Free AWS-Certified-Advanced-Networking-Specialty Exam Braindumps

A customer is using ABC Telecom as a network provider. The customer has 10 different offices connected to ABC Telecom’s MPLS backbone. The customer is setting up an AWS Direct Connect connection to AWS and has provided the LOA-CFA to ABC Telecom. ABC Telecom has terminated the Direct Connect circuit into their MPLS backbone. To uniquely identify the customer’s traffic over the MPLS backbone, the customer must encapsulate all traffic with VLAN tag 100. The customer wants to send traffic to multiple VPCs.
Which two steps should be taken to meet the customer’s requirement? (Select two.)

1. A. The customer performs Q-in-Q tunneling, with the AWS-required VLAN tag in the inside and VLAN 100 as the outside tag.
2. B. Create a support ticket with AWS to request the removal of the outer VLAN tag 100 as the traffic reaches AWS routers.
3. C. Send the traffic for all VPCs with the same VLAN tag 100 and use BGP to ensure that proper routing takes place to the appropriate VPC.
4. D. ABC Telecom removes the other tag before sending the packet to AWS.
5. E. ABC Telecom creates a support ticket with AWS to exchange MPLS labels and include the AWS port as part of their MPLS network.

Correct Answer: AD

You are designing the network infrastructure for an application server in Amazon VPC. Users will access all the application instances from the Internet and from an on-premises network. The on-premises network is connected to your VPC over an AWS Direct Connect link.
How should you design routing to meet these requirements?

1. A. Configure a single routing table with two default routes: one to the Internet via an IGW, the other to the on-premises network via the VG
2. B. Use this routing table across all subnets in your VPC.
3. C. Configure two routing tables: one that has a default route via the IGW, and another that has a default route via the VG
4. D. Associate both routing tables with each VPC subnet.
5. E. Configure a single routing table with a default route via the IG
6. F. Propagate a default route via BGP on the AWS Direct Connect customer route
7. G. Associate the routing table with all VPC subnet.
8. H. Configure a single routing table with a default route via the IG
9. I. Propagate specific routes for theon-premises networks via BGP on the AWS Direct Connect customer route
10. J. Associate the routing table with all VPC subnets.

Correct Answer: D

You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URL, the instances should be able to access any Amazon S3 bucket in the same region via any URL.
Which of the following solutions should you deploy? (Select two.)

1. A. Include s3.amazonaws.com in the whitelist.
2. B. Create a VPC endpoint for S3.
3. C. Run Squid proxy on a NAT instance.
4. D. Deploy a NAT gateway into your VPC.
5. E. Utilize a security group to restrict access.

Correct Answer: BC
https://aws.amazon.com/blogs/security/how-to-set-up-an-outbound-vpc-proxy-with-domain-whitelisting-and-co

A company is deploying a critical application on two Amazon EC2 instances in a VPC Failed client connections to the EC2 instances must be logged according to company policy.
What is the MOST cost-effective solution to meet these requirements'?

1. A. Move the EC2 instances to a dedicated VPC Enable VPC Flow Logs with a filter on the deny action Publish the flow logs to Amazon CloudWatch Logs
2. B. Move the EC2 instances to a dedicated VPC subnet Enable VPC Flow Logs for the subnet with a filter on the reject action Publish the flow logs to an Amazon Kinesis Data Firehose stream with a data delivery to an Amazon S3 bucket
3. C. Enable VPC Flow Logs, filtered for rejected traffic for the elastic network interfaces associated with the instances Publish the flow logs to an Amazon Kinesis Data Firehose stream with a data delivery to an Amazon S3 bucket
4. D. Enable VPC Flow Logs, filtered for rejected traffic for the elastic network interfaces associated with the instances Publish the flow logs to Amazon CloudWatch Logs

Correct Answer: D

A company has Iwo on-premises data center locations. There is a company-managed router at earn data center. Each data center has a dedicated AWS Direct Connect connection to a Direct Connect gateway through a private virtual interface The router for the first location is advertising 110 routes to the Direct Connect
gateway by using BGP and the router tor the second location is advertising 60 routes to the Direct Connect gateway by using BGP The Direct Connect gateway is attached to a company VPC through a virtual private gateway
A network engineer receives reports that resources In the VPC are not reachable from various locations in either data center. The network engineer checks the VPC route table and sees that the routes from the first data center. location are not being populated into the route table The network engineer must resolve this issue in the most operationally efficient manner
What should the network engineer do to meet these requirements'

1. A. Remove the Direct Connect gateway, and create a new private virtual interface from each company router to the virtual private gateway of the VPC
2. B. Change the router configurations to summarize the advertised routes
3. C. Open a support ticket to increase the quota on advertised routes to the VPC route table
4. D. Create an AWS Transit Gateway Attach the transit gateway to the VPC and connect the Direct Connect gateway to the transit gateway.

Correct Answer: D