AWS-Certified-Advanced-Networking-Specialty Free Practice Test

A logistics company has deployed a hybrid environment that has multiple VPCs in both the us-east-1 Region and the af-south-1 Region The on-premises data center is connected to us-east-1 through an AWS Direct Connect connection The Direct Connect connection is connected to a Direct Connect gateway that is associated with a transit gateway The transit gateway is attached to all the VPCs in us-east-1
An application that is deployed in af-south-1 requires access to a database in the data center The application also requires access to file storage in a VPC in us-east-1
Which solution will meet these requirements with the LOWEST latency?

1. A. Create a transit gateway in af-south-1, and attach the VPCs Create a transit gateway peering connection between the transit gateways
2. B. Create a Direct Connect connection in af-south-1, and attach the VPCs with a Direct Connect gateway and a transit gateway Create an AWS Site-to-Site VPN connection over the internet between the Direct Connect connections.
3. C. Create a transit gateway in af-south-1 and attach the VPCs Associate the transit gateway in af-south-1 with the Direct Connect gateway tn us-east-1
4. D. Create inter-Region VPC peering connections between the VPCs in each Region Use the transit gateway attachments in us-east-1 to access the database in the data center

Correct Answer: A

Your company decides to use Amazon S3 to augment its on-premises data store. Instead of using the company’s highly controlled, on-premises Internet gateway, a Direct Connect connection is ordered to provide high bandwidth, low latency access to S3. Since the company does not own a publically routable IPv4 address block, a request was made to AWS for an AWS-owned address for a Public Virtual Interface (VIF).
The security team is calling this new connection a “backdoor”, and you have been asked to clarify the risk to the company.
Which concern from the security team is valid and should be addressed?

1. A. AWS advertises its aggregate routes to the Internet allowing anyone on the Internet to reach the router.
2. B. Direct Connect customers with a Public VIF in the same region could directly reach the router.
3. C. EC2 instances in the same region with access to the Internet could directly reach the router.
4. D. The S3 service could reach the router through a pre-configured VPC Endpoint.

Correct Answer: C
https://aws.amazon.com/premiumsupport/knowledge-center/control-routes-direct-connect/

A company hosts several applications in the AWS Cloud across multiple VPCs that are connected to a transit gateway Redundant AWS Direct Connect connections and a Direct Connect gateway provide private network connectivity lo the company's on-premises environment
During a maintenance window, the networking team adds eight VPCs The application management team notices that there is no reachability between the newly created VPCs and the on-premises environment Connectivity between all VPCs through the transit gateway is working as expected.
Which of the following are possible causes of the connectivity issues? (Choose TWO)

1. A. The prefixes that are advertised from the Direct Connect gateway to the on-premises router are shorter than the CIDR blocks of the newly created VPCs
2. B. The route tables for the newly created
3. C. VPCs do not have the routes to the on-premises environment that point to the transit gateway attachment
4. D. The on-premises route tables do not contain the exact CIDR blocks of the newly created VPCs
5. E. The route tables (or the newly created VPCs have only summary routes for (he on-premises environment (fiat point to the transit gateway attachment.
6. F. The prefixes that are advertised from the Direct Connect gateway to the on-premises router do not contain the CIDR blocks of the newly created VPCs

Correct Answer: AD

A company has an application running on Amazon EC2 instances in a VPC The application must publish custom metrics to Amazon CloudWatch in the same AWS Region The metrics include proprietary information All connectivity must be over private IP addresses.
Which solution will meet these requirements'?

1. A. Connect to CloudWatch through a NAT gateway
2. B. Connect to CloudWatch through a gateway endpoint
3. C. Connect to CloudWatch through an internet gateway
4. D. Connect to CloudWatch through an interface endpoint

Correct Answer: D

A company has 225 mobile and desktop devices and 300 partner VPNs that need access to an AWS VPC. VPN users should not be able to reach one another. Which approach will meet the technical and security requirements while minimizing costs?

1. A. Use the AWS IPsec VPN for the mobile, desktop, and partner VPN connection
2. B. Use network access control lists (Network ACLs) and security groups to maintain routing separation.
3. C. Use the AWS IPsec VPN for the partner VPN connection
4. D. Use an Amazon EC2 instance VPN for the mobile and desktop device
5. E. Use Network ACLs and security groups to maintain routing separation.
6. F. Create an AWS Direct Connect connection between on-premises and AWS Use a public virtual interface to connect to the AWS IPsec VPN for the mobile, desktop, and partner VPN connections.
7. G. Use an Amazon EC2 instance VPN for the desktop, mobile, and partner VPN connection
8. H. Use features of the VPN instance to limit routing and connectivity.

Correct Answer: D