ANS-C00 Online Practice Questions and Answers

You need to set up a VPN between AWS VPC and your on-premises network. You create a VPN connection in the AWS Management Console, download the configuration file, and install it on your on-premises router. The tunnel is not coming up because of firewall restrictions on your router. Which two network traffic options should you allow through the firewall? (Choose two.)

A. UDP port 500

B. IP protocol 50

C. IP protocol 5

D. TCP port 50

E. TCP port 500

An organization is replacing a tape backup system with a storage gateway. there is currently no connectivity to AWS. Initial testing is needed.

What connection option should the organization use to get up and running at minimal cost?

A. Use an internet connection.

B. Set up an AWS VPN connection.

C. Provision an AWS Direct Connection private virtual interface.

D. Provision a Direct Connect public virtual interface.

A company has an application running in an Amazon VPC that must be able to communicate with on-premises resources in a data center. Network traffic between AWS and the data center will initially be minimal, but will increase to more than 10 Gbps over the next few months. The company's goal is to launch the application as quickly as possible.

The Network Engineer has been asked to design a hybrid IT connectivity solution. What should be done to meet these requirements?

A. Submit a 1 Gbps AWS Direct Connect connection request, then increase the number of Direct Connect connections, as needed.

B. Allocate elastic IPs to Amazon EC2 instances for temporary access to on-premises resources, then provision AWS VPN connections between an Amazon VPC and the data center.

C. Provision an AWS VPN connection between an Amazon VPC and the data center, then submit an AWS Direct Connect connection request. Later, cut over from the VPN connection to one or more Direct Connect connections, as needed.

D. Provision a 100 Mbps AWS Direct Connect connection between an Amazon VPC and the data center, then submit a Direct Connect connection request. Later, cut over from the hosted connection to one or more Direct Connect connections, as needed.

You have many IAM users with the ability to create EC2 volumes. Most of the data your team works with is sensitive, so you would like to make sure all volumes are encrypted. How might you facilitate this requirement?

A. Create an AWS KMS policy and attach it to all IAM users that can create EC2 volumes.

B. Use AWS Config and create a rule that requires all volumes, upon creation, be encrypted.

C. Use AWS Config to send out reminders to IAM users every time they create an EC2 volume.

D. Set EC2 to notify creators to encrypt their EC2 volumes.

You have two placement groups in a VPC. What communication speed can be expected between the two placement groups?

A. 5Gbps

B. 10Gbps

C. 20Gbps

D. You cannot communicate between two placement groups.

You want to ensure you have the absolute best transmission rates inside and outside your VPC. You are concerned about the MTU settings. What is the best way to configure your T2 instances to ensure the best compatibility?

A. Set all MTU to 1500 as that is the best way to ensure compatibility.

B. Leave everything as is.

C. Configure two ENIs, one for internal traffic and one for external traffic. Configure the external ENI with an MTU of 1500 and the internal ENI with an MTU of 9001.

D. Set all MTU to 9001 as that is the best way to ensure the best speed. The packets will be fragmented if they have to be.

Which of these is not required when setting up a VIF?

A. BGP Key

B. VLAN ID

C. ASN

D. BGP MED

Which statement is NOT true about accessing remote AWS region in the US by your AWS Direct Connect which is located in the US?

A. To connect to a VPC in a remote region, you can use a virtual private network (VPN) connection over your public virtual interface.

B. To access public resources in a remote region, you must set up a public virtual interface and establish a border gateway protocol (BGP) session.

C. If you have a public virtual interface and established a BGP session to it, your router learns the routes of the other AWS regions in the US.

D. Any data transfer out of a remote region is billed at the location of your AWS Direct Connect data transfer rate.

A user is having data generated randomly based on a certain event. The user wants to upload that data to CloudWatch. It may happen that event may not have data generated for some period due to randomness.

Which of the below mentioned options is a recommended option for this case?

A. For the period when there is no data, the user should not send the data at all

B. The user must upload the data to CloudWatch as having no data for some period will cause an error at CloudWatch monitoring

C. For the period when there is no data the user should send the value as 0

D. For the period when there is no data the user should send a blank value

A company is deploying a critical application on two Amazon EC2 instances in a VPC. Failed client connections to the EC2 instances must be logged according to company policy.

What is the MOST cost-effective solution to meet these requirements?

A. Move the EC2 instances to a dedicated VPC. Enable VPC Flow Logs with a filter on the deny action. Publish the flow logs to Amazon CloudWatch Logs.

B. Move the EC2 instances to a dedicated VPC subnet. Enable VPC Flow Logs for the subnet with a filter on the reject action. Publish the flow logs to an Amazon Kinesis Data Firehose stream with a data delivery to an Amazon S3 bucket.

C. Enable VPC Flow Logs, filtered for rejected traffic, for the elastic network interfaces associated with the instances. Publish the flow logs to an Amazon Kinesis Data Firehose stream with a data delivery to an Amazon S3 bucket.

D. Enable VPC Flow Logs, filtered for rejected traffic, for the elastic network interfaces associated with the instances. Publish the flow logs to Amazon CloudWatch Logs.