• Home
  • Articles
  • Pass Exam With Full Sureness - ANS-C00 Dumps with 155 Questions [Q19-Q39]

Pass Exam With Full Sureness - ANS-C00 Dumps with 155 Questions [Q19-Q39]

Share

Pass Exam With Full Sureness - ANS-C00 Dumps with 155 Questions

Verified ANS-C00 dumps Q&As - 100% Pass from ExamCost

NEW QUESTION 19
A Network Engineer is troubleshooting a network connectivity issue for an instance within a public subnet that cannot connect to the internet. The first step the Engineer takes is to SSH to the instance via a local bastion within the VPC and runs an ifconfig command to inspect the IP addresses configured on the instance. The output is as follows:

The Engineer notices that the command output does not contain a public IP address. In the AWS Management Console, the public subnet has a route to the internet gateway. The instance also has a public IP address associated with it.
What should the Engineer do next to troubleshoot this situation?

  • A. Evaluate the security groups and the network access control list.
  • B. Associate an Elastic IP address to the interface.
  • C. Configure the public IP on the interface.
  • D. Disable source/destination checking for the instance.

Answer: A

 

NEW QUESTION 20
A Network Engineer is provisioning a subnet for a load balancer that will sit in front of a fleet of application servers in a private subnet. There is limited IP space left in the VPC CIDR. The application has few users now but is expected to grow quickly to millions of users.
What design will use the LEAST amount of IP space, while allowing for this growth?

  • A. Use one /29 subnet for the Network Load Balancer. Add another VPC CIDR to the VPC to allow for future growth.
  • B. Use one /28 subnet for an Application Load Balancer. Add another VPC CIDR to the VPC to allow for future growth.
  • C. Use two /29 subnets for an Application Load Balancer in different Availability Zones.
  • D. Use two /28 subnets for a Network Load Balancer in different Availability Zones.

Answer: B

 

NEW QUESTION 21
A company is deploying a new web application that uses a three-tier model with a public-facing Network Load Balancer and web servers in an Amazon VPC. The application servers are hosted in the company's data center. There is an AWS Direct Connect connection between the VPC and the company's data center. Load testing results indicate that up to 100 servers, equally distributed across multiple Availability Zones, are required to handle peak loads.
The Network Engineer needs to design a VPC that has a /24 CIDR assigned to it.
How should the Engineer allocate subnets across three Availability Zones for each tier?

  • A. Network Load Balancer: /28 per subnet
    Web: /25 per subnet
  • B. Network Load Balancer: /28 per subnet
    Web: /26 per subnet
  • C. Network Load Balancer: /28 per subnet
    Web: /27 per subnet
  • D. Network Load Balancer: /29 per subnet
    Web: /26 per subnet

Answer: B

 

NEW QUESTION 22
You are moving a two-tier application into an Amazon VPC. An Elastic Load Balancing (ELB) load balancer is configured in from of the application tier. The application tier is driven through RESTful interfaces. The data tier uses relational database service (RDS) MySQL. Company policy requires end-to-end encryption of all data in transit.
What ELB configuration complies with the corporate encryption policy?

  • A. Configure the ELB protocols in SSL mode. Offload application instance encryption to the load balancer.
    Install your SSL/TLS certificate on Amazon RDS, and configure SSL.
  • B. Configure the ELB load balancer protocol as HTTPS. Offload application instance encryption to the load balancer. Install your SSL certificate on Amazon RDS, and configure SSL.
  • C. Configure the ELB protocols in TCP mode. Configure the application instances for SSL termination.
    Configure Amazon RDS for SSL, and use REQUIRE SSL grants.
  • D. Configure the ELB load balancer protocol as HTTP. Configure the application instances for SSL termination. Configure Amazon RDS for SSL, and use REQUIRE SSL grants.

