• Home
  • Articles
  • [Sep-2023] Latest AWS-Advanced-Networking-Specialty Exam Dumps for Pass Guaranteed [Q66-Q91]

[Sep-2023] Latest AWS-Advanced-Networking-Specialty Exam Dumps for Pass Guaranteed [Q66-Q91]

Share

[Sep-2023] Latest AWS-Advanced-Networking-Specialty Exam Dumps for Pass Guaranteed

Reliable AWS Certified Advanced Networking Specialty AWS-Advanced-Networking-Specialty Dumps PDF Sep 03, 2023 Recently Updated Questions


What is the format of the result

The AWS Certified Advanced Networking - Specialty (ANS-C00) examination is a pass or fail exam. The examination is scored against a minimum standard established by AWS professionals who are guided by certification industry best practices and guidelines. Your score report contains a table of classifications of your performance at each section level. This information is designed to provide general feedback concerning your examination performance. The examination uses a compensatory scoring model, which means that you do not need to “pass” the individual sections, only the overall examination. Each section of the examination has a specific weighting, so some sections have more questions than others. The table contains general information, highlighting your strengths and weaknesses. Exercise caution when interpreting section-level feedback.


Amazon AWS-Advanced-Networking-Specialty (AWS Certified Advanced Networking Specialty (ANS-C00)) Exam is a certification exam offered by Amazon Web Services (AWS) for individuals who have expertise in designing and implementing advanced AWS networking solutions. AWS-Advanced-Networking-Specialty exam is intended for individuals who have a deep understanding of networking technologies and their integration with AWS services.


Amazon Web Services (AWS) Certified Advanced Networking Specialty (ANS-C00) is a certification exam designed for individuals who have a deep understanding of networking concepts and their implementation in AWS. AWS Certified Advanced Networking Specialty (ANS-C00) Exam certification validates the expertise in designing and implementing AWS services to build secure and scalable networks, and the ability to troubleshoot common network issues.

 

NEW QUESTION # 66
A company is about to migrate an application from its on-premises data center to AWS. As part of the planning process, the following requirements involving DNS have been identified.
The organization's VPC uses the CIDR block 172.16.0.0/16.
Assuming that there is no DNS namespace overlap, how can these requirements be met?

  • A. Change the DHCP options set for the VPC to use both the on-premises DNS systems. Configure the on-premises DNS systems with a stub-zone, delegating the Route 53 private hosted zone's name servers as authoritative for the Route 53 private hosted zone.
  • B. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to 172.16.0.2. Change the DHCP options set for the VPC to use the new DNS proxies. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.
  • C. Change the DHCP options set for the VPC to use both the Amazon-provided DNS server and the on-premises DNS systems. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.
  • D. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to the Amazon-provided DNS server (172.16.0.2). Change the DHCP options set for the VPC to use the new DNS proxies. Configure the on-premises DNS systems with a stub-zone, delegating the proxies as authoritative for the Route 53 private hosted zone.

Answer: D


NEW QUESTION # 67
DNS name resolution must be provided for services in the following four zones:
company.private.
emea.company.private.
apac.company.private.
amer.company.private.
The contents of these zones is not considered sensitive, however, the zones only need to be used by services hosted in these VPCs, one per geographic region. Each VPC should resolve the names in all zones.
How can you use Amazon route 53 to meet these requirements?

  • A. Create a single Route 53 Private Hosted Zone for the zone company.private and associate it with the three VPCs.
  • B. Create a Route 53 Private Hosted Zone for each of the four zones and associate them with the three VPCs.
  • C. Create a Route Public Hosted Zone for each of the four zones and configure the VPS DNS Resolver to forward
  • D. Create a single Route 53 Public Hosted Zone for the zone company.private and configure the VPS DNS Resolver to forward

Answer: D


NEW QUESTION # 68
A Lambda function needs to access the private address of an Amazon ElastiCache cluster in a VPC. The Lambda function also needs to write messages to Amazon SQS. The Lambda function has been configured to run in a subnet in the VPC.
Which of the following actions meet the requirements? (Select two.)

