Free AWS-Certified-Advanced-Networking-Specialty Exam Braindumps

A space exploration company owns a series of telescopes that capture a large number of images and data of the night sky. The images and data are processed on an application hosted on AWS Fargate in a target group assigned to an Application Load Balancer (ALB). The application is made available through the address https:/'space example com
Scientists require another custom-built application hosted on several Amazon EC2 instances within an Auto Scaling group. This application will be made available from the address https://space.example.com/meteor. The company needs a solution that can automatically scale from a small number of requests overnight to a large number of requests for a future meteor shower.
What is the MOST operationally efficient solution that meets these requirements?

1. A. Update the existing target group with the new EC2 instance
2. B. Update the application's ALB by adding a listener rule that redirects /meteor to the newly added EC2 instances.
3. C. Create a new target grou
4. D. Configure the Auto Scaling group of the EC2 instances to use the target group Update the ALB by adding a listener rule that redirects /meteor to the new target group.
5. E. Create a Network Load Balancer (NLB). Configure the NLB to listen on two port
6. F. Configure a target group for one port to deliver all IP traffic to the Auto Scaling group to process the custom image
7. G. Configure a target group for the second port to deliver all IP traffic to Fargate Use path-based routing in the ALB to route traffic for the URL prefix /meteor to the first target grou
8. H. Route all other paths to the second target group.
9. I. Place the ALB behind an Amazon CloudFront distributio
10. J. Create a Lambda@Edge function that parses the request URI and adds the path-pattern header with the IP addresses of the EC2 instances to any request for /meteo
11. K. Add a listener rule to the ALB that looks for the HTTP header and uses the IP addresses of the EC2 instances to forward the traffic.

Correct Answer: A

All IP addresses within a 10.0.0.0/16 VPC are fully utilized with application servers across two Availability Zones. The application servers need to send frequent UDP probes to a single central authentication server on the Internet to confirm that is running up-to-date packages. The network is designed for application servers to use a single NAT gateway for internal access. Testing reveals that a few of the servers are unable to communicate with the authentication server.

1. A. The NAT gateway does not support UDP traffic.
2. B. The authentication server is not accepting traffic.
3. C. The NAT gateway cannot allocate more ports.
4. D. The NAT gateway is launched in a private subnet.

Correct Answer: C
Ref: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
"A NAT gateway can support up to 55,000 simultaneous connections to each unique destination. This limit also applies if you create approximately 900 connections per second to a single destination (about 55,000 connections per minute). If the destination IP address, the destination port, or the protocol (TCP/UDP/ICMP) changes, you can create an additional 55,000 connections. For more than 55,000 connections, there is an increased chance of connection errors due to port allocation errors. These errors can be monitored by viewing the ErrorPortAllocation CloudWatch metric for your NAT gateway. For more information, see Monitoring NAT Gateways Using Amazon CloudWatch."

Your company has set up AWS Direct Connect to connect on-premises to an Amazon VPC instance. Two Direct Connect connections terminate at two different Direct Connect locations. You are using two routers, R1 and R2, at your end (one of each Direct Connect connection). R1 and R2 do NOT have connectivity between them. Both routers advertise the same routers over BGP to the VGW. You have a stateful firewall on each router. The routers drop some of the traffic coming from the VPC.
Which two actions should you take to fix this problem? (Select two.)

1. A. Use BGP AS prepend attribute to prepend additional AS numbers while advertising routers from R1 to VGW.
2. B. Use BGP local preference attribute to assign R1 to a lower local preference number than R2.
3. C. Use BGP local preference attribute to assign R1 a higher local preference number than R2.
4. D. Use BGP MED attribute to assign a higher MED value to the routes advertised R1 to VGW.
5. E. Use BGP MED attribute to assign a higher MED value to the routes advertised from R2 to VGW.

Correct Answer: AD

A manufacturing company has a hybrid environment that includes an AWS Direct Connect gateway that is associated with an AWS Transit Gateway The company wants to extend a third-party application that is hosted in its on-premises data center into one of its VPCs
The application vendor has stated that It must use an overlay IP address to meet the company's requirement for high availability. The DHCP administrator has assigned a non-overlapping RFC1918 private address for use as the overlay IP address The security team requires connectivity to remain private
Which solution meets these requirements with the LEAST management overhead''

1. A. Create a layer 2 VPN across a public VIF by using a software-based VPN on a pair of Amazon EC2 instances Use BGP to advertise the routes over the VPN
2. B. Create a transit VIF with automatically propagated routes in the transit gateway route table Create a new subnet in the VPC for the overlay IP address, and propagate the route to the VPC route tabl
3. C. Update the route tables on premises as needed.
4. D. Create an external Network Load Balancer by using Amazon Route 53 to create records that point to the target application's overlay IP addres
5. E. Create static entries in the VPC route table
6. F. Create a transit VIF Then create static routes in the transit gateway route table to point to the VPC that contains the overlay IP address Create static routes in the VPC route table that point to the transit gateway Update the route tables on premises as needed

Correct Answer: D

A company has an AWS Direct Connect connection between its on-premises data center and Amazon VPC. An application running on an Amazon EC2 instance in the VPC needs to access confidential data stored in the on-premises data center with consistent performance For compliance purposes, data encryption is required.
What should the network engineer do to meet these requirements?

1. A. Configure a public virtual interface on the Direct Connect connectio
2. B. Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.
3. C. Configure a private virtual interface on the Direct Connect connectio
4. D. Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.
5. E. Configure an internet gateway in the VPC Set up a software VPN between the customer gateway and an EC2 instance in the VPC.
6. F. Configure an internet gateway in the VPC Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.

Correct Answer: D