← Back to exam page

AWS-Certified-Advanced-Networking-Specialty-ANS-C00 AWS Certified Advanced Networking - Specialty (ANS-C00)

Loading demo links...

Showing 10–12 of 20 questions

Question 10

You need to ensure the files served by your CloudFront distribution are only accessible to authorized users. You hope to serve thousands of users. What two steps should you take? (Choose two.)

Select all that apply, then click Submit answer.

  • Configure signed cookies.

  • Configure a WAF.

  • Configure a bucket policy restricting the bucket to only CloudFront OAI.

  • Configure an SSL on the distribution.
Question 11

A bank built a new version of its banking application in AWS using containers that connect to an on-premises database over a VPN connection. This application version requires users to also update their client application. The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their on-premises version of the application to serve a small portion of the customers who haven’t yet upgraded.

What design will allow the company to serve both newer and earlier clients in the MOST efficient way?

Select an option, then click Submit answer.

  • Use an Amazon Route 53 multivalue answer routing policy to route older client traffic to the on-premises application version and the rest of the traffic to the new AWS based version.

  • Use a Classic Load Balancer for the new application. Route all traffic to the new application by using an Elastic Load Balancing (ELB) load balancer DNS. Define a user-agent-based rule on the backend servers to redirect earlier clients to the on-premises application.

  • Use an Application Load Balancer for the new application. Register both the new and earlier applications as separate target groups and use path-based routing to route traffic based on the application version.

  • Use an Application Load Balancer for the new application. Register both the new and earlier application backends as separate target groups. Use host header-based routing to route traffic based on the application version.
Question 12

Your Amazon Kinesis application receives data streams from thousands of devices. The data is then stored in an on-premises Hadoop cluster. You are concerned about historical data that shows periods of sustained traffic between 1 Gbps and 2 Gbps during peaks. You must ensure that you have secure, fault- tolerant connectivity between Amazon Kinesis and your data center.

What should you implement to address these needs?

Select an option, then click Submit answer.

  • Deploy a single 1-Gbps Direct Connect connection with a VPN backup.

  • Deploy three 1-Gbps Direct Connect connections.

  • Deploy two 1-Gbps Direct Connect connections.

  • Set up an IPsec VPN connection over Direct Connect with two tunnels.