AWS-Certified-Advanced-Networking-Specialty Free Practice Test

A VPC is deployed with a 10 0 0.0/16 CIDR block. The engineering team is reviewing DHCP options and there is disagreement about the valid DNS addresses available for the VPC Which addresses are valid IP addresses provided by Amazon for this subnet' (Select TWO.)

1. A. 8.8.8.8
2. B. 10.00.2
3. C. 10.1.0.2
4. D. 169.254.169.253
5. E. 169.254.169.254

Correct Answer: BE

Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution. A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location.
Which solution will meet this requirement, while minimizing downtime and costs?

1. A. Deploy a third-party vendor solution to perform deep packet inspection in a transit VPC.
2. B. Enable VPC Flow Logs on each VP
3. C. Set up a stream of the flow logs to a central Amazon Elasticsearch cluster.
4. D. Enable Amazon Macie on each AWS account and configure central reporting.
5. E. Enable Amazon GuardDuty on each account as members of a central account.

Correct Answer: D
References:
https://aws.amazon.com/blogs/security/how-to-manage-amazon-guardduty-security-findings-across-multiple-acc

A network architect is designing an internet website. It has web, application, and database tiers that will run in AWS. The website uses Amazon DynamoDB.
Which architecture will minimize public exposure of the back-end instances?

1. A. A VPC with public subnets for the NLB, public subnets for the web tier, private subnets for the application tier, and private subnets for DynamoDB.
2. B. A VPC with public subnets for the ALB, private subnets for the web tier, and private subnets for the application tie
3. C. The application tier connects DynamoDB through a VPC endpoint.
4. D. A VPC with public subnets for the ALB, public subnets for the web tier, private subnets for the application tier, and private subnets for DynamoDB.
5. E. A VPC with public subnets for the NLB, private subnets for the web tier, and public subnets for theapplication tie
6. F. The application tier connects DynamoDB through a VPC endpoint.

Correct Answer: B

An architecture is being designed to support an Amazon WorkSpaces deployment of 1,000 desktops. Which architecture will support this deployment while allowing for future expansion?

1. A. A VPC with a /16 CIDR and one /21 subnet
2. B. A VPC with a /20 CIDR and two /21 subnets
3. C. A VPC with a /16 CIDR and one /22 subnet
4. D. A VPC with a /20 CIDR and two /23 subnets

Correct Answer: B

Your company runs an application for the US market in the us-east-1 AWS region. This application uses proprietary TCP and UDP protocols on Amazon Elastic Compute Cloud (EC2) instances. End users run a
real-time, front-end application on their local PCs. This front-end application knows the DNS hostname of the service.
You must prepare the system for global expansion. The end users must access the application with lowest latency.
How should you use AWS services to meet these requirements?

1. A. Register the IP addresses of the service hosts as “A” records with latency-based routing policy in Amazon Route 53, and set a Route 53 health check for these hosts.
2. B. Set the Elastic Load Balancing (ELB) load balancer in front of the hosts of the service, and register the ELB name of the main service host as an ALIAS record with a latency-based routing policy in Route 53.
3. C. Set Amazon CloudFront in front of the host of the service, and register the CloudFront name of the main service as an ALIAS record in Route 53.
4. D. Set the Amazon API gateway in front of the service, and register the API gateway name of the main service as an ALIAS record in Route 53.

Correct Answer: B