New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

Changed ANS-C01 Exam Questions

Page: 9 / 11
Question 36

A company has an application that runs on a fleet of Amazon EC2 instances. A new company regulation mandates that all network traffic to and from the EC2 instances must be sent to a centralized third-party EC2 appliance for content inspection.

Which solution will meet these requirements?

Options:

A.

Configure VPC flow logs on each EC2 network Interface. Publish the flow logs to an Amazon S3 bucket. Create a third-party EC2 appliance to acquire flow logs from the S3 bucket. Log in to the appliance to monitor network content.

B.

Create a third-party EC2 appliance in an Auto Scaling group fronted by a Network Load Balancer (NLB). Configure a mirror session. Specify the NLB as the mirror target. Specify a mirror filter to capture inbound and outbound traffic for the source of the mirror session, specify the EC2 elastic network interfaces for all the instances that host the application.

C.

Configure a mirror session. Specify an Amazon Data Firehose delivery stream as the mirror target Specify a mirror filter to capture inbound and outbound traffic. For the source of the mirror session, specify the EC2 elastic network interfaces for all the instances that host the application Create a third-party EC2 appliance. Send all traffic to the appliance through the Firehose delivery stream for content inspection.

D.

Configure VPC flow logs on each EC2 network interface. Send the logs to Amazon CloudWatch. Create a third-party EC2 appliance. Configure a CloudWatch filter to send the flow logs to Amazon Data Firehose to load the logs into the appliance.

Question 37

A development team is building a new web application in the AWS Cloud. The main company domain, example.com. is currently hosted in an Amazon Route 53 public hosted zone in one of the company's production AWS accounts.

The developers want to test the web application in the company's staging AWS account by using publicly resolvable subdomains under the example.com domain with the ability to create and delete DNS records as needed. Developers have full access to Route 53 hosted zones within the staging account, but they are prohibited from accessing resources in any of the production AWS accounts.

Which combination of steps should a network engineer take to allow the developers to create records under the example.com domain? (Select TWO.)

Options:

A.

Create a public hosted zone for example.com in the staging account.

B.

Create a staging.example.com NS record in the example.com domain. Populate the value with the name servers from the staging.example.com domain. Set the routing policy type to simple routing.

C.

Create a private hosted zone for stagmg.example.com in the staging account.

D.

Create an example.com NS record in the staging.example.com domain. Populate the value with the name servers from the example.com domain. Set the routing policy type to simple routing

E.

Create a public hosted zone for staging.example.com in the staging account.

Question 38

A company has an internal web-based application that employees use. The company hosts the application over a VPN in the company's on-premises network. The application runs on a fleet of Amazon EC2 instances in a private subnet behind a Network Load Balancer (NLB) in the same subnet. The instances are in an Amazon EC2 Auto Scaling group.

During a recent security incident, SQL injection occurred on the application. A network engineer must implement a solution to prevent SQL injection attacks in the future.

Which combination of steps will meet these requirements? (Select THREE.)

Options:

A.

Create an AWS WAF web ACL that includes rules to block SQL injection attacks

B.

Create an Amazon CloudFront distribution. Specify the EC2 instances as the origin.

C.

Replace the NLB with an Application Load Balancer

D.

Associate the AWS WAF web ACL with the NLB.

E.

Associate the AWS WAF web ACL with the Application Load Balancer.

F.

Associate the AWS WAF web ACL with the Amazon CloudFront distribution.

Question 39

A network engineer must develop an AWS CloudFormation template that can create a virtual private gateway, a customer gateway, a VPN connection, and static routes in a route table. During testing of the template, the network engineer notes that the CloudFormation template has encountered an error and is rolling back.

What should the network engineer do to resolve the error?

Options:

A.

Change the order of resource creation in the CloudFormation template.

B.

Add the DependsOn attribute to the resource declaration for the virtual private gateway. Specify the route table entry resource.

C.

Add a wait condition in the template to wait for the creation of the virtual private gateway.

D.

Add the DependsOn attribute to the resource declaration for the route table entry. Specify the virtual private gateway resource.

Page: 9 / 11
Exam Code: ANS-C01
Exam Name: Amazon AWS Certified Advanced Networking - Specialty
Last Update: Dec 27, 2024
Questions: 153
ANS-C01 pdf

ANS-C01 PDF

$25.5  $84.99
ANS-C01 Engine

ANS-C01 Testing Engine

$28.5  $94.99
ANS-C01 PDF + Engine

ANS-C01 PDF + Testing Engine

$40.5  $134.99