Answer: B

 

NEW QUESTION 23
What are three services that help mitigate a DDoS? Choose the 2 correct answers:

  • A. DynamoDB
  • B. Elastic Beanstalk
  • C. AWS Shield
  • D. CloudFront

Answer: C,D

Explanation:
AWS Shield and CloudFront can help mitigate the effects of a DDoS

 

NEW QUESTION 24
You have a global corporate network with 153 individual IP prefixes in your internal routing table.
You establish a private virtual interface over AWS Direct Connect to a VPC that has an Internet gateway (iGW). All instances in the VPC must be able to route to the Internet via an IGW and route to the global corporate network via the VGW.
How should you configure your on-premises BGP peer to meet these requirements?

  • A. Configure AS-Prepending on your BGP session
  • B. Announce a default route to the VPC over the BGP session
  • C. Enable route propagation on the VPC route table
  • D. Summarize your prefix announcement to less than 100

Answer: D

Explanation:
100 prefix is the limit on BGP over direct connect.
https://docs.aws.amazon.com/directconnect/latest/UserGuide/limits.html

 

NEW QUESTION 25
You ping an Amazon Elastic Compute Cloud (EC2) instance from an on-premises server. VPC Flow Logs record the following:
2 123456789010 eni-1235b8ca 10.123.234.78 172.11.22.33 0 0 1 8 672 1432917027
1432917142 ACCEPT OK
2 123456789010 eni-1235b8ca 172.11.22.33 10.123.234.78 0 0 1 4 336 1432917027
1432917082 ACCEPT OK
2 123456789010 eni-1235b8ca 172.11.22.33 10.123.234.78 0 0 1 4 336 1432917094
1432917142 REJECT OK
Why are ICMP responses not received by the on-premises system?

  • A. The inbound network access control list is blocking the traffic
  • B. The inbound security group is blocking the traffic.
  • C. The outbound network access control list is blocking the traffic
  • D. The outbound security group is blocking the traffic.

Answer: D

 

NEW QUESTION 26
You have a three-tier web application with separate subnets for Web, Applications, and Database tiers. Your CISO suspects your application will be the target of malicious activity. You are tasked with notifying the security team in the event your application is port scanned by external systems.
Which two AWS Services cloud you leverage to build an automated notification system? (Select two.)

  • A. Lambda
  • B. AWS CloudTrail
  • C. AWS Inspector
  • D. Internet gateway
  • E. VPC Flow Logs

Answer: A,B

Explanation:
https://aws.amazon.com/blogs/security/how-to-receive-alerts-when-specific-apis-are-called-by- using-aws-cloudtrail-amazon-sns-and-aws-lambda/

 

NEW QUESTION 27
The Web Application Development team is worried about malicious activity from 200 random IP addresses.
Which action will ensure security and scalability from this type of threat?

  • A. Write iptables rules on the instance to block the IP addresses.
  • B. Use inbound network ACL rules to block the IP addresses.
  • C. Use inbound security group rules to block the IP addresses.
  • D. Use AWS WAF to block the IP addresses.

Answer: D

 

NEW QUESTION 28
An organization is migrating its on-premises applications to AWS by using a lift-and-shift approach, taking advantage of managed AWS services wherever possible. The company must be able to edit the application code during the migration phase. One application is a traditional three-tier application, consisting of a web presentation tier, an application tier, and a database tier. The external calling client applications need their sessions to remain sticky to both the web and application nodes that they initially connect to.
Which load balancing solution would allow the web and application tiers to scale horizontally independent from one another other?

  • A. Use a Network Load Balancer at the web tier, and an Application Load Balancer at the application tier.
    Enable session stickiness on the Application Load Balancer, but take advantage of the native WebSockets protocols available to the Network Load Balancer.
  • B. Deploy a web node and an application node as separate containers on the same host, using task linking to create a relationship between the pair. Add an Application Load Balancer with session stickiness in front of all web node containers.
  • C. Use an Application Load Balancer at the web tier and a Classic Load Balancer at the application tier. Set session stickiness on both, but update the application code to create an application-controlled cookie on the Classic Load Balancer.
  • D. Use an Application Load Balancer at both the web and application tiers, setting session stickiness at the target group level for both tiers.

