Best Preparations of AWS-Advanced-Networking-Specialty Exam 2022 AWS Certified Advanced Networking Specialty Unlimited 155 Questions [Q82-Q98]

Best Preparations of AWS-Advanced-Networking-Specialty Exam 2022 AWS Certified Advanced Networking Specialty Unlimited 155 Questions

Focus on AWS-Advanced-Networking-Specialty All-in-One Exam Guide For Quick Preparation.

Salary of AWS Certified Advanced Networking - Specialty certified professionals

The salary of AWS Certified Advanced Networking - Specialty certified professionals varies from $101K to $135K depending on the years of experience.

Exam Topics for AWS Certified Advanced Networking - Specialty

The following will be discussed in AMAZON ANS-C00 exam dumps:

• Configure Network Integration with Application Services
• Design and Implement Hybrid IT Network Architectures at Scale
• Manage, Optimize, and Troubleshoot the Network
• Design and Implement AWS Networks
• Design and Implement for Security and Compliance
• Automate AWS Tasks

Understanding functional and technical aspects of AWS Certified Advanced Networking - Specialty Manage, Optimize, and Troubleshoot the Network

The following will be discussed in AMAZON ADVANCED-NETWORKING-SPECIALITY dumps:

• Evaluate design requirements for alignment with security and compliance objectives
• Evaluate AWS security features for managing network traffic
• Utilize encryption technologies to secure network communications
• Given a scenario, troubleshoot and resolve a network issue
• Evaluate monitoring strategies in support of security and compliance objectives

 

NEW QUESTION 82
The Web Application Development team is worried about malicious activity from 200 random IP addresses.
Which action will ensure security and scalability from this type of threat?

• A. Use AWS WAF to block the IP addresses.
• B. Use inbound network ACL rules to block the IP addresses.
• C. Write iptables rules on the instance to block the IP addresses.
• D. Use inbound security group rules to block the IP addresses.

Answer: B

 

NEW QUESTION 83
Your company just acquired a new company. You have two VPCs ?one is 172.31.0.0/16 and one is 10.111.0.0/16. The acquired company uses 10.111.0.0/16 for their VPC. Your VPC "A" has a group of 12 servers in the range 10.111.2.101 ?10.111.2.112. Their VPC "B" has 20 servers from
10.111.2.171 ?10.111.2.190. You need to access both VPCs from the 172.31.0.0/16 VPC "C".
What is the best way to approach this problem?
Choose the correct answer:

• A. From VPC C, create a peering connection and add a route to VPC A's peering connection for
  10.111.2.96/28 and a route to VPC B's peering connection for 10.111.2.0/24.
• B. From VPC C, create a peering connection and adjust the route tables to direct traffic to the individual servers by exact IP address of the servers.
• C. Invest the money and change the CIDR of one of the VPCs since one VPC cannot be peered to two VPCs with the same CIDR block.
• D. From VPC C, create a peering connection and add a route to VPC A's peering connection for
  10.111.2.96/27 and a route to VPC B's peering connection for 10.111.2.0/24.

Answer: D

Explanation:
You can peer VPCs with the same CIDR block to a third VPC, so changing the CIDR block is not necessary. You can adjust the route tables to point to individual servers, but this would be very inefficient. 10.111.2.96/28 does not provide enough addresses for the AWS required addresses.
AWS reserves 5 addresses per subnet and this only allows 11 addresses. 10.111.2.96/27 provides 32 addresses with 27 usable. Since it is a /27, it will take precedence over the /24 and route the traffic destined for these instances correctly.

 

NEW QUESTION 84
You have been tasked with migrating your company's proprietary massively large dataset sorting application to AWS. The application currently runs on 4 highly spec'd servers that are in a cluster arrangement and runs 24x7, with the average CPU utilisation across any 24hr period being approx 85% - the migration of this cluster once up and running on AWS is expected to run similarly. The servers shuffle data internally and between themselves. Your company's financial performance is entirely dependent on the speed at which it can sort your customers datasets, that is the faster a sorted result can be returned the better your company's bottom line. Of the choices presented below, select the optimal network configuration that will ensure the best financial results for your company.

• A. Create an autoscaled group of c4.8xlarge instances - with min 1 and max 4 - this will ensure your operational costs a minimal
• B. Enable Jumbo Frames to ensure better data throughput between instances
• C. Configure a CloudWatch Alarm to add more CPUs to the instances when average cluster CPU utilisation breaches 85%
• D. Disable Jumbo Frames to ensure better data throughput between instances

Answer: B

Explanation:
Answer C does not meet the brief - the question states that the requirement is to run a cluster of 4 servers 24x7 - and that the average CPU utilisation across any 24hr period is 85% - therefore have an ASG with min 1 and max 4 provides no benefit, and if anything scaling down from 4 machines would impact the speed at which sorting results are returned - and therefore this would affect the company's bottom line. We know that of the Answers A and B we need to choose one - Answer B best supports our requirements - to move data faster between servers. Answer D is nonsensical - AWS doesn't support adding or removing CPUs to instances.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html

 

NEW QUESTION 85
You have been asked to monitor traffic flows on your Amazon EC2 instance. You will be performing deep packet inspection, looking for atypical patterns.
Which tool will enable you to look at this data?