  • A. The Lambda function must consume auto-assigned public IP addresses but not elastic IP addresses.
  • B. The Lambda function needs an IAM role to access Amazon SQS
  • C. The Lambda function must be assigned a public IP address to access the public Amazon SQS API.
  • D. The Lambda function must route through a NAT gateway or NAT instance in another subnet to access the public SQS API.
  • E. The ElastiCache server outbound security group rules must be configured to permit the Lambda function's security group.

Answer: B,C

Explanation:
https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/


NEW QUESTION # 69
A company has two redundant AWS Direct Connect connections to a VPC. The VPC is configured using BGP metrics so that one Direct Connect connection is used as the primary traffic path. The company wants the primary Direct Connect connection to fail to the secondary in less than one second.
What should be done to meet this requirement?

  • A. Enable Bidirectional Forwarding Detection (BFD) echo mode on the company's router and disable sending the Internet Control Message Protocol (ICMP) IP packet requests.
  • B. Enable Bidirectional Forwarding Detection (BFD) on the company's router with a detection minimum interval of 300 ms and a BFD liveness detection multiplier of 3.
  • C. Enable Dead Peer Detection (DPD) on the company's router with a detection minimum interval of 300 ms and a DPD liveliness detection multiplier of 3.
  • D. Configure BGP on the company's router with a keep-alive to 300 ms and the BGP hold timer to 900 ms.

Answer: B

Explanation:
https://aws.amazon.com/premiumsupport/knowledge-center/enable-bfd-direct-connect/


NEW QUESTION # 70
You are building an application in AWS that requires Amazon Elastic MapReduce (Amazon EMR). The application needs to resolve hostnames in your internal, on-premises Active Directory domain. You update your DHCP Options Set in the VPC to point to a pair of Active Directory integrated DNS servers running in your VPC.
Which action is required to support a successful Amazon EMR cluster launch?

  • A. Configure an Amazon Route 53 private zone for the EMR cluster.
  • B. Launch an AD connector for the internal domain.
  • C. Enable seamless domain join for the Amazon EMR cluster.
  • D. Add a conditional forwarder to the Amazon-provided DNS server.

Answer: D

Explanation:
https://aws.amazon.com/blogs/networking-and-content-delivery/centralized-dns-management-of- hybrid-cloud-with-amazon-route-53-and-aws-transit-gateway/


NEW QUESTION # 71
Each custom AWS Config rule you create must be associated with a(n) AWS ____, which contains the logic that evaluates whether your AWS resources comply with the rule.

  • A. EC2 instance
  • B. Configuration trigger
  • C. Lambda function
  • D. S3 bucket

Answer: C

Explanation:
You can develop custom AWS Config rules to be evaluated by associating each of them with an AWS Lambda function, which contains the logic that evaluates whether your AWS resources comply with the rule. You associate this function with your rule, and the rule invokes the function either in response to configuration changes or periodically. The function then evaluates whether your resources comply with your rule, and sends its evaluation results to AWS Config.
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html


NEW QUESTION # 72
A Network Engineer needs to create a public virtual interface on the company's AWS Direct Connect connection and only import routes which originated from the same region as the Direct Connect location.
What action should accomplish this?

  • A. Configure a filter on the company's router to only import routes with the 7224:8100 BGP community attribute.
  • B. Configure a filter in the console and only allow routes advertised by AWS without a BGP community attribute and a maximum path length of 3.
  • C. Configure a filter on the company's router to only import routes without a BGP community attribute and a maximum path length of 3.
  • D. Configure a prefix list on the customer router containing the AWS IP address ranges for the specific region.

Answer: A


NEW QUESTION # 73
You are configuring a virtual interface for access to your VPC on a newly provisioned 1-Gbps AWS Direct Connect connection.
Which two configuration values do you need to provide? (Select two.)

  • A. VLAN ID
  • B. Virtual private gateway
  • C. IP prefixes to advertise
  • D. Direct Connect location
  • E. Public AS number

Answer: A,B

Explanation:
https://docs.aws.amazon.com/directconnect/latest/UserGuide/getting_started.html


NEW QUESTION # 74
A company is connecting to a VPC over an AWS Direct Connect using a private VIF, and a dynamic VPN connection as a backup. The company's Reliability Engineering team has been running failover and resiliency tests on the network and the existing VPC by simulating an outage situation on the Direct Connect connection.
During the resiliency tests, traffic failed to switch over to the backup VPN connection.
How can this failure be troubleshot?

