Free AWS-Certified-Advanced-Networking-Specialty Exam Braindumps

A company has an application running in an Amazon VPC that must be able to communicate with on-premises resources in a data center. Network traffic between AWS and the data center will initially be minimal, but will increase to more than 10 Gbps over the next
few months. The company's goal is to launch the application as quickly as possible. The Network Engineer has been asked to design a hybrid IT connectivity solution. What should be done to meet these requirements?

1. A. Submit a 1 Gbps AWS Direct Connect connection request, then increase the number of Direct Connect connections, as needed.
2. B. Allocate elastic IPs to Amazon EC2 instances for temporary access to on-premises resources, then provision AWS VPN connections between an Amazon VPC and the data center.
3. C. Provision an AWS VPN connection between an Amazon VPC and the data center, then submit an AWS Direct Connect connection reques
4. D. Later, cut over from the VPN connection to one or more Direct Connect connections, as needed.
5. E. Provision a 100 Mbps AWS Direct Connect connection between an Amazon VPC and the data center, then submit a Direct Connect connection reques
6. F. Later, cut over from the hosted connection to one or more Direct Connect connections, as needed.

Correct Answer: C

A company is delivering web content from an Amazon EC2 instance in a public subnet with address 2001 db8 1 100 1 Users report they are unable to access the web content The VPC Flow Logs tor the subnet contain the following entries.

Which action will restore network reachability to the EC2 instance1?

1. A. Update the security group associated with eni-0596e500l23456789 to permit inbound traffic
2. B. Update the security group associated with eni-059€«500i234 56~89 to permit outbound traffic
3. C. Update the network ACL associated with the subnet to permit inbound traffic
4. D. Update the network ACL associated with the subnet to permit outbound traffic

Correct Answer: C

You are moving a two-tier application into an Amazon VPC. An Elastic Load Balancing (ELB) load balancer is configured in front of the application tier. The application tier is driven through RESTful interfaces. The data tier uses relational database service (RDS) MySQL. Company policy requires end-to-end encryption of all data in transit. in front
What ELB configuration complies with the corporate encryption policy?

1. A. Configure the ELB load balancer protocol as HTT
2. B. Configure the application instances for SSL terminatio
3. C. Configure Amazon RDS for SSL, and use REQUIRE SSL grants.
4. D. Configure the ELB protocols in TCP mod
5. E. Configure the application instances for SSL termination.Configure Amazon RDS for SSL, and use REQUIRE SSL grants.
6. F. Configure the ELB load balancer protocol as HTTP
7. G. Offload application instance encryption to the load balance
8. H. Install your SSL certificate on Amazon RDS, and configure SSL.
9. I. Configure the ELB protocols in SSL mod
10. J. Offload application instance encryption to the load balancer.Install your SSL/TLS certificate on Amazon RDS, and configure SSL.

Correct Answer: B
Refer: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-listener-config.html

An architecture is being designed to support an Amazon WorkSpaces deployment of 1,000 desktops. Which architecture will support this deployment while allowing for future expansion?

1. A. A VPC with a /16 CIDR and one /21 subnet
2. B. A VPC with a /20 CIDR and two /21 subnets
3. C. A VPC with a /16 CIDR and one /22 subnet
4. D. A VPC with a /20 CIDR and two /23 subnets

Correct Answer: B

A company is about to migrate an application from its on-premises data center to AWS. As part of the planning process, the following requirements involving DNS have been identified.
The organization’s VPC uses the CIDR block 172.16.0.0/16.
Assuming that there is no DNS namespace overlap, how can these requirements be met?

1. A. Change the DHCP options set for the VPC to use both the Amazon-provided DNS server and theon-premises DNS system
2. B. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.
3. C. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxie
4. D. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to 172.16.0.2. Change the DHCP options set for the VPC to use the new DNS proxie
5. E. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.
6. F. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxie
7. G. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to the Amazon-provided DNS server (172.16.0.2). Change the DHCP options set for the VPC to use the new DNS proxie
8. H. Configure the on-premises DNS systems with a stub-zone, delegating the proxies as authoritative for the Route 53 private hosted zone.
9. I. Change the DHCP options set for the VPC to use both the on-premises DNS system
10. J. Configure theon-premises DNS systems with a stub-zone, delegating the Route 53 private hosted zone’s name servers as authoritative for the Route 53 private hosted zone.

Correct Answer: C