AWS-Certified-Advanced-Networking-Specialty Free Practice Test

Your company needs to leverage Amazon Simple Storage Solution (S3) for backup and archiving. According to company policy, data should not flow on the public Internet even if data is encrypted. You have set up two S3 buckets in us-east-1 and us-west-2. Your company data center is located on the West Coast of the United States. The design must be cost-effective and enable minimal latency.
Which design should you set up?

1. A. An AWS Direct Connect connection to us-east-1 and a Direct Connect connection to us-west-2.
2. B. An AWS Direct Connect connection to us-east-1.
3. C. An AWS Direct Connect connection to us-west-2.
4. D. An AWS Direct Connect connection to us-west-2 and a VPN connection to us-east-1.

Correct Answer: C

A network engineer has configured a private hosted zone using Amazon Route 53. The engineer needs to configure health checks for record sets within the zone that are associated with instances.
How can the engineer meet the requirements?

1. A. Configure a Route 53 health check to a private IP associated with the instances inside the VPC to be checked.
2. B. Configure a Route 53 health check pointing to an Amazon SNS topic that notifies an Amazon CloudWatch alarm when the Amazon EC2 StatusCheckFailed metric fails.
3. C. Create a CloudWatch metric that checks the status of the EC2 StatusCheckFailed metric, add an alarm to the metric, and then create a health check that is based on the state of the alarm.
4. D. Create a CloudWatch alarm for the StatusCheckFailed metric and choose Recover this instance, selecting a threshold value of 1.

Correct Answer: C

A company uses an Application Load Balancer (ALB) to provide access to a multi-tenant web application for 25 customers The company creates a unique hostname for each customer to use to access the application Hostnames use the format customer-name example.com.
Each customer has a dedicated group of Amazon EC2 instances that run their own version of the web application. When a customer visits customer-name example com, the ALB should route the request to the correct group of EC2 instances The company requires a highly available solution that is easy to maintain
Which solution meets these requirements at the LOWEST cost?

1. A. Create one ALB for all customers Create a listener rule that includes an HTTP header condition to match the URL Add a forward action to route the request to the customer target group Use Amazon Route 53 to create an alias record for each customer-name example com hostname that points to the ALB
2. B. Create one ALB for each customer Configure the listener to route requests to the customer target group Configure an NGINX proxy server to manageconnections to each ALB Use Amazon Route 53 to create a CNAME record for each customer-name example com hostname that points to the NGINX proxy server
3. C. Create one ALB for ail customers Create a listener rule that includes a Host header condition to match the hostname Add a forward action to route the request to the customer target group Use Amazon Route 53 to create an alias record for each customer-name example com hostname that points to the ALB
4. D. Create one ALB for each customer Configure the listener to route requests to the customer target group Create an Amazon CloudFront distribution Add each ALB to the distribution as a custom origin Use Amazon Route 53 to create an alias for each customer-name example com hostname that points to the CloudFront distribution

Correct Answer: A

An organization runs a consumer-facing website on AWS. The Amazon EC2-based web fleet is load balanced using the AWS Application Load Balancer, Amazon Route 53 is used to provide the public DNS services.
The following URLs need to server content to end users: test.example.com
web.example.com example.com
Based on this information, what combination of services must be used to meet the requirement? (Select two.)

1. A. Path condition in ALB listener to route example.com to appropriate target groups.
2. B. Host condition in ALB listener to route *.example.com to appropriate target groups.
3. C. Host condition a ALB listener to route example.com to appropriate target groups.
4. D. Path condition in ALB listener to route *.example.com to appropriate target groups.
5. E. Host condition in ALB listener to route $$$$.example.com to appropriate target groups.

Correct Answer: BC
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#rule-condition https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html

All IP addresses within a 10.0.0.0/16 VPC are fully utilized with application servers across two Availability Zones. The application servers need to send frequent UDP probes to a single central authentication server on the Internet to confirm that is running up-to-date packages. The network is designed for application servers to use a single NAT gateway for internal access. Testing reveals that a few of the servers are unable to communicate with the authentication server.

1. A. The NAT gateway does not support UDP traffic.
2. B. The authentication server is not accepting traffic.
3. C. The NAT gateway cannot allocate more ports.
4. D. The NAT gateway is launched in a private subnet.

Correct Answer: C
Ref: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
"A NAT gateway can support up to 55,000 simultaneous connections to each unique destination. This limit also applies if you create approximately 900 connections per second to a single destination (about 55,000 connections per minute). If the destination IP address, the destination port, or the protocol (TCP/UDP/ICMP) changes, you can create an additional 55,000 connections. For more than 55,000 connections, there is an increased chance of connection errors due to port allocation errors. These errors can be monitored by viewing the ErrorPortAllocation CloudWatch metric for your NAT gateway. For more information, see Monitoring NAT Gateways Using Amazon CloudWatch."