|Exam Name||:||AWS Certified Advanced Networking ? Specialty|
|Questions and Answers||:||65 Q & A|
|Updated On||:||Click to Check Update|
|PDF Download Mirror||:||AWS-CANS Brain Dump|
|Get Full Version||:||Pass4sure AWS-CANS Full Version|
You have multiple Amazon Elastic Compute Cloud (EC2) instances running a web server in a VPC configured with security groups and NACL. You need to ensure layer 7 protocol level logging of all network traffic (ACCEPT/REJECT) on the instances. What should be enabled to complete this task?
CloudWatch Logs at the VPC level
Packet sniffing at the instance level
VPC flow logs at the subnet level
Packet sniffing at the VPC level
Your company operates a single AWS account. A common services VPC is deployed to provide shared services, such as network scanning and compliance tools. Each AWS workload uses its own VPC, and each VPC must peer with the common services VPC. You must choose the most efficient and cost effective approach.
Which approach should be used to automate the required VPC peering?
AWS CloudTrail integration with Amazon CloudWatch Logs to trigger a Lambda function.
An OpsWorks Chef recipe to execute a command-line peering request.
Cfn-init with AWS CloudFormation to execute a command-line peering request.
An AWS CloudFormation template that includes a peering request.
Your organization requires strict adherence to a change control process for its Amazon Elastic Compute Cloud (EC2) and VPC environments. The organization uses AWS CloudFormation as the AWS service to control and implement changes. Which combination of three services provides an alert for changes made outside of AWS CloudFormation? (Select three.)
AWS Simple Notification Service
AWS CloudWatch metrics
AWS Identify and Access Management
You have a global corporate network with 153 individual IP prefixes in your internal routing table. You establish a private virtual interface over AWS Direct Connect to a VPC that has an Internet gateway (iGW). All instances in the VPC must be able to route to the Internet via an IGW and route to the global corporate network via the VGW.
How should you configure your on-premises BGP peer to meet these requirements?
Configure AS-Prepending on your BGP session
Summarize your prefix announcement to less than 100
Announce a default route to the VPC over the BGP session
Enable route propagation on the VPC route table
You are building an application that provides real-time audio and video services to customers on the Internet. The application requires high throughput. To ensure proper audio and video transmission, minimal latency is required.
Which of the following will improve transmission quality?
Enable enhanced networking
Select G2 instance types
Enable jumbo frames
Use multiple elastic network interfaces
The Payment Card Industry Data Security Standard (PCI DSS) merchants that handle credit card data must use strong cryptography. These merchants must also use security protocols to protect sensitive data during transmission over public networks.
You are migrating your PCI DSS application from on-premises SSL appliance and Apache to a VPC behind Amazon CloudFront. How should you configure CloudFront to meet this requirement?
Configure the CloudFront Cache Behavior to require HTTPS and the CloudFront Origin’s Protocol Policy to ‘Match Viewer’.
Configure the CloudFront Cache Behavior to allow TCP connections and to forward all requests to the origin without TLS termination at the edge.
Configure the CloudFront Cache Behavior to require HTTPS and to forward requests to the origin via AWS Direct Connect.
Configure the CloudFront Cache Behavior to redirect HTTP requests to HTTPS and to forward request to the origin via the Amazon private network.
You deploy your Internet-facing application is the us-west-2(Oregon) region. To manage this application and upload content from your corporate network, you have a 1–Gbps AWS Direct Connect connection with a private virtual interface via one of the associated Direct Connect locations. In normal operation, you use approximately 300 Mbps of the available bandwidth, which is more than your Internet connection from the corporate network.
You need to deploy another identical instance of the application is us-east-1(N Virginia) as soon as possible. You need to use the benefits of Direct Connect. Your design must be the most effective solution regarding cost, performance, and time to deploy.
Which design should you choose?
Use the inter-region capabilities of Direct Connect to establish a private virtual interface from us-west-2 Direct Connect location to the new VPC in us-east-1.
Deploy an IPsec VPN over your corporate Internet connection to us-east-1 to provide access to the new VPC.
Use the inter-region capabilities of Direct Connect to deploy an IPsec VPN over a public virtual interface to the new VPC in us-east-1.
Use VPC peering to connect the existing VPC in us-west-2 to the new VPC in us-east-1, and then route traffic over Direct Connect and transit the peering connection.
Your company has a 1-Gbps AWS Direct Connect connection to AWS. Your company needs to send traffic from on-premises to a VPC owned by a partner company. The connectivity must have minimal latency at the lowest price.
Which of the following connectivity options should you choose?
Create a new Direct Connect connection, and set up a new circuit to connect to the partner VPC using a private virtual interface.
Create a new Direct Connect connection, and leverage the existing circuit to connect to the partner VPC.
Create a new private virtual interface, and leverage the existing connection to connect to the partner VPC.
Enable VPC peering and use your VPC as a transitive point to reach the partner VPC.