Answer: C

 

NEW QUESTION 29
A network engineer is deploying an application on an Amazon EC2 instance. The instance is reachable within the VPC through its private IP address and from the internet using an elastic IP address. Clients are connecting to the instance over the Internet and within the VPC, and the application needs to be identified by a single custom Fully Qualified Domain Name that is publicly resolvable -'app.example.com'.
Instances within the VPC should always connect to the private IP to minimize data transfer costs.
How should the engineer configure DNS to support these requirements?

  • A. Use Amazon Route 53 to create a geo-based routing entry for the hostname 'app' in the DNS zone 'example.com'.
  • B. Create a CNAME for 'app' in the DNS zone 'example.com' to the public DNS name for the Amazon EC2 instance.
  • C. Use Route 53 to create an ALIAS record to the public DNS name for the instance.
  • D. Create two A record entries for 'app' in the DNS zone 'example.com' - one for the public IP and one for the private IP.

Answer: B

 

NEW QUESTION 30
Your company is building a new data center. You currently have an on-premises data center that accesses your single VPC via VPN. You need to provide access to your single VPC to your new data center. Since your new data center build is already over budget, you need to keep costs low.
How should you accomplish this?
Choose the correct answer:

  • A. Add a Public VIF and create a Direct Connect connection.
  • B. Create a new Virtual Gateway and add it to your VPN using a CloudHub infrastructure model.
  • C. Add a Private VIF and create a Direct Connect connection.
  • D. Create a new Customer Gateway and add it to your VPN using a CloudHub infrastructure model.

Answer: D

Explanation:
Create a new Customer Gateway. A Private VIF would work, but you want to keep costs low. A Public VIF is only for AWS specific resources, such as S3. A Virtual Gateway would be created if you were creating a new VPN connection in a new VPC. A Customer Gateway would allow you to add the new datacenter to your VPN.

 

NEW QUESTION 31
Which of the following characters is not allowed while creating a Namespace for a CloudWatch metric?

  • A. /
  • B. #
  • C. @
  • D. :

Answer: C

Explanation:
Namespace is a grouping or a container for a CloudWatch metric. The names must be valid XML characters, typically containing the alphanumeric characters "0-9A-Za-z" plus "."(period), "-" (hyphen), "_" (underscore), "/" (slash), "#" (hash), and ":" (colon). All AWS namespaces follow the convention AWS/<service>, such as AWS/EC2 and AWS/ELB.
Reference:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.ht ml

 

NEW QUESTION 32
An organization runs a consumer-facing website on AWS. The Amazon EC2-based web fleet is load balanced using the AWS Application Load Balancer, Amazon Route 53 is used to provide the public DNS services.
The following URLs need to server content to end users:
test.example.com
web.example.com
example.com
Based on this information, what combination of services must be used to meet the requirement? (Select two.)

  • A. Host condition a ALB listener to route example.com to appropriate target groups.
  • B. Path condition in ALB listener to route example.com to appropriate target groups.
  • C. Path condition in ALB listener to route *.example.com to appropriate target groups.
  • D. Host condition in ALB listener to route $$$$.example.com to appropriate target groups.
  • E. Host condition in ALB listener to route *.example.com to appropriate target groups.

Answer: A,E

Explanation:
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#rule-condition-types
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html

 

NEW QUESTION 33
You are designing an AWS Direct Connect solution into your VPC. You need to consider requirements for the customer router to terminate the Direct Connect link at the Direct Connect location.
Which three factors that must be supported should you consider when choosing the customer router? (Select three.)

