All ANS-C00 Test Inside Amazon Web Services Questions

Page: 5 / 5

Question 20

A logistics company has deployed a hybrid environment that has multiple VPCs in both the us-east-1 Region and the af-south-1 Region The on-premises data center is connected to us-east-1 through an AWS Direct Connect connection The Direct Connect connection is connected to a Direct Connect gateway that is associated with a transit gateway The transit gateway is attached to all the VPCs in us-east-1

An application that is deployed in af-south-1 requires access to a database in the data center The application also requires access to file storage in a VPC in us-east-1

Which solution will meet these requirements with the LOWEST latency?

Options:

Create a transit gateway in af-south-1, and attach the VPCs Create a transit gateway peering connection between the transit gateways

Create a Direct Connect connection in af-south-1, and attach the VPCs with a Direct Connect gateway and a transit gateway Create an AWS Site-to-Site VPN connection over the internet between the Direct Connect connections.

Create a transit gateway in af-south-1 and attach the VPCs Associate the transit gateway in af-south-1 with the Direct Connect gateway tn us-east-1

Create inter-Region VPC peering connections between the VPCs in each Region Use the transit gateway attachments in us-east-1 to access the database in the data center

Question 21

A customer has set up multiple VPCs for Dev, Test, Prod, and Management. You need to set up AWS Direct Connect to enable data flow from on-premises to each VPC. The customer has monitoring software running in the Management VPC that collects metrics from the instances in all the other VPCs. Due to budget requirements, data transfer charges should be kept at minimum.

Which design should be recommended?

Options:

Create a total of four private VIFs, one for each VPC owned by the customer, and route traffic between VPCs using the Direct Connect link.

Create a private VIF to the Management VPC, and peer this VPC to all other VPCs.

Create a private VIF to the Management VPC, and peer this VPC to all other VPCs, enable source/destination NAT in the Management VPC.

Create a total of four private VIFs, and enable VPC peering between all VPCs.

Question 22

Your company maintains an Amazon Route 53 private hosted zone. DNS resolution is restricted to a single, pre-existing VPC. For a new application deployment, you create an additional VPC in the same AWS account. Both this new VPC and your on-premises DNS infrastructure must resolve records in the existing private hosted zone.

Which two activities are required to enable DNS resolution both within the new VPC and from the on-premises infrastructure? (Select two.)

Options:

Update the DHCP options set for the new VPC with the Route 53 nameserver IP addresses.

Update the Route 53 private hosted zone’s VPC associations to include the new VPC.

Launch Amazon EC2-based DNS proxies in the new VPC. Specify the proxies as forwarders in the on-premises DNS.

Update the on-premises DNS to include forwarders to the Route 53 nameserver IP addresses.

Launch Amazon EC2-based DNS proxies in the new VPC. Specify the proxies in the DHCP options set.

Question 23

A company’s web application is deployed on Amazon EC2 instances behind a public Application Load Balancer. The application flags malicious requests and uses an AWS Lambda function to add the offending IP addresses to the network ACL to block any further request for 24 hours. Recently, the application has been receiving more malicious requests, which causes the network ACL to reach its limit of allowed entries.

Which action should be taken to block more IP addresses, without compromising the existing security requirements?