AWS-Certified-Advanced-Networking-Specialty Free Practice Test

A company's developers wrote an AWS Lambda function to modify existing private route tables in response to a security appliance's auto scaling events. The Lambda function will be invoked on lifecycle hooks for an Auto Scaling group and Is configured to run in a VPC The developers are unsure if the following 1AM policy provides sufficient permissions to be used as an execution role for this Lambda function.

The developers ask a network engineer to review the permissions.
Which set of permissions should the network engineer add lo the policy?

1. A. lambd
2. B. ListFunctions, lambda:GetPolicy, and ec2 Delete RouteTable
3. C. ec2:AssociateAddress, ec2 ModifylnstanceAttribut
4. D. and ec2 AssociateRouteTable
5. E. ec2:CreateNetworklntertace ec2 DeleteNetworklnterface, and ec2 ReplaceRoute
6. F. ec2:Describei.ifecydoHooks, ec2 DescribeScalingActivities, and ec2 DescribePolicies

Correct Answer: C

An IT company wants to securely perform an on-off migration of its on-premises VMs to the AWS Cloud by using AWS Server Migration Service {AWS SMS) For the first phase of the migration, the company must migrate 50 development VMs m batches during non-peak times over the next 7 days The VMs are between 2 GB and 5 GB in size The company has 1 Gbps of available bandwidth over the internet
Which network connectivity option meets these requirements MOST cost-effectively?

1. A. Contact an AWS partner to order a hosted VIF
2. B. Use the existing internet connection
3. C. Order an AWS Direct Connect connection Provision a public VIF
4. D. Create a VPN connection to AWS.

Correct Answer: D

An organization is using a VPC endpoint for Amazon S3. When the security group rules for a set of instances were initially configured, access was restricted to allow traffic only to the IP addresses of the Amazon S3 API endpoints in the region from the published JSON file. The application was working properly, but now is logging a growing number of timeouts when connecting with Amazon S3. No internet gateway is configured for the VPC.
Which solution will fix the connectivity failures with the LEAST amount of effort?

1. A. Create a Lambda function to update the security group based on AmazonIPSpaceChanged notifications.
2. B. Update the VPC routing to direct Amazon S3 prefix-list traffic to the VPC endpoint using the route tableAPIs.
3. C. Update the application server’s outbound security group to use the prefix-list for Amazon S3 in the same region.
4. D. Create an additional VPC endpoint for Amazon S3 in the same route table to scale the concurrent connections to Amazon.

Correct Answer: C
https://aws.amazon.com/blogs/aws/subscribe-to-aws-public-ip-address-changes-via-amazon-sns/

You are preparing to launch Amazon WorkSpaces and need to configure the appropriate networking resources. What must be configured to meet this requirement?

1. A. At least two subnets in different Availability Zones.
2. B. A dedicated VPC with Active Directory Services.
3. C. An IPsec VPN to on-premises Active Directory
4. D. Network address translation for outbound traffic.

Correct Answer: AD
References: https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces-vpc.html

A network engineer is managing two AWS Direct Connect connections. Each connection has a public virtual interface configured with a private ASN. The engineer wants to configure active/passive routing between the Direct Connect connections to access Amazon public endpoints. What BGP configuration is required for the on-premises equipment? (Select two.)

1. A. Use Local Pref to control outbound traffic.
2. B. Use AS Prepending to control inbound traffic.
3. C. Use eBGP multi-hop between loopback interfaces.
4. D. Use BGP Communities to control outbound traffic.
5. E. Advertise more specific prefixes over one Direct Connect connection.

Correct Answer: AE
https://aws.amazon.com/premiumsupport/knowledge-center/active-passive-direct-connect/