• A. AWS CLI
• B. CloudWatch Logs
• C. Wireshark
• D. VPC Flow Logs

Answer: C

 

NEW QUESTION 86
An organization has three AWS accounts with each containing VPCs in Virginia, Canada and the Sydney regions. The organization wants to determine whether all available Elastic IP addresses (EIPs) in these accounts are attached to Amazon EC2 instances or in use elastic network interfaces (ENIs) in all of the specified regions for compliance and cost-optimization purposes.
Which of the following meets the requirements with the LEAST management overhead?

• A. Use AWS CloudFormation StackSets to deploy an AWS Config EIP-attached rule in all accounts and regions to find the unattached and unused EIPs.
• B. Use a CloudWatch event bus to schedule Lambda functions in each account in all three regions to find the unattached and unused EIPs.
• C. Add an AWS managed, EIP-attached AWS Config rule in each region in all three accounts to find unattached and unused EIPs.
• D. use an Amazon CloudWatch Events rule to schedule an AWS Lambda function in each account in all three regions to find the unattached and unused EIPs.

Answer: C

Explanation:
Explanation
https://docs.aws.amazon.com/config/latest/developerguide/eip-attached.html

 

NEW QUESTION 87
Your organization uses a VPN to connect to your VPC but must upgrade to a 1-G AWS Direct Connect connection for stability and performance. Your telecommunications provider has provisioned the circuit from your data center to an AWS Direct Connect facility and needs information on how to cross-connect (e.g., which rack/port to connect).
What is the AWS-recommended procedure for providing this information?

• A. Create a new connection through your AWS Management Console and wait for an email from AWS with information.
• B. Contact an AWS Account Manager and provide your AWS account number, telecommunications company's name, and where you need the Direct Connect connection to terminate.
• C. Ask your telecommunications provider to contact AWS through an AWS Partner Channel. Provide your AWS account number.
• D. Create a support ticket. Provide your AWS account number and telecommunications company's name and where you need the Direct Connect connection to terminate.

Answer: A

Explanation:
https://aws.amazon.com/premiumsupport/knowledge-center/provision-direct-connection/ https://docs.aws.amazon.com/directconnect/latest/UserGuide/getting_started.html

 

NEW QUESTION 88
You have multiple Amazon Elastic Compute Cloud (EC2) instances running a web server in a VPC configured with security groups and NACL. You need to ensure layer 7 protocol level logging of all network traffic (ACCEPT/REJECT) on the instances. What should be enabled to complete this task?

• A. CloudWatch Logs at the VPC level
• B. Packet sniffing at the instance level
• C. VPC flow logs at the subnet level
• D. Packet sniffing at the VPC level

Answer: A

 

NEW QUESTION 89
An organization has created a web application inside a VPC and wants to make it available to 200 client VPCs. The client VPCs are in the same region but are owned by other business units within the organization.
What is the best way to meet this requirement, without making the application publicly available?

• A. Deploy the web application behind an internal Application Load Balancer and control which clients have access by using security groups.
• B. Configure the application as an AWS PrivateLink-powered service, and have the client VPCs connect to the endpoint service by using an interface VPC endpoint.
• C. Deploy the web application behind an internet-facing Application Load Balancer and control which clients have access by using security groups.
• D. Enable VPC peering between the web application VPC and all client VPCs.

Answer: B

 

NEW QUESTION 90
Which ports must you allow for HTTP and HTTPS traffic? Choose the correct answer:

• A. 3389/3306
• B. 21/22
• C. 25/465
• D. 80/443

Answer: D

Explanation:
80 and 443 are the ports for HTTP and HTTPS, respectively.

 

NEW QUESTION 91
A company is running services in a VPC with a CIDR block of 10.5.0.0/22 End users report that they no longer can provision new resources because some ot the subnets in theVPC have run out of IP addresses How should a network engineer resolve this issue?

• A. Add 10 5.2.0/23 as a second CIDR block to the VPC Create a new subnet with a new CIDR block, and provision new resources in the new subnet
• B. Add 10.5.4.0/22 as a second CIDR block to the VPC. Assign a second network from this CIDR block to the existing subnets that have run out of IP addresses
• C. Add 10 5.4.0/21 as a second CIDR block to the VPC Assign a second network from this CIDR block to the existing subnets that have run out of IP addresses
• D. Add 10.5.4.0/22 as a second CIDR block to the VPC. Create a new subnet with a new CIDR block, and provision new resources in the new subnet

Answer: D

 

NEW QUESTION 92
An organization is migrating its on-premises applications to AWS by using a lift-and-shift approach, taking advantage of managed AWS services wherever possible. The company must be able to edit the application code during the migration phase. One application is a traditional three- tier application, consisting of a web presentation tier, an application tier, and a database tier. The external calling client applications need their sessions to remain sticky to both the web and application nodes that they initially connect to.
Which load balancing solution would allow the web and application tiers to scale horizontally independent from one another other?

