• Home
  • Articles
  • Download Free Amazon AWS-Advanced-Networking-Specialty Real Exam Questions Download [Q80-Q95]

Download Free Amazon AWS-Advanced-Networking-Specialty Real Exam Questions Download [Q80-Q95]

Share

Download Free Amazon AWS-Advanced-Networking-Specialty Real Exam Questions Download

Latest Amazon AWS-Advanced-Networking-Specialty Real Exam Dumps PDF


Salary of AWS Certified Advanced Networking - Specialty certified professionals

The salary of AWS Certified Advanced Networking - Specialty certified professionals varies from $101K to $135K depending on the years of experience.

 

NEW QUESTION 80
Your company has a highly available Direct Connect solution that utilizes two datacenters. Each data center contains one two-connection LAG and one standard DX connection. How many LOAs will be filled out in total if your company completes an order to add a new connection to each one of the LAGs?
Choose the correct answer:

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A

Explanation:
Four LOAs are required for the first order and two more for the second.

 

NEW QUESTION 81
Which AWS service is used within an AWS Config Rule to perform the logic evaluation of that rule?

  • A. WAF
  • B. Inspector
  • C. Lambda
  • D. SWF

Answer: C

Explanation:
AWS Config Rules are a great way to help you enforce specific compliance controls and checks across your resources and allows for you to adopt an `ideal' deployment specification for each of your resource types. Each Rule is simply a Lambda function that when called upon evaluates the resource and carries out some simply logic to determine the compliance result with the rule.
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_nodejs- sample.html

 

NEW QUESTION 82
You have a web application (app.mycompany.com) running on an EC2 instance with a single elastic network interface in a subnet in a VPC. Because of a network redesign, you need to move the web application to a different subnet in the same Availability Zone.
Which of the following migration strategies meets the requirements?

  • A. Launch a new instance in the subnet via an AMI created from the instance, and redirect new connections to this new instance using DNS. Decommission the old instance.
  • B. Make an API call to change the subnet association of the elastic network interface.
  • C. Create an elastic network interface in the new subnet. Attach this interface to the instance, and detach the old interface.
  • D. Change the IP addresses manually to another subnet within the server operating system.

Answer: A

Explanation:
Instances cannot change subnets, so a new instance must be created (Response B). A is wrong because you cannot remove the original elastic network interface. C is not possible. D is wrong because the OS has no ability to affect the AWS assigned IP addresses.

 

NEW QUESTION 83
Your company needs to leverage Amazon Simple Storage Solution (S3) for backup and archiving. According to company policy, data should not flow on the public Internet even if data is encrypted. You have set up two S3 buckets in us-east-1 and us-west-2. Your company data center is located on the West Coast of the United States.
The design must be cost-effective and enable minimal latency.
Which design should you set up?

  • A. An AWS Direct Connect connection to us-east-1 and a Direct Connect connection to us-west-2.
  • B. An AWS Direct Connect connection to us-west-2 and a VPN connection to us-east-1.
  • C. An AWS Direct Connect connection to us-west-2.
  • D. An AWS Direct Connect connection to us-east-1.

Answer: B

Explanation:
If you setup the public VIF on us-west-2, then you will need to run the VPN through the DX.

 

NEW QUESTION 84
An organization will be extending its existing on-premises infrastructure into the cloud. The design consists of a transit VPC that contains stateful firewalls that will be deployed in a highly available configuration across two Availability Zones for automatic failover.
What MUST be configured for this design to work? (Select two.)

  • A. Static routing
  • B. Autonomous system (AS) path prepending
  • C. A different Autonomous System Number (ASN) for each firewall.
  • D. Equal-cost multi-path routing (ECMP)
  • E. Border Gateway Protocol (BGP) routing

Answer: B,E

Explanation:
Explanation
https://docs.aws.amazon.com/solutions/latest/cisco-based-transit-vpc/appendix-a.html

 

NEW QUESTION 85
An organization delivers high-resolution, dynamic web content. Internet users access the content from a variety of platforms, including mobile, tablet and desktop. Each platform receives a customized experience to account for the differences in viewing modes. A dedicated, automatic-scaling fleet of Amazon EC2 instances is used for each platform to server content based on path-based headers.
Which combination of services will MINIMIZE cost and MAXIMIZE performance? (Select two.)

