CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-Certified-Advanced-Networking-Specialty

Free AWS-Certified-Advanced-Networking-Specialty Exam Braindumps (page: 41)

Page 41 of 102
PDF with 407 Questions

When configuring Active/Passive HA on VPN tunnels, choose the two best ways to configure this. (Choose two.)

  1. Keep both tunnels up.
  2. Configure AS_PATH prepending on one of the paths.
  3. Turn off one of the paths until you need it.
  4. Configure MED on one of the tunnels.

Answer(s): A,B

Explanation:

AWS prefers AS_PATH prepending and for a tunnel to provide true failover, it must always be on.



Your company is working on a transition from IPv4 to IPv6 but is concerned about the security of having public IPv6 addresses attached to instances in a public network. They currently use a NAT to allow outbound traffic for instances. Outbound traffic is required for updates. What are two options to alleviate your company's concerns? (Choose two.)

  1. Remove any rules allowing ::/0 inbound in the security group.
  2. Block ::/0 inbound in the NACL.
  3. Create an egress-only internet gateway.
  4. Block 0.0.0.0/0 inbound in the NACL.

Answer(s): A,C

Explanation:

0.0.0.0/0 will only block IPv4, blocking ::/0 in the NACL will prevent return traffic and updates to the instances. An egress-only internet gateway or blocking ::/0 inbound in the security group will allow the instances to initiate outbound connections and receive the return traffic, while still preventing outside attackers from initiating connections to the instances.



You have two placement groups in a VPC. What communication speed can be expected between the two placement groups?

  1. 5Gbps
  2. 10Gbps
  3. 20Gbps
  4. You cannot communicate between two placement groups.

Answer(s): A

Explanation:

5Gbps is the maximum speed for traffic outside of a placement group.



You have two Direct Connect connections and two VPN connections to your network. Site A is VPN 10.1.0.0/24 AS 65000 65000, Site B is VPN 10.1.0.252/30 AS 65000, Site C is DX 10.0.0.0/8 AS 65000 and Site D is DX10.0.0.0/16 AS 65000 65000 65000. Which site will AWS choose to reach your network?

  1. Site A: VPN 10.0.1.0/24 AS 65000 65000
  2. Site B: VPN 10.0.1.252/30 AS 65000 65000 65000
  3. Site C: DX 10.0.0.0/8 AS 65000
  4. Site D: DX 10.0.0.0/16

Answer(s): B

Explanation:

Site B, the most specific prefix always wins.



Page 41 of 102



Post your Comments and Discuss Amazon AWS-Certified-Advanced-Networking-Specialty exam with other Community members:

Hello commented on September 04, 2024
awesome questions
Anonymous
upvote

Meenakshi commented on June 06, 2024
One of the best exam dumps site I have ever used. I have passed 3 of my exams with the help of this website.
INDIA
upvote