• A. Use a Network Load Balancer at the web tier, and an Application Load Balancer at the application tier.
  Enable session stickiness on the Application Load Balancer, but take advantage of the native WebSockets protocols available to the Network Load Balancer.
• B. Use an Application Load Balancer at the web tier and a Classic Load Balancer at the application tier.
  Set session stickiness on both, but update the application code to create an application-controlled cookie on the Classic Load Balancer.
• C. Use an Application Load Balancer at both the web and application tiers, setting session stickiness at the target group level for both tiers.
• D. Deploy a web node and an application node as separate containers on the same host, using task linking to create a relationship between the pair. Add an Application Load Balancer with session stickiness in front of all web node containers.

Answer: C

 

NEW QUESTION 93
A company is about to migrate an application from its on-premises data center to AWS. As part of the planning process, the following requirements involving DNS have been identified.
The organization's VPC uses the CIDR block 172.16.0.0/16.
Assuming that there is no DNS namespace overlap, how can these requirements be met?

• A. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to the Amazon-provided DNS server (172.16.0.2). Change the DHCP options set for the VPC to use the new DNS proxies. Configure the on-premises DNS systems with a stub-zone, delegating the proxies as authoritative for the Route 53 private hosted zone.
• B. Change the DHCP options set for the VPC to use both the on-premises DNS systems. Configure the on-premises DNS systems with a stub-zone, delegating the Route 53 private hosted zone's name servers as authoritative for the Route 53 private hosted zone.
• C. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to 172.16.0.2. Change the DHCP options set for the VPC to use the new DNS proxies.
  Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.
• D. Change the DHCP options set for the VPC to use both the Amazon-provided DNS server and the on-premises DNS systems. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.

Answer: A

 

NEW QUESTION 94
A Lambda function needs to access the private address of an Amazon ElastiCache cluster in a VPC. The Lambda function also needs to write messages to Amazon SQS. The Lambda function has been configured to run in a subnet in the VPC.
Which of the following actions meet the requirements? (Select two.)

• A. The Lambda function must be assigned a public IP address to access the public Amazon SQS API.
• B. The Lambda function must route through a NAT gateway or NAT instance in another subnet to access the public SQS API.
• C. The ElastiCache server outbound security group rules must be configured to permit the Lambda function's security group.
• D. The Lambda function needs an IAM role to access Amazon SQS
• E. The Lambda function must consume auto-assigned public IP addresses but not elastic IP addresses.

Answer: B,D

Explanation:
Explanation
https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html
https://docs.aws.amazon.com/lambda/latest/dg/vpc.html

 

NEW QUESTION 95
An organization will be expanding its current network design. When fully built out, there will be 99 VPCs spread across 11 AWS accounts (9 VPCs per account). There is currently an AWS Direct Connect connection into one account with 9 VPCs, each with a virtual network interface (VIF) per VPC.
Which of the following designs will minimize cost while allowing the organization to expand?

• A. Order 10 new Direct Connect connections, one from each of the accounts that will be provisioned.
  Create private VIFs in each account. Attach one private VIF per VPC.
• B. Create a public VIF on the Direct Connect connection. Leverage the public VIF to create a VPN connection to each VPC.
• C. Create a transit VPC in the existing account that consists of two routers in separate Availability Zones.
  Connect each VPC to the two routers in the transit VPC by using VPN.
• D. Create hosted private VIFs in the existing account. Connect a private VIF to an AWS Direct Connect gateway in each account. Connect the gateway in each account to the VPCs.

Answer: C

 

NEW QUESTION 96
What is the minimum number of subnets for an RDS subnet group? Choose the correct answer:

• A. 0
• B. 1
• C. 2
• D. 3

Answer: C

Explanation:
This allows for high availability and failover in case an RDS instance goes down.

 

NEW QUESTION 97
You run a well-architected, multi-AZ application in the eu-central-1 (Frankfurt) AWS region. The application is hosted in a VPC and is only accesses from the corporate network. To support large volumes of data transfer and administration of the application, you use a single 10-Gbps AWS Direct Connect connection with multiple private virtual interfaces. As part of a review, you decide to improve the resilience of your connection to AWS and make sure that any additional connectivity does not share the same Direct Connect routers at AWS. You need to provide the best levels of resilience to meet the application's needs.
Which two options should you consider? (Select two.)

• A. Deploy an IPsec VPN over a public virtual interface on a new 10-Gbps Direct Connect connection.
• B. Install a second 10-Gbps Direct Connect connection to a Direct Connect location in eu-west-1.
• C. Install a second 10-Gbps Direct Connect connection to a second Direct Connect location for eu-central-
  1.
• D. Install a second 10-Gbps Direct Connect connection to the same Direct Connection location.
• E. Deploy an IPsec VPN over the Internet to the eu-west-1 region for diversity.

Answer: A,B

 

NEW QUESTION 98
......

Guaranteed Success with AWS-Advanced-Networking-Specialty Dumps: https://www.exam4labs.com/AWS-Advanced-Networking-Specialty-practice-torrent.html

Pass Amazon AWS-Advanced-Networking-Specialty Exam – Experts Are Here To Help You: https://drive.google.com/open?id=1g_W5ASAdHD4QjuSMy1HrBB72lQwWW3Wr