Exam Logo

Amazon (ANS-C01) Exam Questions And Answers page 6

A company that provides a RESTful API is designing a network architecture for deployment to the AWS Cloud. The company needs a scalable design that is cost-optimized and secure. The company is conducting pre-release testing with some of its customers, but the company expects to expand to several hundred customers when the final version is released.

The data that is exchanged through the API is confidential. All data must be exchanged on private IP addresses that are not accessible through the internet. All customers who use the API operate on AWS in VPCs.

What should the company do with its architecture to meet these requirements?
AWS Networking Services Network Security and Optimization
A company uses an Application Load Balancer (ALB) to provide access to a multi-tenant web application for 25 customers. The company creates a unique hostname for each customer to use to access the application. Hostnames use the format customer-name.example.com.

Each customer has a dedicated group of Amazon EC2 instances that run their own version of the web application. When a customer visits customer-name.example.com, the ALB should route the request to the correct group of EC2 instances. The company requires a highly available solution that is easy to maintain.

Which solution meets these requirements at the LOWEST cost?
Networking Fundamentals AWS Networking Services
A company uses an AWS Site-to-Site VPN to connect its corporate network. The company recently added an AWS Direct Connect connection. A network engineer wants all traffic to use the Direct Connect connection, and for the VPN to be used as backup. However, after the Direct Connect connection was added, traffic continued to pass through the VPN connection.

What should the network engineer do to route the traffic through the Direct Connect connection?
AWS Networking Services Network Security and Optimization
A company uses a newly provisioned 1-Gbps AWS Direct Connect connection to configure a virtual interface for access to Amazon S3.

Which configuration values is the network engineer required to provide? (Choose two.)
AWS Networking Services Network Security and Optimization
A company uses a single connection to the internet when connecting its on-premises location to AWS. It has selected an AWS Partner Network (APN) Partner to provide a point-to-point circuit for its first-ever 10 Gbps AWS Direct Connect connection.

What steps must be taken to order the cross-connect at the Direct Connect location?
Networking Fundamentals AWS Networking Services
A company uses AWS Direct Connect to connect its corporate network to multiple VPCs in the same AWS account and the same AWS Region. Each VPC uses its own private VIF and its own virtual LAN on the Direct Connect connection. The company has grown and will soon surpass the limit of VPCs and private VIFs for each connection.

What is the MOST scalable way to add VPCs with on-premises connectivity?
AWS Networking Services Network Security and Optimization
A company uses multiple AWS accounts within AWS Organizations and has services deployed in a single AWS Region. The instances in a private subnet occasionally download patches from the internet through a NAT gateway. The company recently migrated from VPC peering to AWS Transit Gateway. The cumulative traffic through deployed NAT gateways is less than 1 Gbps. The NAT gateway hourly charge contributes to most of the NAT gateway costs across all inked accounts.

What should the company do to reduce NAT gateway hourly costs?
AWS Networking Services Network Security and Optimization
A company wants to conduct a proof of concept for an SAP HANA application with a key objective to automate the provisioning of infrastructure and the application. The company operates a hybrid cloud infrastructure with AWS Direct Connect between its data center and VPC. Security policy dictates that all traffic from AWS be routed through on-premises data center firewalls. Security policy also prohibits the use of a VPC internet gateway for internet access. The company enforces use of a forward proxy server for all outbound network traffic. All resources inside the VPC are able to reach on-premises servers.

All Amazon EC2 Linux instances require package updates over the internet. However, the updates are falling and sending errors.

What would cause these errors?
Hybrid Networking Network Security and Optimization
A company wants to enforce a compliance requirement that its Amazon EC2 instances use only on-premises DNS servers for name resolution. Outbound DNS requests to all other name servers must be denied. A network engineer configures the following set of outbound rules for a security group:


The network engineer discovers that the EC2 instances are still able to resolve DNS requests by using Amazon DNS servers inside the VPC.

Why is the solution failing to meet the compliance requirement?
Network Security and Optimization
A company wants to enforce a compliance requirement that its Amazon EC2 instances use only on-premises DNS servers for name resolution. Outbound DNS requests to all other name servers must be denied. A network engineer configures the following set of outbound rules for a security group:


The network engineer discovers that the EC2 instances are still able to resolve DNS requests by using Amazon DNS servers inside the VPC.

Why is the solution failing to meet the compliance requirement?
Network Security and Optimization