  • A. 802.1q trunking
  • B. 802.1ax or 802.3ad link aggregation
  • C. 1-Gbps copper connectivity
  • D. single-mode optical fiber connectivity
  • E. BGP
  • F. OSPF

Answer: A,D,E

Explanation:
Explanation
https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html#overview_requirements

 

NEW QUESTION 34
Your company is connecting one data center with one router to several VPCs and needs to access them transitively. What should you do?
Choose the correct answer:

  • A. This is not possible.
  • B. Just connect; VPCs are transitive in nature.
  • C. Create a VPN to one VPC and peer the others.
  • D. Use a transit VPC with a VPN running on one or more EC2 instances to route traffic between the VPCs.

Answer: D

Explanation:
VPCs are not transitive, so you will need a "transit VPN" in order to route between the VPCs.

 

NEW QUESTION 35
You are responsible for several EC2 instances deployed from Amazon AMIs that are required to upload information to an S3 bucket. This information must not traverse the public internet. You must also be able to update the instances. Which option is your best solution? Choose the correct answer:

  • A. An S3 endpoint
  • B. An S3 endpoint and a NAT
  • C. A VPN to the IP addresses specified in the AWS official S3 prefix list
  • D. A NACL with the AWS prefix list added to it and a VPN.

Answer: A

Explanation:
A NAT is not required as an S3 endpoint will allow an instance to update. C and D are not possible.

 

NEW QUESTION 36
Which two statements about placement groups are correct? Choose the 2 correct answers:

  • A. A placement group can span multiple VPCs.
  • B. A placement group can span multiple Availability Zones.
  • C. It is best to use the same instance types in a placement group.
  • D. You cannot merge placement groups.

Answer: A,D

Explanation:
A placement group can span multiple VPCs but may not experience the full performance benefit.
The only way to add instances from one placement group to another is to create AMIs out of the instances and spin them all up into one placement group.

 

NEW QUESTION 37
An organization is using a VPC endpoint for Amazon S3. When the security group rules for a set of instances were initially configured, access was restricted to allow traffic only to the IP addresses of the Amazon S3 API endpoints in the region from the published JSON file. The application was working properly, but now is logging a growing number of timeouts when connecting with Amazon S3. No internet gateway is configured for the VPC.
Which solution will fix the connectivity failures with the LEAST amount of effort?

  • A. Create a Lambda function to update the security group based on AmazonIPSpaceChanged notifications.
  • B. Update the VPC routing to direct Amazon S3 prefix-list traffic to the VPC endpoint using the route table APIs.
  • C. Update the application server's outbound security group to use the prefix-list for Amazon S3 in the same region.
  • D. Create an additional VPC endpoint for Amazon S3 in the same route table to scale the concurrent connections to Amazon.

Answer: C

Explanation:
https://aws.amazon.com/blogs/aws/subscribe-to-aws-public-ip-address-changes-via-amazon-sns/

 

NEW QUESTION 38
In AWS Direct Connect, which of the following is true of configuring your router to connect to the AWS Direct Connect router?

  • A. In Create a Virtual Interface step, the general configuration of your router would be available for downloading.
  • B. After submitting your AWS Direct Connect connection request, you will receive the router configuration details by email within 72 hours
  • C. After Completing the Cross Connect step, the download link for router configuration will be available
  • D. After creating a virtual interface for your AWS Direct Connect connection, you can download the router configuration file from the available link

Answer: D

Explanation:
To use the AWS Direct Connect, after you have created a virtual interface for your AWS Direct Connect connection, you can download the router configuration file. This configuration helps your router connect to AWS Direct Connect router. This configuration is related to your created virtual interface details and vendor, platform, and software of your router.
Reference:
http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.html#routerconfig

 

NEW QUESTION 39
......

ANS-C00 Dumps Full Questions - Exam Study Guide: https://pass4sure.examcost.com/ANS-C00-practice-exam.html

Related Articles

more
Amazon ANS-C00 Certification Practice Exam

ExamCost provides valid exam collection to help you pass exam once and help you waste more exam cost. If you choose our ExamCost exam collection we guarantee you pass exam surely.

Latest Test Cost

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ExamCost NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy