← Back to exam page

ANS-C01 AWS Certified Advanced Networking- Specialty

Loading demo links...

Showing 4–6 of 10 questions

Question 4

A company delivers applications over the internet. An Amazon Route 53 public hosted zone is the authoritative DNS service for the company and its internet applications, all of which are offered from the same domain name.

A network engineer is working on a new version of one of the applications. All the application's components are hosted in the AWS Cloud. The application has a three-tier design. The front end is delivered through Amazon EC2 instances that are deployed in public subnets with Elastic IP addresses assigned. The backend components are deployed in private subnets from RFC1918.

Components of the application need to be able to access other components of the application within the application's VPC by using the same host names as the host names that are used over the public internet. The network engineer also needs to accommodate future DNS changes, such as the introduction of new host names or the retirement of DNS entries.

Which combination of steps will meet these requirements? (Choose three.)

Select all that apply, then click Submit answer.

  • Add a geoproximity routing policy in Route 53.

  • Create a Route 53 private hosted zone for the same domain name Associate the application’s VPC with the new private hosted zone.

  • Enable DNS hostnames for the application's VPC.

  • Create entries in the private hosted zone for each name in the public hosted zone by using the corresponding private IP addresses.

  • Create an Amazon EventBridge (Amazon CloudWatch Events) rule that runs when AWS CloudTrail logs a Route 53 API call to the public hosted zone. Create an AWS Lambda function as the target of the rule. Configure the function to use the event information to update the private hosted zone.

  • Add the private IP addresses in the existing Route 53 public hosted zone.
Question 5

A network engineer has deployed an Amazon EC2 instance in a private subnet in a VPC. The VPC has no public subnet. The EC2 instance hosts application code that sends messages to an Amazon Simple Queue Service (Amazon SQS) queue. The subnet has the default network ACL with no modification applied. The EC2 instance has the default security group with no modification applied.

The SQS queue is not receiving messages.

Which of the following are possible causes of this problem? (Choose two.)

Select all that apply, then click Submit answer.

  • The EC2 instance is not attached to an IAM role that allows write operations to Amazon SQS.

  • The security group is blocking traffic to the IP address range used by Amazon SQS

  • There is no interface VPC endpoint configured for Amazon SQS

  • The network ACL is blocking return traffic from Amazon SQS

  • There is no route configured in the subnet route table for the IP address range used by Amazon SQS
Question 6

A company uses a 1 Gbps AWS Direct Connect connection to connect its AWS environment to its on-premises data center. The connection provides employees with access to an application VPC that is hosted on AWS. Many remote employees use a company-provided VPN to connect to the data center. These employees are reporting slowness when they access the application during business hours. On-premises users have started to report similar slowness while they are in the office.

The company plans to build an additional application on AWS. On-site and remote employees will use the additional application. After the deployment of this additional application, the company will need 20% more bandwidth than the company currently uses. With the increased usage, the company wants to add resiliency to the AWS connectivity. A network engineer must review the current implementation and must make improvements within a limited budget.

What should the network engineer do to meet these requirements MOST cost-effectively?

Select an option, then click Submit answer.

  • Set up a new 1 Gbps Direct Connect dedicated connection to accommodate the additional traffic load from remote employees and the additional application. Create a link aggregation group (LAG).

  • Deploy an AWS Site-to-Site VPN connection to the application VPC. Configure the on-premises routing for the remote employees to connect to the Site-to-Site VPN connection.

  • Deploy Amazon Workspaces into the application VPInstruct the remote employees to connect to Workspaces.

  • Replace the existing 1 Gbps Direct Connect connection with two new 2 Gbps Direct Connect hosted connections. Create an AWS Client VPN endpoint in the application VPC. Instruct the remote employees to connect to the Client VPN endpoint.