Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Pass the Amazon Web Services AWS Certified Specialty ANS-C01 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam ANS-C01 Premium Access

View all detail and faqs for the ANS-C01 exam

Go to Exam

857 Students Passed

87% Average Score

92% Same Questions

Viewing page 3 out of 9 pages

Viewing questions 21-30 out of questions

Questions # 21:

A company is deploying AWS Cloud WAN with edge locations in the us-east-1 Region and the ap-southeast-2 Region. Individual AWS Cloud WAN segments are configured for the development environment, the production environment, and the shared services environment at each edge location. Many new VPCs will be deployed for the environments and will be configured as attachments to the AWS Cloud WAN core network.

The company's network team wants to ensure that VPC attachments are configured for the correct segment. The network team will tag the VPC attachments by using the Environment key with a value of the corresponding environment segment name. The segment for the production environment in us-east-1 must require acceptance for attachment requests. AH other attachment requests must not require acceptance.

Which solution will meet these requirements?

Options:

Create a rule with a number of 100 that requires acceptance for attachments to the production segment. In the rule, set the condition logic to the "or" value. Include conditions that require a tag:Environment value of Production or a Region value of us-east-1. Create a rule with a number of 200 that does not require acceptance to map any tag:Environment values to their respective segments.

Create a rule with a number of 100 that requires acceptance for attachments to the production segment. In the rule, set the condition logic to the "and" value. Include conditions that require a tag:Environment value of Production and a Region value of us-east-1. Create a rule with a number of 200 that does not require acceptance to map any tag:Environment values to their respective segments.

Create a rule with a number of 100 that does not require acceptance to map any tag:Environment values to their respective segments. Create a rule with a number of 200 that requires acceptance for attachments to the production segment. In the rule, set the condition logic to the "and" value. Include conditions that require a tag:Environment value of Production and a Region value of us-east-1.

Create a rule with a number of 100 that does not require acceptance to map any tag:Environment values to their respective segments Create a rule with a number of 200 that requires acceptance for attachments to the production segment. In the rule, set the condition logic to the "or value. Include conditions that require a tag:Environment value of Production or a Region value of us-east-1.

Questions # 22:

A network engineer needs to set up an Amazon EC2 Auto Scaling group to run a Linux-based network appliance in a highly available architecture. The network engineer is configuring the new launch template for the Auto Scaling group.

In addition to the primary network interface the network appliance requires a second network interface that will be used exclusively by the application to exchange traffic with hosts over the internet. The company has set up a Bring Your Own IP (BYOIP) pool that includes an Elastic IP address that should be used as the public IP address for the second network interface.

How can the network engineer implement the required architecture?

Options:

Configure the two network interfaces in the launch template. Define the primary network interface to be created in one of the private subnets. For the second network interface, select one of the public subnets. Choose the BYOIP pool ID as the source of public IP addresses.

Configure the primary network interface in a private subnet in the launch template. Use the user data option to run a cloud-init script after boot to attach the second network interface from a subnet with auto-assign public IP addressing enabled.

Create an AWS Lambda function to run as a lifecycle hook of the Auto Scaling group when an instance is launching. In the Lambda function, assign a network interface to an AWS Global Accelerator endpoint.

During creation of the Auto Scaling group, select subnets for the primary network interface. Use the user data option to run a cloud-init script to allocate a second network interface and to associate an Elastic IP address from the BYOIP pool.

Questions # 23:

A network engineer must develop an AWS CloudFormation template that can create a virtual private gateway, a customer gateway, a VPN connection, and static routes in a route table. During testing of the template, the network engineer notes that the CloudFormation template has encountered an error and is rolling back.

What should the network engineer do to resolve the error?

Options:

Change the order of resource creation in the CloudFormation template.

Add the DependsOn attribute to the resource declaration for the virtual private gateway. Specify the route table entry resource.

Add a wait condition in the template to wait for the creation of the virtual private gateway.

