ANS-C01 Free Practice Test

An IoT company sells hardware sensor modules that periodically send out temperature, humidity, pressure, and location data through the MQTT messaging protocol. The hardware sensor modules send this data to the company's on-premises MQTT brokers that run on Linux servers behind a load balancer. The hardware sensor modules have been hardcoded with public IP addresses to reach the brokers.
The company is growing and is acquiring customers across the world. The existing solution can no longer scale and is introducing additional latency because of the company's global presence. As a result, the company decides to migrate its entire infrastructure from on premises to the AWS Cloud. The company needs to migrate without reconfiguring the hardware sensor modules that are already deployed across the world. The solution also must minimize latency.
The company migrates the MQTT brokers to run on Amazon EC2 instances. What should the company do next to meet these requirements?

1. A. Place the EC2 instances behind a Network Load Balancer (NLB). Configure TCP listener
2. B. Use Bring Your Own IP (BYOIP) from the on-premises network with the NLB.
3. C. Place the EC2 instances behind a Network Load Balancer (NLB). Configure TCP listener
4. D. Create an AWS Global Accelerator accelerator in front of the NLUse Bring Your Own IP (BYOIP) from the on-premises network with Global Accelerator.
5. E. Place the EC2 instances behind an Application Load Balancer (ALB). Configure TCP listener
6. F. Create an AWS Global Accelerator accelerator in front of the AL
7. G. Use Bring Your Own IP (BYOIP) from the on-premises network with Global Accelerator
8. H. Place the EC2 instances behind an Amazon CloudFront distributio
9. I. Use Bring Your Own IP (BYOIP) from the on-premises network with CloudFront.

Correct Answer: B

A company is hosting an application on Amazon EC2 instances behind an Application Load Balancer. The instances are in an Amazon EC2 Auto Scaling group. Because of a recent change to a security group, external users cannot access the application.
A network engineer needs to prevent this downtime from happening again. The network engineer must implement a solution that remediates noncompliant changes to security groups.
Which solution will meet these requirements?

1. A. Configure Amazon GuardDuty to detect inconsistencies between the desired security group configuration and the current security group configuratio
2. B. Create an AWS Systems Manager Automation runbook to remediate noncompliant security groups.
3. C. Configure an AWS Config rule to detect inconsistencies between the desired security group configuration and the current security group configuratio
4. D. Configure AWS OpsWorks for Chef to remediate noncompliant security groups.
5. E. Configure Amazon GuardDuty to detect inconsistencies between the desired security group configuration and the current security group configuratio
6. F. Configure AWS OpsWorks for Chef to remediate noncompliant security groups.
7. G. Configure an AWS Config rule to detect inconsistencies between the desired security group configuration and the current security group configuratio
8. H. Create an AWS Systems Manager Automation runbook to remediate noncompliant security groups.

Correct Answer: D
Configuring an AWS Config rule to detect inconsistencies between the desired security group configuration and the current security group configuration would enable evaluation of the compliance status of the security groups based on predefined or custom rules3. Creating an AWS Systems Manager Automation runbook to remediate noncompliant security groups would enable automation of the remediation process2. Additionally, configuring AWS Config to trigger the runbook when a noncompliant change is detected would enable timely and consistent remediation of security group changes.

A banking company is successfully operating its public mobile banking stack on AWS. The mobile banking stack is deployed in a VPC that includes private subnets and public subnets. The company is using IPv4 networking and has not deployed or supported IPv6 in the environment. The company has decided to adopt a third-party service provider's API and must integrate the API with the existing environment. The service provider’s API requires the use of IPv6.
A network engineer must turn on IPv6 connectivity for the existing workload that is deployed in a private subnet. The company does not want to permit IPv6 traffic from the public internet and mandates that the company's servers must initiate all IPv6 connectivity. The network engineer turns on IPv6 in the VPC and in the private subnets.
Which solution will meet these requirements?

1. A. Create an internet gateway and a NAT gateway in the VP
2. B. Add a route to the existing subnet route tables to point IPv6 traffic to the NAT gateway.
3. C. Create an internet gateway and a NAT instance in the VP
4. D. Add a route to the existing subnet route tables to point IPv6 traffic to the NAT instance.
5. E. Create an egress-only Internet gateway in the VPAdd a route to the existing subnet route tables topoint IPv6 traffic to the egress-only internet gateway.
6. F. Create an egress-only internet gateway in the VP
7. G. Configure a security group that denies all inbound traffi
8. H. Associate the security group with the egress-only internet gateway.

Correct Answer: C

A company recently migrated its Amazon EC2 instances to VPC private subnets to satisfy a security compliance requirement. The EC2 instances now use a NAT gateway for internet access. After the migration, some long-running database queries from private EC2 instances to a publicly accessible third-party database no longer receive responses. The database query logs reveal that the queries successfully completed after 7 minutes but that the client EC2 instances never received the response.
Which configuration change should a network engineer implement to resolve this issue?

1. A. Configure the NAT gateway timeout to allow connections for up to 600 seconds.
2. B. Enable enhanced networking on the client EC2 instances.
3. C. Enable TCP keepalive on the client EC2 instances with a value of less than 300 seconds.
4. D. Close idle TCP connections through the NAT gateway.

Correct Answer: C
When a TCP connection is idle for a long time, it may be terminated by network devices, including the NAT gateway. By enabling TCP keepalive, the client EC2 instances can periodically send packets to the third-party database to indicate that the connection is still active, preventing it from being terminated prematurely.

An international company provides early warning about tsunamis. The company plans to use IoT devices to monitor sea waves around the world. The data that is collected by the IoT devices must reach the company’s infrastructure on AWS as quickly as possible. The company is using three operation centers around the world. Each operation center is connected to AWS through Its own AWS Direct Connect connection. Each operation center is connected to the internet through at least two upstream internet service providers.
The company has its own provider-independent (PI) address space. The IoT devices use TCP protocols for reliable transmission of the data they collect. The IoT devices have both landline and mobile internet connectivity. The infrastructure and the solution will be deployed in multiple AWS Regions. The company will use Amazon Route 53 for DNS services.
A network engineer needs to design connectivity between the IoT devices and the services that run in the AWS Cloud.
Which solution will meet these requirements with the HIGHEST availability?

1. A. Set up an Amazon CloudFront distribution with origin failove
2. B. Create an origin group for each Region where the solution is deployed.
3. C. Set up Route 53 latency-based routin
4. D. Add latency alias record
5. E. For the latency alias records, set the value of Evaluate Target Health to Yes.
6. F. Set up an accelerator in AWS Global Accelerato
7. G. Configure Regional endpoint groups andhealth checks.
8. H. Set up Bring Your Own IP (BYOIP) addresse
9. I. Use the same PI addresses for each Region where the solution is deployed.

Correct Answer: B
https://aws.amazon.com/blogs/iot/automate-global-device-provisioning-with-aws-iot-core-and-amazon-route-53