CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-Certified-Advanced-Networking-Specialty

Free AWS-Certified-Advanced-Networking-Specialty Exam Braindumps (page: 4)

Page 4 of 102
PDF with 407 Questions

You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URLs, the instances should be able to access any Amazon S3 bucket in the same region via any URL.Which of the following solutions should you deploy? (Choose two.)

  1. Include s3.amazonaws.com in the whitelist.
  2. Create a VPC endpoint for S3.
  3. Run Squid proxy on a NAT instance.
  4. Deploy a NAT gateway into your VPC.
  5. Utilize a security group to restrict access.

Answer(s): C,D



Your company runs an HTTPS application using an Elastic Load Balancing (ELB) load balancer/PHP on nginx server/RDS in multiple Availability Zones. You need to apply Geographic Restriction and identify the client’s IP address in your application to generate dynamic content.
How should you utilize AWS services in a scalable fashion to perform this task?

  1. Modify the nginx log configuration to record value in X-Forwarded-For and use CloudFront to apply the Geographic Restriction.
  2. Enable ELB access logs to store the client IP address and parse these to dynamically modify a blacklist.
  3. Use X-Forwarded-For with security groups to apply the Geographic Restriction
  4. Modify the application code to use value of X-Forwarded-For and CloudFront to apply the Geographic Restriction.

Answer(s): A



You run a well-architected, multi-AZ application in the eu-central-1 (Frankfurt) AWS region. The application is hosted in a VPC and is only accessed from the corporate network. To support large volumes of data transfer and administration of the application, you use a single 10-Gbps AWS Direct Connect connection with multiple private virtual interfaces. As part of a review, you decide to improve the resilience of your connection to AWS and make sure that any additional connectivity does not share the same Direct Connect routers at AWS. You need to provide the best levels of resilience to meet the application’s needs.Which two options should you consider? (Choose two.)

  1. Install a second 10-Gbps Direct Connect connection to the same Direct Connection location.
  2. Deploy an IPsec VPN over a public virtual interface on a new 10-Gbps Direct Connect connection.
  3. Install a second 10-Gbps Direct Connect connection to a Direct Connect location in eu-west-1.
  4. Deploy an IPsec VPN over the Internet to the eu-west-1 region for diversity.
  5. Install a second 10-Gbps Direct Connect connection to a second Direct Connect location for eu-central-1.

Answer(s): B,C



You currently use a single security group assigned to all nodes in a clustered NoSQL database. Only your cluster members in one region must be able to connect to each other. This security group uses a self- referencing rule using the cluster security group’s group-id to make it easier to add or remove nodes from the cluster. You need to make this database comply with out-of-region disaster recovery requirements and ensure that the network traffic between the nodes is encrypted when travelling between regions. How should you enable secure cluster communication while deploying additional cluster members in another AWS region?

  1. Create an IPsec VPN between AWS regions, use private IP addresses to route traffic, and create cluster security group rules that reference each other’s security group-id in each region.
  2. Create an IPsec VPN between AWS regions, use private IP addresses to route traffic, and create cluster security group CIDR-based rules that correspond with the VPC CIDR in the other region.
  3. Use public IP addresses and TLS to securely communicate between cluster nodes in each AWS region, and create cluster security group CIDR-based rules that correspond with the VPC CIDR in the other region.
  4. Use public IP addresses and TLS to securely communicate between cluster nodes in each AWS region, and create cluster security group rules that reference each other’s security group-id in each region.

Answer(s): D



Page 4 of 102



Post your Comments and Discuss Amazon AWS-Certified-Advanced-Networking-Specialty exam with other Community members:

Hello commented on September 04, 2024
awesome questions
Anonymous
upvote

Meenakshi commented on June 06, 2024
One of the best exam dumps site I have ever used. I have passed 3 of my exams with the help of this website.
INDIA
upvote