  • A. Amazon Route 53 with traffic flow policies
  • B. Network Load Balancer
  • C. Amazon CloudFront with Lambda@Edge
  • D. Application Load Balancer
  • E. Amazon S3 static websites

Answer: C,D

Explanation:
Explanation
References: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-at-theedge.html

 

NEW QUESTION 86
A corporate network routing table contains 624 individual RFC 1918 and public IP prefixes. You have two AWS Direct Connect connectors. You configure a private virtual interface on both connections to a virtual private gateway. The virtual private gateway is not currently attached to a VPC. Neither BGP session wall maintain the Established state on the customer router. The AWS Management Console reports the private virtual interfaces as Down.
What could you do to address the problem so that the AWS Management Console reports the private virtual interface as Available?

  • A. Change the BGP advertisements from the corporate network to only be a default route.
  • B. Attach the virtual private gateway to a VPC and enable route propagation.
  • C. Attach the second virtual interface to an alternative virtual private gateway.
  • D. Filter the public IP pre?xes on the corporate network from the private virtual interface.

Answer: C

 

NEW QUESTION 87
A Network Engineer needs to create a public virtual interface on the company's AWS Direct Connect connection and only import routes which originated from the same region as the Direct Connect location.
What action should accomplish this?

  • A. Configure a filter on the company's router to only import routes without a BGP community attribute and a maximum path length of 3.
  • B. Configure a prefix list on the customer router containing the AWS IP address ranges for the specific region.
  • C. Configure a filter in the console and only allow routes advertised by AWS without a BGP community attribute and a maximum path length of 3.
  • D. Configure a filter on the company's router to only import routes with the 7224:8100 BGP community attribute.

Answer: D

 

NEW QUESTION 88
A bank built a new version of its banking application in AWS using containers that content to an on-premises database over VPN connection. This application version requires users to also update their client application.
The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their on-premises version of the application to serve a small portion of the customers who haven't yet upgraded.
What design will allow the company to serve both newer and earlier clients in the MOST efficient way?

  • A. Use a Classic Load Balancer for the new application. Route all traffic to the new application by using an Elastic Load Balancing (ELB) load balancer DNS. Define a user-agent-based rule on the backend servers to redirect earlier clients to the on-premises application.
  • B. Use an Amazon Route 53 multivalue answer routing policy to route older client traffic to the on-premises application version and the rest of the traffic to the new AWS based version.
  • C. Use an Application Load Balancer for the new application. Register both the new and earlier applications as separate target groups and use path-based routing to route traffic based on the application version.
  • D. Use an Application Load Balancer for the new application. Register both the new and earlier application backends as separate target groups. Use header-based routing to route traffic based on the application version.

Answer: A

 

NEW QUESTION 89
Your organization runs a popular e-commerce application deployed on AWS that uses autoscaling in conjunction with an Elastic Load balancing (ELB) service with an HTTPS.
Your security team reports that an exploitable vulnerability has been discovered in the encryption protocol and cipher that your site uses.
Which step should you take to fix this problem?

  • A. Generate new SSL certificates and use ELB to front-end the encrypted traffic for all web servers.
  • B. Change the security policy on the ELB to disable vulnerable protocols and ciphers.
  • C. Leverage your current configuration management system to update SSL policy on all web servers.
  • D. Generate new SSL certificates for all web servers and replace current certificates.

Answer: B

Explanation:
vulnerable ciphers and protocols can be removed on the security policy.

 

NEW QUESTION 90
You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URL, the instances should be able to access any Amazon S3 bucket in the same region via any URL.
Which of the following solutions should you deploy? (Select two.)

  • A. Run Squid proxy on a NAT instance.
  • B. Utilize a security group to restrict access.
  • C. Deploy a NAT gateway into your VPC.
  • D. Include s3.amazonaws.com in the whitelist.
  • E. Create a VPC endpoint for S3.

Answer: B,C

Explanation:
Explanation
References: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html

 

NEW QUESTION 91
You run a well-architected, multi-AZ application in the eu-central-1 (Frankfurt) AWS region. The application is hosted in a VPC and is only accesses from the corporate network. To support large volumes of data transfer and administration of the application, you use a single 10-Gbps AWS Direct Connect connection with multiple private virtual interfaces. As part of a review, you decide to improve the resilience of your connection to AWS and make sure that any additional connectivity does not share the same Direct Connect routers at AWS.
You need to provide the best levels of resilience to meet the application's needs.
Which two options should you consider? (Select two.)

