Free AWS-Certified-Advanced-Networking-Specialty Exam Braindumps

A company has an application running on Amazon EC2 instances in a VPC The application must publish custom metrics to Amazon CloudWatch in the same AWS Region The metrics include proprietary information All connectivity must be over private IP addresses.
Which solution will meet these requirements'?

1. A. Connect to CloudWatch through a NAT gateway
2. B. Connect to CloudWatch through a gateway endpoint
3. C. Connect to CloudWatch through an internet gateway
4. D. Connect to CloudWatch through an interface endpoint

Correct Answer: D

A company is using AWS to host all of its applications. Each application is isolated in its own Amazon VPC. Different environments such as Development, Test, and Production are also isolated in their own VPCs. The Network Engineer needs to automate VPC creation to enforce the company’s network and security standards. Additionally, the CIDR range used in each VPC needs to be unique.
Which solution meets all of these requirements?

1. A. Use AWS CloudFormation to deploy the VPC infrastructure and a custom resource to request a CIDR range from an external IP address management (IPAM) service.
2. B. Use AWS OpsWorks to deploy the VPC infrastructure and a custom resource to request a CIDR range from an external IP address management (IPAM) service.
3. C. Use the VPC wizard in the AWS Management Consol
4. D. Type in the CIDR blocks for the VPC and subnets.
5. E. Create the VPCs using AWS CLI and use the dry-run flag to validate if the current CIDR range is in use.

Correct Answer: A

A company’s web application is deployed on Amazon EC2 instances behind a public Application Load Balancer. The application flags malicious requests and uses an AWS Lambda function to add the offending IP addresses to the network ACL to block any further request for 24 hours. Recently, the application has been receiving more malicious requests, which causes the network ACL to reach its limit of allowed entries.
Which action should be taken to block more IP addresses, without compromising the existing security requirements?

1. A. Update the AWS Lambda function to remove blocked entries from the network ACL after 2 hours.
2. B. Update the AWS Lambda function to block malicious IPs in security groups rather than the network ACL.
3. C. Update the AWS Lambda function to block malicious IPs in AWS WAF attached to the Application Load Balancer.
4. D. Update the AWS Lambda function to add an additional network ACL to the subnets once the limit for the previous ones has been reached.

Correct Answer: C

An organization with a growing e-commerce presence uses the AWS CloudHSM to offload the SSL/TLS processing of its web server fleet. The company leverages Amazon EC2 Auto Scaling for web servers to handle the growth. What architectural approach is optimal to scale the encryption operation?

1. A. Use multiple CloudHSM instances, and load balance them using a Network Load Balancer.
2. B. Use multiple CloudHSM instances to the cluster;request to it will automatically load balance.
3. C. Enable Auto Scaling on the CloudHSM instance, with similar configuration to the web tier Auto Scaling group.
4. D. Use multiple CloudHSM instances, and load balance them using an Application Load Balancer.

Correct Answer: B
https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html#cluster-high-availability-load-balancing

Your company’s policy requires that all VPCs peer with a “common services: VPC. This VPC contains a fleet of layer 7 proxies and an Internet gateway. No other VPC is allowed to provision an Internet gateway. You configure a new VPC and peer with the common service VPC as required by policy. You launch an Amazon EC2. Windows instance configured to forward all traffic to the layer 7 proxies in the common services VPC. The application on this server should successfully interact with Amazon S3 using its properly configured AWS Identity and Access Management (IAM) role. However, Amazon S3 is returning 403 errors to the application.
Which step should you take to enable access to Amazon S3?

1. A. Update the S3 bucket policy with the private IP address of the instance.
2. B. Exclude 169.254.169.0/24 from the instance’s proxy configuration.
3. C. Configure a VPC endpoint for Amazon S3 in the same subnet as the instance.
4. D. Update the CORS configuration for Amazon S3 to allow traffic from the proxy.

Correct Answer: B