AWS-Certified-Advanced-Networking-Specialty Free Practice Test

A company needs to allow its remote users to access company resources in the AWS Cloud. The company has two VPCs that are connected through VPC peering. The remote users must be able to access resources in both VPCs by using secure connections from their laptop computers The company does not want to implement an access management solution that requires additional costs or effort.
Which solution meets these requirements?

1. A. Deploy an AWS Client VPN endpoint in one VPC, associate a subnet, and define a target networ
2. B. Add a rule to authorize client access to the target VP
3. C. and add a rule to authorize client access to the peered VP
4. D. Update resource security groups in both VPCs to allow traffic from the security group for the subnet associatio
5. E. Instruct the users to sign in to the AWS Management Console and navigate to Client VPN to connect to the Client VPN endpoint.
6. F. Deploy an AWS Client VPN endpoint in both VPCs, associate subnets, and define a target networ
7. G. Add a rule to authorize client access to each target VP
8. H. Update resource security groups in both VPCs to allow traffic from the security groups of each VPC for the subnet association
9. I. Securely send the users the configuration options, and instruct the users to install Client VPN endpoints at the same time to gain access to the resources.
10. J. Deploy a Network Load Balancer in front of the company resource
11. K. Set up security groups that contain the IP addresses of each of the user laptop
12. L. Instruct the users to connect to the application securely over TCP.
13. M. Deploy an AWS Client VPN endpoint in one VPC, associate a subnet, and define a target networ
14. N. Add a rule to authorize client access to the target VP
15. O. and add a rule to authorize client access to the peered VP
16. P. Update resource security groups in both VPCs to allow traffic from the security group for the subnet associatio
17. Q. Securely send the users the configuration options, and instruct the users to install Client VPN on their laptop
18. R. Instruct the users to connect to the Client VPN endpoint to gain access to the resources.

Correct Answer: B

You manage a web service that is used by client applications deployed in 300 offices worldwide. The web service architecture is an Elastic Load balancer (ELB) distributing traffic across four application servers deployed in an autoscaling group across two availability zones.
The ELB is configured to use round robin, and sticky sessions are disabled. You have configured the NACLs and Security Groups to allow port 22 from your bastion host, and port 80 from 0.0.0.0/0. The client configuration is managed by each regional IT team.
Upon inspection you find that a large amount of requests from incorrectly configured sites are causing a single application server to degrade. The remainder of the requests are equally distributed across all servers with no negative effects.
What should you do to remedy the situation and prevent future occurrences?

1. A. Mark the affected instance as degraded in the ELB and raise it with the client application team.
2. B. Update the NACL to only allow port 80 to the application servers from the ELB servers.
3. C. Update the Security Groups to only allow port 80 to the application servers from the ELB.
4. D. Terminate the affected instance and allow Auto Scaling to create a new instance.

Correct Answer: C

A company has a hybrid IT architecture with two AWS Direct Connect connections to provide high availability. The services hosted on-premises are accessible using public IPs, and are also on the 172.16.0.0/16 range. The AWS resources are on the 192.168.0.0/18 range. The company wants to use Amazon Elastic Load Balancing for SSL offloading, health checks, and sticky sessions.
What should be done to meet these requirements?

1. A. Create a Network Load Balancer pointing to the on-premises server's private IP address.
2. B. Create an Amazon CloudFront distribution for the on-premises service and use the public IPs of the on-premises servers as the origin.
3. C. Create a Network Load Balancer pointing to the on-premises server's public IP address.
4. D. Create an Application Load Balancer pointing to the on-premises server's private IP address.

Correct Answer: D

Changes made to a security group attached to an Application Load Balancer resulted in connectivity issues for a company's production web application. The Network Engineer needs to lock down permissions for the company's AWS account, automate auditing for any changes, and set up notifications.
What actions should accomplish this?

1. A. Configure IAM user policies to lock down permissions for specific user
2. B. Enable AWS CloudTrail to identify API calls from user
3. C. Use AWS Config to audit any changes, and configure Amazon SNS to send notifications.
4. D. Configure IAM user policies to lock down permissions for specific user
5. E. Enable AWS CloudTrail to identify the API calls from user
6. F. Configure AWS CodeCommit to audit any changes in configurations, and configure Amazon SNS to send notifications.
7. G. Configure IAM user policies to lock down permissions for specific user
8. H. Enable AWS CloudTrail to identify the API calls from user
9. I. Configure Amazon Macie to use machine learning to identify any configuration changes, and configure Amazon SNS to send notifications.
10. J. Configure IAM role policies to lock down permissions for specific user
11. K. Configure Amazon GuardDuty to audit and monitor configuration changes, and configure Amazon SNS to send notifications.

Correct Answer: A

Your company’s policy requires that all VPCs peer with a “common services: VPC. This VPC contains a fleet of layer 7 proxies and an Internet gateway. No other VPC is allowed to provision an Internet gateway. You configure a new VPC and peer with the common service VPC as required by policy. You launch an Amazon EC2. Windows instance configured to forward all traffic to the layer 7 proxies in the common services VPC. The application on this server should successfully interact with Amazon S3 using its properly configured AWS Identity and Access Management (IAM) role. However, Amazon S3 is returning 403 errors to the application.
Which step should you take to enable access to Amazon S3?

1. A. Update the S3 bucket policy with the private IP address of the instance.
2. B. Exclude 169.254.169.0/24 from the instance’s proxy configuration.
3. C. Configure a VPC endpoint for Amazon S3 in the same subnet as the instance.
4. D. Update the CORS configuration for Amazon S3 to allow traffic from the proxy.

Correct Answer: B