AWS-Certified-Advanced-Networking-Specialty Free Practice Test

A network engineer is managing two AWS Direct Connect connections. Each connection has a public virtual interface configured with a private ASN. The engineer wants to configure active/passive routing between the Direct Connect connections to access Amazon public endpoints. What BGP configuration is required for the on-premises equipment? (Select two.)

1. A. Use Local Pref to control outbound traffic.
2. B. Use AS Prepending to control inbound traffic.
3. C. Use eBGP multi-hop between loopback interfaces.
4. D. Use BGP Communities to control outbound traffic.
5. E. Advertise more specific prefixes over one Direct Connect connection.

Correct Answer: AE
https://aws.amazon.com/premiumsupport/knowledge-center/active-passive-direct-connect/

A VPC is deployed with a 10 0 0.0/16 CIDR block. The engineering team is reviewing DHCP options and there is disagreement about the valid DNS addresses available for the VPC Which addresses are valid IP addresses provided by Amazon for this subnet' (Select TWO.)

1. A. 8.8.8.8
2. B. 10.00.2
3. C. 10.1.0.2
4. D. 169.254.169.253
5. E. 169.254.169.254

Correct Answer: BE

Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution. A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location.
Which solution will meet this requirement, while minimizing downtime and costs?

1. A. Deploy a third-party vendor solution to perform deep packet inspection in a transit VPC.
2. B. Enable VPC Flow Logs on each VP
3. C. Set up a stream of the flow logs to a central Amazon Elasticsearch cluster.
4. D. Enable Amazon Macie on each AWS account and configure central reporting.
5. E. Enable Amazon GuardDuty on each account as members of a central account.

Correct Answer: D
References:
https://aws.amazon.com/blogs/security/how-to-manage-amazon-guardduty-security-findings-across-multiple-acc

A network architect is designing an internet website. It has web, application, and database tiers that will run in AWS. The website uses Amazon DynamoDB.
Which architecture will minimize public exposure of the back-end instances?

1. A. A VPC with public subnets for the NLB, public subnets for the web tier, private subnets for the application tier, and private subnets for DynamoDB.
2. B. A VPC with public subnets for the ALB, private subnets for the web tier, and private subnets for the application tie
3. C. The application tier connects DynamoDB through a VPC endpoint.
4. D. A VPC with public subnets for the ALB, public subnets for the web tier, private subnets for the application tier, and private subnets for DynamoDB.
5. E. A VPC with public subnets for the NLB, private subnets for the web tier, and public subnets for theapplication tie
6. F. The application tier connects DynamoDB through a VPC endpoint.

Correct Answer: B

An architecture is being designed to support an Amazon WorkSpaces deployment of 1,000 desktops. Which architecture will support this deployment while allowing for future expansion?

1. A. A VPC with a /16 CIDR and one /21 subnet
2. B. A VPC with a /20 CIDR and two /21 subnets
3. C. A VPC with a /16 CIDR and one /22 subnet
4. D. A VPC with a /20 CIDR and two /23 subnets

Correct Answer: B