  • A. Ensure that Bidirectional Forwarding Detection is enabled on the Direct Connect connection
  • B. Reconfigure the Direct Connect session from static routes to Border Gateway Protocol (BGP) peering.
  • C. Configure a virtual private gateway for the VPN and another virtual private gateway for Direct Connect.
  • D. Confirm that the same routes are being advertised over both the VPN and Direct Connect.

Answer: B


NEW QUESTION # 75
You manage a web service that is used by client applications deployed in 300 offices worldwide. The web service architecture is an Elastic Load balancer (ELB) distributing traffic across four application servers deployed in an autoscaling group across two availability zones.
The ELB is configured to use round robin, and sticky sessions are disabled. You have configured the NACLs and Security Groups to allow port 22 from your bastion host, and port 80 from 0.0.0.0/0. The client configuration is managed by each regional IT team.
Upon inspection you find that a large amount of requests from incorrectly configured sites are causing a single application server to degrade. The remainder of the requests are equally distributed across all servers with no negative effects.
What should you do to remedy the situation and prevent future occurrences?

  • A. Terminate the affected instance and allow Auto Scaling to create a new instance.
  • B. Mark the affected instance as degraded in the ELB and raise it with the client application team.
  • C. Update the NACL to only allow port 80 to the application servers from the ELB servers.
  • D. Update the Security Groups to only allow port 80 to the application servers from the ELB.

Answer: A


NEW QUESTION # 76
What two items are required for all AWS VPNs?
Choose the 2 correct answers:

  • A. Customer Gateway
  • B. ASN
  • C. A hardware router
  • D. Virtual Private Gateway

Answer: A,D

Explanation:
An ASN is only required for dynamic VPNs and hardware routers are not required.


NEW QUESTION # 77
An organization with a growing e-commerce presence uses the AWS CloudHSM to offload the SSL/TLS processing of its web server fleet. The company leverages Amazon EC2 Auto Scaling for web servers to handle the growth. What architectural approach is optimal to scale the encryption operation?

  • A. Use multiple CloudHSM instances to the cluster;request to it will automatically load balance.
  • B. Enable Auto Scaling on the CloudHSM instance, with similar configuration to the web tier Auto Scaling group.
  • C. Use multiple CloudHSM instances, and load balance them using an Application Load Balancer.
  • D. Use multiple CloudHSM instances, and load balance them using a Network Load Balancer.

Answer: D


NEW QUESTION # 78
A Network Engineer is designing a new system on AWS that will take advantage of Amazon CloudFront for both content caching and for protecting the underlying origin. There is concern that an external agency might be able to access the IP addresses for the application's origin and then attack the origin despite it being served by CloudFront. Which of the following solutions provides the strongest level of protection to the origin?

  • A. Configure CloudFront to use a custom header and configure an AWS WAF rule on the origin's Application Load Balancer to accept only traffic that contains that header.
  • B. Attach an origin access identity to the CloudFront origin that allows traffic to the origin that originates from only CloudFront.
  • C. Use an IP whitelist rule in AWS WAF within CloudFront to ensure that only known-client IPs are able to access the application.
  • D. Configure an AWS Lambda@Edge function to validate that the traffic to the Application Load Balancer originates from CloudFront.

Answer: A


NEW QUESTION # 79
You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URL, the instances should be able to access any Amazon S3 bucket in the same region via any URL.
Which of the following solutions should you deploy? (Select two.)

  • A. Create a VPC endpoint for S3.
  • B. Run Squid proxy on a NAT instance.
  • C. Include s3.amazonaws.com in the whitelist.
  • D. Utilize a security group to restrict access.
  • E. Deploy a NAT gateway into your VPC.

Answer: D,E

Explanation:
Explanation
References: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html


NEW QUESTION # 80
A Lambda function needs to access the private address of an Amazon ElastiCache cluster in a VPC. The Lambda function also needs to write messages to Amazon SQS. The Lambda function has been configured to run in a subnet in the VPC.
Which of the following actions meet the requirements? (Select two.)