Add the DependsOn attribute to the resource declaration for the route table entry. Specify the virtual private gateway resource.

Questions # 24:

A development team is building a new web application in the AWS Cloud. The main company domain, example.com. is currently hosted in an Amazon Route 53 public hosted zone in one of the company's production AWS accounts.

The developers want to test the web application in the company's staging AWS account by using publicly resolvable subdomains under the example.com domain with the ability to create and delete DNS records as needed. Developers have full access to Route 53 hosted zones within the staging account, but they are prohibited from accessing resources in any of the production AWS accounts.

Which combination of steps should a network engineer take to allow the developers to create records under the example.com domain? (Select TWO.)

Options:

Create a public hosted zone for example.com in the staging account.

Create a staging.example.com NS record in the example.com domain. Populate the value with the name servers from the staging.example.com domain. Set the routing policy type to simple routing.

Create a private hosted zone for stagmg.example.com in the staging account.

Create an example.com NS record in the staging.example.com domain. Populate the value with the name servers from the example.com domain. Set the routing policy type to simple routing

Create a public hosted zone for staging.example.com in the staging account.

Questions # 25:

A company is moving its record-keeping application to the AWS Cloud. All traffic between the company's on-premises data center and AWS must be encrypted at all times and at every transit device during the migration.

The application will reside across multiple Availability Zones in a single AWS Region. The application will use existing 10 Gbps AWS Direct Connect dedicated connections with a MACsec capable port. A network engineer must ensure that the Direct Connect connection is secured accordingly at every transit device.

The network engineer creates a Connection Key Name and Connectivity Association Key (CKN/CAK) pair for the MACsec secret key.

Which combination of additional steps should the network engineer take to meet the requirements? (Choose two.)

Options:

Configure the on-premises router with the MACsec secret key.

Update the connection's MACsec encryption mode to must_encrypt. Then associate the CKN/CAK pair with the connection.

Update the connection's MACsec encryption mode to should encrypt. Then associate the CKN/CAK pair with the connection.

Associate the CKN/CAK pair with the connection. Then update the connection's MACsec encryption mode to must_encrypt.

Associate the CKN/CAK pair with the connection. Then update the connection’s MACsec encryption mode to should_encrypt.

Questions # 26:

A global company is establishing network connections between the company's primary and secondary data centers and a VPC. A network engineer needs to maximize resiliency and fault tolerance for the connections. The network bandwidth must be greater than 10 Gbps.

Which solution will meet these requirements MOST cost-effectively?

Options:

Set up a 100 Gbps connection at the primary data center that terminates at an AWS Direct Connect location. Set up a second 100 Gbps connection at the secondary data center that terminates at a second Direct Connect location. Ensure the connections aremanaged by separate providers.

Set up a 10 Gbps connection at the primary data center that terminates at an AWS Direct Connect location. Set up a second 10 Gbps connection at the secondary data center that terminates at a second Direct Connect location. Ensure the connections are managed by separate providers.

Set up two 10 Gbps connections at the primary data center that terminate at one AWS Direct Connect location. Ensure the connections are managed by separate providers. Set up two 10 Gbps connections at the secondary data center that terminate at a second Direct Connect location. Ensure the connections are managed by separate providers.

Set up a 10 Gbps connection at the primary data center that terminates at an AWS Direct Connect location. Set up an AWS Site-to-Site VPN connection at the secondary data center that terminates at a virtual private gateway in the same Region as the company’s VPC.

Questions # 27:

A company has deployed a software-defined WAN (SD-WAN) solution to interconnect all of its offices. The company is migrating workloads to AWS and needs to extend its SD-WAN solution to support connectivity to these workloads.

A network engineer plans to deploy AWS Transit Gateway Connect and two SD-WAN virtual appliances to provide this connectivity. According to company policies, only a single SD-WAN virtual appliance can handle traffic from AWS workloads at a given time.

How should the network engineer configure routing to meet these requirements?

Options:

Add a static default route in the transit gateway route table to point to the secondary SD-WAN virtual appliance. Add routes that are more specific to point to the primary SD-WAN virtual appliance.

Configure the BGP community tag 7224:7300 on the primary SD-WAN virtual appliance for BGP routes toward the transit gateway.

Configure the AS_PATH prepend attribute on the secondary SD-WAN virtual appliance for BGP routes toward the transit gateway.

Disable equal-cost multi-path (ECMP) routing on the transit gateway for Transit Gateway Connect.

Questions # 28:

A company has a total of 30 VPCs. Three AWS Regions each contain 10 VPCs. The company has attached the VPCs in each Region to a transit gateway in that Region. The company also

has set up inter-Region peering connections between the transit gateways.

The company wants to use AWS Direct Connect to provide access from its on-premises location for only four VPCs across the three Regions. The company has provisioned four Direct

Connect connections at two Direct Connect locations.

Which combination of steps will meet these requirements MOST cost-effectively? (Select THREE.)

Options:

Create four virtual private gateways. Attach the virtual private gateways to the four VPCs.

Create a Direct Connect gateway. Associate the four virtual private gateways withthe Direct Connect gateway.

Create four transit VIFs on each Direct Connect connection. Associate the transit VIFs with the Direct Connect gateway.

Create four transit VIFs on each Direct Connect connection. Associate the transit VIFs with the four virtual private gateways.

Create four private VIFs on each Direct Connect connection to the Direct Connect gateway.

Create an association between the Direct Connect gateway and the transit gateways.

Questions # 29:

A company is running business applications on AWS. The company uses 50 AWS accounts, thousands of VPCs. and 3 AWS Regions across the United States and Europe.

A network engineer needs to establish network connectivity between an on-premises data center and the Regions. The network engineer also must establish connectivity between the VPCs. On-premises users and applications must be able to connect to applications that run in the VPCs.

The company has an existing AWS Direct Connect connection that the network engineer can use. The network engineer creates a transit gateway in each Region and configures the transit gateways as inter-Region peers.

Which solution will provide network connectivity from the on-premises data center to the Regions and will provide inter-VPC communications across the different Regions?

Options:

Create a private VIF with a gateway type of virtual private gateway. Configure the private VIF to use a virtual private gateway that is associated with one of the VPCs.

Create a private VIF to a new Direct Connect gateway. Associate the new Direct Connect gateway with a virtual private gateway in each VPC.

Create a transit VIF with a gateway association to a new Direct Connect gateway. Associate each transit gateway with the new Direct Connect gateway.

Create an AWS Site-to-Site VPN connection that uses a public VIF for the Direct Connect connection Attach the Site-to-Site VPN connection to the transit gateways.

Questions # 30:

A company runs workloads in multiple VPCs. The company needs to securely access a workload in one of the VPCs, named VPC-A, from an on-premises data center. A network engineer sets up an AWS Site-to-SiteVPN connection to a transit gateway. The network engineer configures dynamic routing for the connection, and communication works properly.

Recently, the owner of VPC-A added another CIDR range to the VPC. The VPC-A owner created workloads that use the additional CIDR range.

The company's on-premises network is unable to reach the new workloads. The network engineer needs to resolve the network connectivity issue and ensure that connectivity will not be affected if additional VPC CIDR ranges are added to the VPC in the future.

Which solution will meet these requirements with the MOST operational efficiency?

Options:

Configure route propagation for VPC-A to the VPN attachment route table.

Manually update the VPN attachment route table to include the new CIDR range.

Configure an Amazon EventBridge rule to invoke an AWS Lambda function when the rule to matches an update to the VPC-A CIDR range. Configure the Lambda function to update the VPN attachment route table.

Configure an Amazon CloudWatch alarm to invoke an AWS Lambda function when there is an update to the VPC-A CIDR range. Configure the Lambda function to update the VPN attachment route table. Restart the VPN tunnels.