. Convert your VPN to a dynamic VPN and use BGP.

Answer(s): D

Explanation:

A dynamic routing table can support 100 routes. A static can only support 50 per IPv4 and 50 per IPv6. Direct Connect will work, but it would be more than you needed.



Your company needs an inexpensive solution to host their AD data in the cloud. They do not need all of the features of AD but do need to be able to use it with WorkSpaces. What is the best solution?

  1. AD Connector
  2. Hosted Microsoft AD
  3. Simple AD
  4. Deploy an AD server on an M3.large instance

Answer(s): C

Explanation:

Simple AD is the best choice here. If authentication is all you need, it is the most inexpensive option for in-cloud directory.



You need to find the MTU used by another instance, but tracepath is not working. You know the instance you are trying to tracepath has open security group and NACL rules. Which protocol do you need to allow to access your instance to remedy this?

  1. Protocol 6: TCP
  2. Protocol 47: GRE
  3. Protocol 17: UDP
  4. Protocol 1: ICMP

Answer(s): D

Explanation:

You need to allow Protocol 1, ICMP, to access your instance. tracepath specifically needs the "destination unreachable" feature of ICMP.



You are under a DDoS attack and you have added a deny all TCP rule to your NACL, but traffic is still coming. What did you do wrong?

  1. You configured the rule number to be too low.
  2. A NACL can't protect against a DDoS.
  3. The DDoS isn't a TCP attack.
  4. You need to add a deny rule outbound also since NACLs are stateful.

Answer(s): C

Explanation:

The DDoS isn't a TCP attack (this time.) A DDoS can use several different protocols. NACLs are stateless. The lower the rule number, the higher the priority.



Page 40 of 102



Post your Comments and Discuss Amazon AWS-Certified-Advanced-Networking-Specialty exam with other Community members:

Hello commented on September 04, 2024
awesome questions
Anonymous
upvote

Meenakshi commented on June 06, 2024
One of the best exam dumps site I have ever used. I have passed 3 of my exams with the help of this website.
INDIA
upvote