ANS-C01 Free Practice Test

A company uses a 4 Gbps AWS Direct Connect dedicated connection with a link aggregation group (LAG) bundle to connect to five VPCs that are deployed in the us-east-1 Region. Each VPC serves a different business unit and uses its own private VIF for connectivity to the on-premises environment. Users are reporting slowness when they access resources that are hosted on AWS.
A network engineer finds that there are sudden increases in throughput and that the Direct Connect connection becomes saturated at the same time for about an hour each business day. The company wants to know which business unit is causing the sudden increase in throughput. The network engineer must find out this information and implement a solution to resolve the problem.
Which solution will meet these requirements?

1. A. Review the Amazon CloudWatch metrics for VirtualInterfaceBpsEgress and VirtualInterfaceBpsIngress to determine which VIF is sending the highest throughput during the period in which slowness is observe
2. B. Create a new 10 Gbps dedicated connectio
3. C. Shift traffic from the existing dedicated connection to the new dedicated connection.
4. D. Review the Amazon CloudWatch metrics for VirtualInterfaceBpsEgress and VirtualInterfaceBpsIngress to determine which VIF is sending the highest throughput during the period in which slowness is observe
5. E. Upgrade the bandwidth of the existing dedicated connection to 10 Gbps.
6. F. Review the Amazon CloudWatch metrics for ConnectionBpsIngress and ConnectionPpsEgress to determine which VIF is sending the highest throughput during the period in which slowness is observe
7. G. Upgrade the existing dedicated connection to a 5 Gbps hosted connection.
8. H. Review the Amazon CloudWatch metrics for ConnectionBpsIngress and ConnectionPpsEgress to determine which VIF is sending the highest throughput during the period in which slowness is observed.Create a new 10 Gbps dedicated connectio
9. I. Shift traffic from the existing dedicated connection to the new dedicated connection.

Correct Answer: A
To meet the requirements of finding out which business unit is causing the sudden increase in throughput and resolving the problem, the network engineer should review the Amazon CloudWatch metrics for VirtualInterfaceBpsEgress and VirtualInterfaceBpsIngress to determine which VIF is sending the highest throughput during the period in which slowness is observed (Option B). After identifying the VIF that is causing the issue, they can upgrade the bandwidth of the existing dedicated connection to 10 Gbps to resolve the problem (Option B).

A company deploys a new web application on Amazon EC2 instances. The application runs in private subnets in three Availability Zones behind an Application Load Balancer (ALB). Security auditors require encryption of all connections. The company uses Amazon Route 53 for DNS and uses AWS Certificate Manager (ACM) to automate SSL/TLS certificate provisioning. SSL/TLS connections are terminated on the ALB.
The company tests the application with a single EC2 instance and does not observe any problems. However, after production deployment, users report that they can log in but that they cannot use the application. Every new web request restarts the login process.
What should a network engineer do to resolve this issue?

1. A. Modify the ALB listener configuratio
2. B. Edit the rule that forwards traffic to the target grou
3. C. Change the rule to enable group-level stickines
4. D. Set the duration to the maximum application session length.
5. E. Replace the ALB with a Network Load Balance
6. F. Create a TLS listene
7. G. Create a new target group with the protocol type set to TLS Register the EC2 instance
8. H. Modify the target group configuration by enabling the stickiness attribute.
9. I. Modify the ALB target group configuration by enabling the stickiness attribut
10. J. Use an application-based cooki
11. K. Set the duration to the maximum application session length.
12. L. Remove the AL
13. M. Create an Amazon Route 53 rule with a failover routing policy for the application nam
14. N. Configure ACM to issue certificates for each EC2 instance.

Correct Answer: C

Your security team implements a host-based firewall on all of your Amazon Elastic Compute Cloud (EC2) instances to block all outgoing traffic. Exceptions must be requested for each specific requirement. Until you request a new rule, you cannot access the instance metadata service. Which firewall rule should you request to be added to your instances to allow instance metadata access?

1. A. Inbound; Protocol tcp; Source [Instance’s EIP]; Destination 169.254.169.254
2. B. Inbound; Protocol tcp; Destination 169.254.169.254; Destination port 80
3. C. Outbound; Protocol tcp; Destination 169.254.169.254; Destination port 80
4. D. Outbound; Protocol tcp; Destination 169.254.169.254; Destination port 443

Correct Answer: C
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html
To view all categories of instance metadata from within a running instance, use the following URI.
http://169.254.169.254/latest/meta-data/

A company is deploying third-party firewall appliances for traffic inspection and NAT capabilities in its VPC. The VPC is configured with private subnets and public subnets. The company needs to deploy the firewall appliances behind a load balancer.
Which architecture will meet these requirements MOST cost-effectively?

1. A. Deploy a Gateway Load Balancer with the firewall appliances as target
2. B. Configure the firewall appliances with a single network interface in a private subne
3. C. Use a NAT gateway to send the traffic to the internet after inspection.
4. D. Deploy a Gateway Load Balancer with the firewall appliances as target
5. E. Configure the firewall appliances with two network interfaces: one network interface in a private subnet and another network interface in a public subne
6. F. Use the NAT functionality on the firewall appliances to send the traffic to the internet after inspection.
7. G. Deploy a Network Load Balancer with the firewall appliances as target
8. H. Configure the firewall appliances with a single network interface in a private subne
9. I. Use a NAT gateway to send the traffic to the internet after inspection.
10. J. Deploy a Network Load Balancer with the firewall appliances as target
11. K. Configure the firewall appliances with two network interfaces: one network interface in a private subnet and another network interface in a public subne
12. L. Use the NAT functionality on the firewall appliances to send the traffic to the internet after inspection.

Correct Answer: B

A company uses AWS Direct Connect to connect its corporate network to multiple VPCs in the same AWS account and the same AWS Region. Each VPC uses its own private VIF and its own virtual LAN on the Direct Connect connection. The company has grown and will soon surpass the limit of VPCs and private VIFs for each connection.
What is the MOST scalable way to add VPCs with on-premises connectivity?

1. A. Provision a new Direct Connect connection to handle the additional VPC
2. B. Use the new connection to connect additional VPCs.
3. C. Create virtual private gateways for each VPC that is over the service quot
4. D. Use AWS Site-to-Site VPNto connect the virtual private gateways to the corporate network.
5. E. Create a Direct Connect gateway, and add virtual private gateway associations to the VPC
6. F. Configure a private VIF to connect to the corporate network.
7. G. Create a transit gateway, and attach the VPC
8. H. Create a Direct Connect gateway, and associate it with the transit gatewa
9. I. Create a transit VIF to the Direct Connect gateway.

Correct Answer: D
When a company requires connectivity to multiple VPCs over AWS Direct Connect, a scalable solution is to use a transit gateway. A transit gateway is a hub that can interconnect multiple VPCs and VPN connections. The VPCs can communicate with each other over the transitgateway, and on-premises networks can communicate with the VPCs through the Direct Connect gateway. This solution provides a central point of management and simplifies the configuration of network routing. By associating the Direct Connect gateway with the transit gateway, traffic between the VPCs and the on-premises network can be routed through the Direct Connect connection.