  • A. Install a second 10-Gbps Direct Connect connection to a second Direct Connect location for eu- central-1.
  • B. Deploy an IPsec VPN over the Internet to the eu-west-1 region for diversity.
  • C. Install a second 10-Gbps Direct Connect connection to a Direct Connect location in eu-west-1.
  • D. Deploy an IPsec VPN over a public virtual interface on a new 10-Gbps Direct Connect connection.
  • E. Install a second 10-Gbps Direct Connect connection to the same Direct Connection location.

Answer: A,E

Explanation:
AWS recommends customers use multiple dynamically routed, rather than statically routed, connections to AWS at multiple AWS Direct Connect locations. This will allow remote connections to fail over automatically. Dynamic routing also enables remote connections to automatically leverage available preferred routes, if applicable, to the on-premises network. Highly resilient connections require redundant hardware, even when connecting from the same physical location.
Avoid relying on a single on-premises device connecting to a single AWS Direct Connect device.
Avoid relying on AWS Managed VPN as backup for connections that are greater than 1Gbps.
https://aws.amazon.com/directconnect/resiliency-recommendation/

 

NEW QUESTION 92
Non-compliant resources identified through the use of AWS Config Rules are automatically removed from operational service.

  • A. It depends on the Rule configuration
  • B. Only if it remains non-compliant for more than 6 hours
  • C. True
  • D. False

Answer: D

Explanation:
Each time a change is made to one of your supported resources, AWS config will check its compliance against any Config Rules that you have in place. If there is a violation against these rules then AWS Config will send a message to the Configuration Stream via SNS and the resource will be marked as `noncompliant'.
It's important to note that this does not mean the resource will be taken out of service or it will stop working. It will continue to operate exactly as it is with its new configuration. AWS Config simply alerts you that there is a violation and it's up to you to take the appropriate action.
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_view-compliance.html

 

NEW QUESTION 93
The Web Application Development team is worried about malicious activity from 200 random IP addresses.
Which action will ensure security and scalability from this type of threat?

  • A. Use inbound network ACL rules to block the IP addresses.
  • B. Use inbound security group rules to block the IP addresses.
  • C. Write iptables rules on the instance to block the IP addresses.
  • D. Use AWS WAF to block the IP addresses.

Answer: D

 

NEW QUESTION 94
A company wants to conduct a proof of concept for an SAP HANA application with a hey objective to automate the provisioning of infrastructure and the application. The company operates a hybrid cloud infrastructure with AWS Direct Connect between its data center and VPC. Security policy dictates that all traffic from AWS be routed through on-premises data center firewalls. Security policy also prohibits the use of a VPC internet gateway for internet access The company enforces use of a forward proxy server for all outbound network traffic All resources inside the VPC are able to reach on-premises servers.
All Amazon EC2 Linux instances require package updates over the internet. However, the updates are failing and sending errors.
What would cause these errors?

  • A. The EC2 instances are not configured to use the proxy running in the data center for traffic on TCP port
    80.
  • B. The data center firewall is blocking all traffic sent from the VPC CIDR range destined for 0.0.0.0/0.
  • C. The VPC route table does not have entries for the proxy server in the data center
  • D. Inbound security groups are configured incorrectly on the EC2 instances running in the VPC.

Answer: C

 

NEW QUESTION 95
......

PDF (New 2021) Actual Amazon AWS-Advanced-Networking-Specialty Exam Questions: https://www.real4dumps.com/AWS-Advanced-Networking-Specialty_examcollection.html

AWS-Advanced-Networking-Specialty Exam Dumps, AWS-Advanced-Networking-Specialty Practice Test Questions: https://drive.google.com/open?id=1lNoREaPX0BS0DXIWAyAUonN7lMoA2jcs

Related Articles

more
Amazon AWS-Advanced-Networking-Specialty Certification Practice Exam

Real4dumps is a reliable and professional company providing real exam questions and test dumps vce pdf. We have good reputation in IT area with high pass rate guarantee and best service. Our real exam questions and test dumps vce pdf can help you pass your exam successfully.

Latest Exam Questions

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 Real4dumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy