2023 Latest AWS-Advanced-Networking-Specialty dumps - Instant Download PDF [Q80-Q104]

2023 Latest AWS-Advanced-Networking-Specialty dumps - Instant Download PDF

Updated Verified AWS-Advanced-Networking-Specialty Downloadable Printable Exam Dumps

The benefit in Obtaining the AWS Certified Advanced Networking - Specialty

AWS Advanced Networking Specialty certification advances your skills to design and implement AWS as well as hybrid iT architectures, and perform complex networking tasks. AWS Advanced Networking Specialty professional validates the candidates ability to design, develop, and deploy cloud-based solutions using AWS, implement core AWS services according to basic architectural best practices, design and maintain network architecture for all AWS services and leverage tools to automate AWS networking tasks.

• AWS Certified Advanced Networking - Specialty will be confident and stand different from others as their skills are more trained than non-certified professionals
• AWS Certified Advanced Networking - Specialty is distinguished among competitors. AWS Certified Advanced Networking - Specialty certification can give them an edge at that time easily when candidates appear for a job interview employers seek to notify something which differentiates the individual to another.
• AWS Certified Advanced Networking - Specialty has the knowledge to use the tools to complete the task efficiently and cost effectively than the other non-certified professionals lack in doing so
• AWS Certified Advanced Networking - Specialty has more useful and relevant networks that help them in setting career goals for themselves. AWS Certified Advanced Networking - Specialty networks provide them with the right career direction than non certified usually are unable to get.

 

NEW QUESTION 80
An AWS CloudFormation template is being used to create a VPC peering connection between two existing operational VPCs, each belonging to a different AWS account. All necessary components in the
'Remote' (receiving) account are already in place.
The template below creates the VPC peering connection in the Originating account. It contains these components:
AWSTemplateFormation Version: 2010-09-09
Parameters:
Originating VCId:
Type: String
RemoteVPCId:
Type: String
RemoteVPCAccountId:
Type: String
Resources:
newVPCPeeringConnection:
Type: 'AWS::EC2::VPCPeeringConnection'
Properties:
VpcdId: !Ref OriginatingVPCId
PeerVpcId: !Ref RemoteVPCId
PeerOwnerId: !Ref RemoteVPCAccountId
Which additional AWS CloudFormation components are necessary in the Originating account to create an operational cross-account VPC peering connection with AWS CloudFormation? (Select two.) Resources:

• A. NetworkInterfaceToRemoteVPC:
  Type: "AWS::EC2NetworkInterface"
  Resources:
• B. newEC2Route:
  Type: AWS::EC2::Route
  Resources:
• C. newVPCPeeringConnection:
  Type: 'AWS::EC2VPCPeeringConnection'
  PeerRoleArn: !Ref PeerRoleArn
• D. NewEC2SecurityGroup:
  Type: AWS::EC2::SecurityGroup
  Resources:
• E. VPCGatewayToRemoteVPC:
  Type: "AWS::EC2::VPCGatewayAttachment"
  Resources:

Answer: C,E

 

NEW QUESTION 81
A company installed an AWS Site-to-Site VPN and configured it to use two tunnels The company has learned that the VPN connectivity is unstable During a ping test from the on-premises data center to AWS: a network engineer notices that the first few ICMP replies time out but that subsequent requests are successful The AWS Management Console shows that the status for both tunnels last changed at the same time the ping responses were successfully received Which steps should the network engineer take to resolve the instability*? (Select TWO )

• A. Change the tunnel configuration to active/standby on the virtual private gateway
• B. Send ICMP requests to an instance in the VPC every 5 seconds from the on-premises network
• C. Use AS PATH prepending on one path to cause all traffic to prefer that tunnel
• D. Use a higher multi-exit discriminator (MED) value on the preferred path to prefer that tunnel
• E. Enable dead peer detection (DPD) on the customer gateway device

Answer: C,D

 

NEW QUESTION 82
You are preparing to launch Amazon WorkSpaces and need to configure the appropriate networking resources. What must be configured to meet this requirement?

• A. Network address translation for outbound traffic.
• B. A dedicated VPC with Active Directory Services.
• C. An IPsec VPN to on-premises Active Directory
• D. At least two subnets in different Availability Zones.

Answer: A,D

 

NEW QUESTION 83
An organization will be extending its existing on-premises infrastructure into the cloud. The design consists of a transit VPC that contains stateful firewalls that will be deployed in a highly available configuration across two Availability Zones for automatic failover.
What MUST be configured for this design to work? (Select two.)

• A. A different Autonomous System Number (ASN) for each firewall.
• B. Equal-cost multi-path routing (ECMP)
• C. Autonomous system (AS) path prepending
• D. Border Gateway Protocol (BGP) routing
• E. Static routing

Answer: C,D

Explanation:
Explanation
https://docs.aws.amazon.com/solutions/latest/cisco-based-transit-vpc/appendix-a.html

 

NEW QUESTION 84
Your company has a 1-Gbps AWS Direct Connect connection to AWS. Your company needs to send traffic from on-premises to a VPC owned by a partner company. The connectivity must have minimal latency at the lowest price.
Which of the following connectivity options should you choose?

• A. Create a new private virtual interface, and leverage the existing connection to connect to the partner VPC.
• B. Create a new Direct Connect connection, and leverage the existing circuit to connect to the partner VPC.
• C. Create a new Direct Connect connection, and set up a new circuit to connect to the partner VPC using a private virtual interface.
• D. Enable VPC peering and use your VPC as a transitive point to reach the partner VPC.

Answer: D

 

NEW QUESTION 85
A company deployed its production Amazon VPC using CIDR block 33.16.0.0/16. The company has nearly depleted its addresses and now needs to extend the VPC network.
Which CIDR blocks meet the company's requirement to extend the VPC network with a secondary CIDR?
(Choose two.)

• A. 192.168.1.0/24
• B. 10.0.0.0/8
• C. 172.16.0.0/18
• D. 100.70.0.0/17
• E. 33.17.0.0/16

Answer: D,E

 

NEW QUESTION 86
You have just peered two VPCs, and you need to improve performance for instances you plan on deploying. What are two steps you would take to do this? Choose the 2 correct answers:

• A. Set the MTU of your instances to 1500.
• B. Create two subnets in the same AZ and create a placement group.
• C. Create two subnets in different AZs and create a placement group.
• D. Ensure you choose instances that use enhanced networking.

Answer: B,D

Explanation:
A placement group can only be deployed in the same AZ and is only useful with enhanced networking instances.

 

NEW QUESTION 87
What is the IPv6 subnet CIDR used by a VPC?
Choose the correct answer:

• A. /128
• B. /16
• C. /56
• D. /48

Answer: C

Explanation:
A VPC will always use /56 as its CIDR

 

NEW QUESTION 88
A financial company is designing a secure AWS network architecture to support a hybrid cloud strategy. Systems deployed in the AWS Cloud are mission critical and have strict availability requirements. The company anticipates the need for hundreds of VPCs. Instances will be transient and rely heavily on DNS resolution. The applications must be designed to have Availability Zone isolation and tolerate the loss of an Availability Zone.
What is the MOST reliable way to implement DNS in this scenario?

• A. Create a fleet of DNS proxy servers in a central VPC. Share the proxy fleet with each VPC using AWS PrivateLink.
• B. Create private hosted zones and share them with each VPC. Use Amazon Route 53 Resolver for hybrid DNS.
• C. Modify the default DHCP options set with a fleet of proxy DNS servers that are deployed in each VPC.
• D. Create a new DHCP options set with DNS settings with on-premises DNS servers that traverse an AWS Direct Connect connection.

Answer: B

Explanation:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html

 

NEW QUESTION 89
Your company uses an NTP server to synchronize time across systems. The company runs multiple versions of Linux and Windows systems. You discover that the NTP server has failed, and you need to add an alternate NTP server to your instances.
Where should you apply the NTP server update to propagate information without rebooting your running instances?

• A. DHCP Options Set
• B. instance meta-data
• C. instance user-data
• D. cfn-init scripts

Answer: A

Explanation:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-dhcp-options.html

 

NEW QUESTION 90
Your hybrid networking environment consists of two application VPCs, a shared services VPC, and your corporate network. The corporate network is connected to the shared services VPC via an IPsec VPN with dynamic (BGP) routing enabled.
The applications require access to a common authentication service in the shared services VPC.
You need to enable native network access from the corporate network to both application VPCs.
Which step should you take to meet the requirements?

• A. Use VPC peering to peer the application VPCs with the shared services VPC, and enable associated routing in the shared services VPC via the corporate VPN.
• B. Enable CloudHub functionality to route traffic between the three VPCs and the corporate network using dynamic BGP routing.
• C. Configure an IPsec VPN between the virtual private gateway in each application VPC to the virtual private gateway in the shared services VPC.
• D. Configure additional IPsec VPNs for each application VPC back to the corporate network, and enable VPC peering to the shared services VPC.

Answer: D

 

NEW QUESTION 91
Your company has a highly available Direct Connect solution that utilizes two datacenters. Each data center contains one two-connection LAG and one standard DX connection. How many LOAs will be filled out in total if your company completes an order to add a new connection to each one of the LAGs?
Choose the correct answer:

• A. 0
• B. 1
• C. 2
• D. 3

Answer: C

Explanation:
Four LOAs are required for the first order and two more for the second.

 

NEW QUESTION 92
An organization has created a web application inside a VPC and wants to make it available to 200 client VPCs. The client VPCs are in the same region but are owned by other business units within the organization.
What is the best way to meet this requirement, without making the application publicly available?

• A. Deploy the web application behind an internal Application Load Balancer and control which clients have access by using security groups.
• B. Configure the application as an AWS PrivateLink-powered service, and have the client VPCs connect to the endpoint service by using an interface VPC endpoint.
• C. Enable VPC peering between the web application VPC and all client VPCs.
• D. Deploy the web application behind an internet-facing Application Load Balancer and control which clients have access by using security groups.

Answer: D

 

NEW QUESTION 93
What are two ways to influence the direction of Dynamic VPN traffic over multiple links? Choose the 2 correct answers:

• A. Shouting at it
• B. MED
• C. AS_PATH Prepending
• D. BFD

Answer: B,C

Explanation:
BFD detects failed links but does not create them. Shouting at it just isn't nice.

 

NEW QUESTION 94
Your organization runs a popular e-commerce application deployed on AWS that uses autoscaling in conjunction with an Elastic Load balancing (ELB) service with an HTTPS listener. Your security team reports that an exploitable vulnerability has been discovered in the encryption protocol and cipher that your site uses.
Which step should you take to fix this problem?

• A. Generate new SSL certificates for all web servers and replace current certificates.
• B. Leverage your current configuration management system to update SSL policy on all web servers.
• C. Change the security policy on the ELB to disable vulnerable protocols and ciphers.
• D. Generate new SSL certificates and use ELB to front-end the encrypted traffic for all web servers.

Answer: B

 

NEW QUESTION 95
You are a holdings company that buys many businesses and must integrate their VPCs into your network. You are constantly encountering networks with similar or overlapping subnets. What is the best way to manage this.
Choose the correct answer:

• A. A standby router for the overlapping subnets.
• B. VRF
• C. BFD
• D. A strict IP addressing policy that forces new companies to change the IP addresses of their VPCs.

Answer: B

Explanation:
VRF, or Virtual Routing and Forwarding will allow you to have multiple routing tables on your router.

 

NEW QUESTION 96
Your organization's corporate website must be available on www.acme.com and acme.com.
How should you configure Amazon Route 53 to meet this requirement?

• A. Configure acme.com with an ALIAS record targeting the ELB. www.acme.com with an ALIAS record targeting the ELB.
• B. Configure acme.com using a second ALIAS record with the ELB target. www.acme.com using a PTR record with the acme.com record target.
• C. Configure acme.com with an A record targeting the ELB. www.acme.com with a CNAME record targeting the acme.com record.
• D. Configure acme.com with a CNAME record targeting the ELB. www.acme.com with a CNAME record targeting the acme.com record.

Answer: A

Explanation:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-elb-load-balancer.html

 

NEW QUESTION 97
A company has a VPC in the us-west-1 Region and another VPC in the ap-southeast-2 Region Network engineers set up an AWS Direct Connect connection from their data center to the us-east-1 Region They create a private virtual interface (VIF) that references a Direct Connect gateway, which is then connected to virtual private gateways in both VPCs When the setup is complete, the engineers cannot access resources in us-west-1 from ap-southeast-2 What should the network engineers do to resolve this issued

• A. Establish a VPC peering connection between the VPCs in ap-southeast-2 and us-west-2 Add the subnet ranges to the routing tables
• B. Create static routes in each VPC that point to the destination VPC with the virtual private gateway as the route target
• C. Add the subnet range for the VPCs in us-west-1 and ap-southeast-2 to the route tables for both VPCs Add the Direct Connect gateway as a target
• D. Configure the Direct Connect gateway to route traffic between the VPCs in ap-southeast-2 and us-west-2

Answer: A

 

NEW QUESTION 98
You have been asked to monitor traffic flows on your Amazon EC2 instance. You will be performing deep packet inspection, looking for atypical patterns.
Which tool will enable you to look at this data?

• A. Wireshark
• B. VPC Flow Logs
• C. AWS CLI
• D. CloudWatch Logs

Answer: A

Explanation:
Explanation
References: https://www.slideshare.net/TeriRadichel/packet-capture-on-aws

 

NEW QUESTION 99
You have a three-tier web application with separate subnets for Web, Applications, and Database tiers. Your CISO suspects your application will be the target of malicious activity. You are tasked with notifying the security team in the event your application is port scanned by external systems.
Which two AWS Services cloud you leverage to build an automated notification system? (Select two.)

• A. AWS CloudTrail
• B. Internet gateway
• C. AWS Inspector
• D. VPC Flow Logs
• E. Lambda

Answer: A,E

Explanation:
https://aws.amazon.com/blogs/security/how-to-receive-alerts-when-specific-apis-are-called-by- using-aws-cloudtrail-amazon-sns-and-aws-lambda/

 

NEW QUESTION 100
A company has an AWS Direct Connect connection between its on-premises data center and Amazon VPC. An application running on an Amazon EC2 instance in the VPC needs to access confidential data stored in the on-premises data center with consistent performance For compliance purposes, data encryption is required.
What should the network engineer do to meet these requirements?

• A. Configure an internet gateway in the VPC Set up a software VPN between the customer gateway and an EC2 instance in the VPC.
• B. Configure a private virtual interface on the Direct Connect connection. Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.
• C. Configure an internet gateway in the VPC Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.
• D. Configure a public virtual interface on the Direct Connect connection. Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.

Answer: C

 

NEW QUESTION 101
The Payment Card Industry Data Security Standard (PCI DSS) merchants that handle credit card data must use strong cryptography. These merchants must also use security protocols to protect sensitive data during transmission over public networks.
You are migrating your PCI DSS application from on-premises SSL appliance and Apache to a VPC behind Amazon CloudFront.
How should you configure CloudFront to meet this requirement?

• A. Configure the CloudFront Cache Behavior to redirect HTTP requests to HTTPS and to forward request to the origin via the Amazon private network.
• B. Configure the CloudFront Cache Behavior to allow TCP connections and to forward all requests to the origin without TLS termination at the edge.
• C. Configure the CloudFront Cache Behavior to require HTTPS and to forward requests to the origin via AWS Direct Connect.
• D. Configure the CloudFront Cache Behavior to require HTTPS and the CloudFront Origin's Protocol Policy to 'Match Viewer'.

Answer: D

Explanation:
Explanation
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#D

 

NEW QUESTION 102
What are two reasons to have multiple IP addresses or interfaces on one server? Choose the 2 correct answers:

• A. Create management networks
• B. You can host multiple SSLs
• C. Direct Connect connections
• D. Teaming multiple NICs for more throughput

Answer: A,B

Explanation:
You cannot bind multiple interfaces for faster speeds on AWS

 

NEW QUESTION 103
An organization wants to process sensitive information using the Amazon EMR service. The information is stored in on-premises databases. The output of processing will be encrypted using AWS KMS before it is uploaded to a customer-owned Amazon S3 bucket. The current configuration includes a VPS with public and private subnets, with VPN connectivity to the on-premises network. The security organization does not allow Amazon EC2 instances to run in the public subnet.
What is the MOST simple and secure architecture that will achieve the organization's goal?

• A. use the existing VPS and a NAT gateway, and configure Amazon EMR in a private subnet with an Amazon S3 endpoint.
• B. Create a new VPS without an IGW and configure the VPN and Amazon EMR in a private subnet with an Amazon S3 endpoint.
• C. Use the existing VPC and configure Amazon EMR in a private subnet with an Amazon S3 endpoint.
• D. Create a new VPS without an IGW and configure the VPN and Amazon EMR in a private subnet with an Amazon S3 endpoint and a NAT gateway.

Answer: C

Explanation:
Explanation
https://docs.aws.amazon.com/kms/latest/developerguide/kms-vpc-endpoint.html

 

NEW QUESTION 104
......

For more info about AWS Certified Advanced Networking - Specialty

AWS Certified Advanced Networking - Specialty

 

The Ultimate Amazon AWS-Advanced-Networking-Specialty Dumps PDF Review: https://actual4test.torrentvce.com/AWS-Advanced-Networking-Specialty-valid-vce-collection.html