  • A. The Lambda function must consume auto-assigned public IP addresses but not elastic IP addresses.
  • B. The Lambda function needs an IAM role to access Amazon SQS
  • C. The Lambda function must be assigned a public IP address to access the public Amazon SQS API.
  • D. The Lambda function must route through a NAT gateway or NAT instance in another subnet to access the public SQS API.
  • E. The ElastiCache server outbound security group rules must be configured to permit the Lambda function's security group.

Answer: B,C

Explanation:
Explanation
References: https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/


NEW QUESTION # 81
A customer is using ABC Telecom as a network provider. The customer has 10 different offices connected to ABC Telecom's MPLS backbone. The customer is setting up an AWS Direct Connect connection to AWS and has provided the LOA-CFA to ABC Telecom. ABC Telecom has terminated the Direct Connect circuit into their MPLS backbone. To uniquely identify the customer's traffic over the MPLS backbone, the customer must encapsulate all traffic with VLAN tag 100. The customer wants to send traffic to multiple VPCs.
Which two steps should be taken to meet the customer's requirement? (Select two.)

  • A. The customer performs Q-in-Q tunneling, with the AWS-required VLAN tag in the inside and VLAN 100 as the outside tag.
  • B. ABC Telecom removes the other tag before sending the packet to AWS.
  • C. Create a support ticket with AWS to request the removal of the outer VLAN tag 100 as the traffic reaches AWS routers.
  • D. ABC Telecom creates a support ticket with AWS to exchange MPLS labels and include the AWS port as part of their MPLS network.
  • E. Send the traffic for all VPCs with the same VLAN tag 100 and use BGP to ensure that proper routing takes place to the appropriate VPC.

Answer: A,B

Explanation:
We have to use VLAN tag assigned to VPC (requirement is to use multiple) and then telecom require VLAN 100 over their backbone. This require Q-in-Q. At AWS edge outer tag is stripped and only VPC VLAN sent to AWS.


NEW QUESTION # 82
Your application is hosted behind an Elastic Load Balancer (ELB) within an autoscaling group.
The autoscaling group is configured with a minimum of 2, a maximum of 14, and a desired value of 2. The autoscaling cooldown and the termination policies are set to the default value.
CloudWatch reports that the site typically requires just two servers, but spikes at the start and end of the business day can require eight to ten servers. You receive intermittent reports of timeouts and partially loaded web pages.
Which configuration change should you make to address this issue?

  • A. Configure the autoscaling cooldown to 600 seconds.
  • B. Configure a Terminating: Wait lifecycle hook on a scale in event.
  • C. Configure connection draining on the ELB.
  • D. Configure the termination policy to oldest instance.

Answer: C

Explanation:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/attach-load-balancer-asg.html


NEW QUESTION # 83
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active. What two configuration changes should you implement?
Choose the 2 correct answers:

  • A. BFD
  • B. BGP
  • C. AS_PATH Prepending
  • D. MPLS

Answer: A,C

Explanation:
Bidirectional-Forwarding Detection will allow for faster failover times. AS_PATH Prepending will allow you to choose the default path. BGP is already implemented and MPLS does not matter.


NEW QUESTION # 84
Your company uses an NTP server to synchronize time across systems. The company runs multiple versions of Linux and Windows systems. You discover that the NTP server has failed, and you need to add an alternate NTP server to your instances.
Where should you apply the NTP server update to propagate information without rebooting your running instances?

  • A. instance meta-data
  • B. DHCP Options Set
  • C. cfn-init scripts
  • D. instance user-data

Answer: C


NEW QUESTION # 85
A company uses AWS Direct Connect lo connect its corporate network to multiple VPCs in the same AWS account and the same AVVS Region Each VPC uses its own private VIF and its own virtual LAN on the Direct Connect connection The company has grown and will soon surpass the limit of VPCs and private VIFs for each connection What is the MOST scalable way to add VPCs with on-premises connectivity?

  • A. Create a Direct Connect gateway, and add virtual private gateway associations to the VPCs. Configure a private VIF to connect to the corporate network
  • B. Create a transit gateway and attach the VPCs Create a Direct Connect gateway, and associate it with the transit gateway Create a transit VIF to the Direct Connect gateway
  • C. Provision a new Direct Connect connection to handle the additional VPCs Use the new connection to connect additional VPCs.
  • D. Create virtual private gateways for each VPC that is over the service quota Use AWS Site-to-Site VPN to connect the virtual private gateways to the corporate network

Answer: B


NEW QUESTION # 86
Your company needs to leverage Amazon Simple Storage Solution (S3) for backup and archiving. According to company policy, data should not flow on the public Internet even if data is encrypted. You have set up two S3 buckets in us-east-1 and us-west-2. Your company data center is located on the West Coast of the United States. The design must be cost-effective and enable minimal latency.
Which design should you set up?

