CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-Certified-Advanced-Networking-Specialty

Free AWS-Certified-Advanced-Networking-Specialty Exam Braindumps (page: 59)

Page 59 of 102
PDF with 407 Questions

You are architecting an HPC solution in AWS. The system consists of a cluster of EC2 instances that require low-latency communications between them.Which method should you use to set up a cluster to meet these requirements?

  1. Create a VPC with one subnet in a single Availability Zone. Keep the size of the subnet equal to the number of instances required in the cluster. Launch instances for the cluster in this small subnet to guarantee low- latency network performance.
  2. Create a placement group. Choose an EC2 instance type compatible with placement groups for the cluster. Launch instances for the cluster in the placement group.
  3. Launch Amazon EC2 instances with the largest available number of cores and RAM. Attach all instances to an Amazon EBS PIOPS volume. Implement a shared memory system across all instances in the cluster, using this shared EBS volume to minimize latency of communication.
  4. Choose an EC2 instance type that offers enhanced networking. Attach a 10-Gbps non-blocking elastic network interface to the instances. Configure the elastic network interface to optimize network performance to reduce latency.

Answer(s): B

Explanation:

Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. A is incorrect because the size of a subnet has no impact on network performance. C is incorrect because an EBS volume cannot be shared between EC2 instances. D is only half the solution because the enhanced networking affects the network behavior of an EC2 instance but not the network infrastructure between instances.



Your customer's internal security teams receive requests to allow Amazon S3 access from inside the corporate network. All external traffic must be explicitly whitelisted through your corporate firewalls.
How can your security team grant this access?

  1. Obtain the list of IP prefixes from AWS Forum announcements, and use those prefixes in firewall rules.
  2. Obtain the list of IP prefixes from ip-ranges.json, and use those prefixes in firewall rules.
  3. Obtain the list of IP prefixes by performing a DNS lookup on Amazon S3 endpoints, and use those prefixes in firewall rules.
  4. Connect your data center to a VPC via Direct Connect. Create routes that forward traffic from your data center to an S3 private endpoint.

Answer(s): B

Explanation:

ip-ranges.json contains the latest list of IP addresses used by AWS. AWS no longer posts IP prefixes in Forum announcements. DNS lookups would not provide an exhaustive list of possible IP prefixes. D would require transitive routing, which is not possible.



Your application server instances reside in the private subnet of your VPC. These instances need to access a Git repository on the Internet. You create a NAT gateway in the public subnet of your VPC. The NAT gateway can reach the Git repository, but instances in the private subnet cannot. You confirm that a default route in the private subnet route table points to the NAT gateway. The security group for your application server instances permits all traffic to the NAT gateway.

What configuration change should you make to ensure that these instances can reach the patch server?

  1. Assign public IP addresses to the instances and route 0.0.0.0/0 to the Internet gateway.
  2. Configure an outbound rule on the application server instance security group for the Git repository.
  3. Configure inbound network access control lists (network ACLs) to allow traffic from the Git repository to the public subnet.
  4. Configure an inbound rule on the application server instance security group for the Git repository.

Answer(s): B

Explanation:

The traffic leaves the instance destined for the Git repository; at this point, the security group must allow itthrough. The route then directs that traffic (based on the IP) to the NAT gateway. A is wrong because it removes the private aspect of the subnet and would have no effect on the blocked traffic anyway. C is wrong because the problem is that outgoing traffic is not getting to the NAT gateway. D is wrong because to allow outgoing traffic to the Git repository requires an outgoing security group rule.



Considering your knowledge of both the OSI and TCP/IP models – select the following statement which you consider to NOT be true.

  1. The TCP/IP Application layer maps to 2 of the OSI Layers
  2. The top layer in the OSI model is named the Application layer
  3. The TCP/IP Application layer maps to 3 of the OSI Layers
  4. The top layer in the TCP/IP model is named the Application layer

Answer(s): A

Explanation:

The OSI model is a 7 layered model. The TCP/IP model is a 4 layered model. The top layer in both models is called the Application layer. The TCP/IP Application layer maps to the top 3 OSI layers (Application, Presentation, and Session layers).


Reference:

https://en.wikipedia.org/wiki/OSI_model



Page 59 of 102



Post your Comments and Discuss Amazon AWS-Certified-Advanced-Networking-Specialty exam with other Community members:

Hello commented on September 04, 2024
awesome questions
Anonymous
upvote

Meenakshi commented on June 06, 2024
One of the best exam dumps site I have ever used. I have passed 3 of my exams with the help of this website.
INDIA
upvote