  • A. An AWS Direct Connect connection to us-east-1.
  • B. An AWS Direct Connect connection to us-west-2.
  • C. An AWS Direct Connect connection to us-east-1 and a Direct Connect connection to us-west-2.
  • D. An AWS Direct Connect connection to us-west-2 and a VPN connection to us-east-1.

Answer: B

Explanation:
DC is in West Coast, it doesn't make sense to create direct connect connection to us-east-1 other than DC location, so A & B are out of picture. You can therefore use a single AWS Direct Connect connection to build multi-Region services. All networking traffic remains on the AWS global network backbone, regardless of whether you access public AWS services or a VPC in another Region. To access public resources in a remote Region, you must set up a public virtual interface and establish a Border Gateway Protocol (BGP) session. S3 is one of AWS public resources, be aware that BGP is needed instead of VPN. https://docs.aws.amazon.com/directconnect/latest/UserGuide/remote_regions.html


NEW QUESTION # 87
You are configuring a virtual interface for access to your VPC on a newly provisioned 1-Gbps AWS Direct Connect connection. Which two configuration values do you need to provide? (Select two.)

  • A. VLAN ID
  • B. Virtual private gateway
  • C. IP prefixes to advertise
  • D. Direct Connect location
  • E. Public AS number

Answer: A,B

Explanation:
Explanation
References: https://aws.amazon.com/directconnect/faqs/


NEW QUESTION # 88
A company runs a large-scale application on a feel of Amazon EC2 instances that ate distributed across several VPCs A Network Load Balancer (NLB) in a separate VPC routes traffic to the EC2 instances The NLB's VPC is peered to all the application VPCs The application must process millions of requests each minute during times of peak utilization Users are reporting that the connections to the application are failing during peak times Monitoring shows an increase in port allocation errors on the NLB.
Which action will solve this issue with the LEAST change to the architecture?

  • A. Create an Application Load Balancer for the target group
  • B. Add a new target group to the same NLB listener
  • C. Increase the number of EC2 instances in the target group
  • D. Change the target group type to 'instance"

Answer: B


NEW QUESTION # 89
In the context of Amazon CloudFront Actions, you use the _____ when specifying APIs in IAM policies.

  • A. object names
  • B. class names
  • C. entity names
  • D. action names

Answer: D

Explanation:
In an AWS IAM policy, you can specify any and all API actions that Amazon CloudFront offers.
The action name must be prefixed with the lowercase string cloudfront. For example:
cloudfront:GetDistributionConfig
cloudfront:ListInvalidations
cloudfront:* (for all CloudFront actions).
In the reference link, there are tables that list the canonical names for all CloudFront actions. Use these canonical names when specifying APIs in IAM policies.
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/UsingWithIAM.html


NEW QUESTION # 90
Which two statements about placement groups are correct? Choose the 2 correct answers:

  • A. A placement group can span multiple VPCs.
  • B. It is best to use the same instance types in a placement group.
  • C. You cannot merge placement groups.
  • D. A placement group can span multiple Availability Zones.

Answer: A,C

Explanation:
A placement group can span multiple VPCs but may not experience the full performance benefit.
The only way to add instances from one placement group to another is to create AMIs out of the instances and spin them all up into one placement group.


NEW QUESTION # 91
......

Latest 2023 Realistic Verified AWS-Advanced-Networking-Specialty Dumps: https://www.validbraindumps.com/AWS-Advanced-Networking-Specialty-exam-prep.html

Pass Your Amazon AWS-Advanced-Networking-Specialty Exam with Correct 156 Questions and Answers: https://drive.google.com/open?id=1jEPyHAZKTuXRv1yJayfPzAzT7XKAFlfI

Related Articles

more
Amazon AWS-Advanced-Networking-Specialty Certification Practice Exam

Copyright © 2026 ValidBraindumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy