AWS-Certified-Advanced-Networking-Specialty Free Practice Test

Your company’s policy requires that all VPCs peer with a “common services: VPC. This VPC contains a fleet of layer 7 proxies and an Internet gateway. No other VPC is allowed to provision an Internet gateway. You configure a new VPC and peer with the common service VPC as required by policy. You launch an Amazon EC2. Windows instance configured to forward all traffic to the layer 7 proxies in the common services VPC. The application on this server should successfully interact with Amazon S3 using its properly configured AWS Identity and Access Management (IAM) role. However, Amazon S3 is returning 403 errors to the application.
Which step should you take to enable access to Amazon S3?

1. A. Update the S3 bucket policy with the private IP address of the instance.
2. B. Exclude 169.254.169.0/24 from the instance’s proxy configuration.
3. C. Configure a VPC endpoint for Amazon S3 in the same subnet as the instance.
4. D. Update the CORS configuration for Amazon S3 to allow traffic from the proxy.

Correct Answer: B

You have been asked to monitor traffic flows on your Amazon EC2 instance. You will be performing deep packet inspection, looking for atypical patterns.
Which tool will enable you to look at this data?

1. A. Wireshark
2. B. VPC Flow Logs
3. C. AWS CLI
4. D. CloudWatch Logs

Correct Answer: A

A company uses an AWS Site-to-Site VPN to connect its corporate network The company recently added an AWS Direct Connect connection A network engineer wants all traffic to use the Direct Connect connection and for the VPN to be used as backup However after the Direct Connect connection was added traffic continued to pass through the VPN connection
What should the network engineer do to route the traffic through the Direct Connect connection'?

1. A. Add routes to the VPC route tables that specify the Direct Connect connection
2. B. Set local preference BGP community tags on the on-premises router
3. C. Advertise the same network routes over the Direct Connect connection and VPN connection
4. D. Ensure the Direct Connect connection AS_PATH is longer than the VPN connection AS_PATH

Correct Answer: C

A company recently migrated its Amazon EC2 instances to VPC private subnets to satisfy a security compliance requirement. The EC2 instances now use a NAT gateway tor internet access After the migration, some long-running database queries from private EC2 instances to a publicly accessible third-party database no longer receive responses The database query logs reveal that the queries successfully completed after 7 minutes but that the client EC2 instances never received the response.
Which configuration change should a network engineer implement to resolve this issue''

1. A. Configure the NAT gateway timeout to allow connections for up to 600 seconds
2. B. Enable enhanced networking on the client EC2 instances
3. C. Enable TCP keepalive on the client EC2 instances with a value of less than 300 seconds
4. D. Close idle TCP connections though the NAT gateway

Correct Answer: C

A company has two AWS accounts: one for Production and one for Connectivity. A network engineer needs to connect the Production account VPC to a transit gateway in the Connectivity account. The feature to auto accept shared attachments is not enabled on the transit gateway.
Which sot of stops should the network engineer follow in each AWS account to meet those requirements?

1. A. * 1. In the Production account Create a resource share In AWS Resource Access Manager for the transit gateway Provide the Connectivity account ID Enable thefeature to allow external accounts* 2. In the Connectivity account Accept the resource* 3. In the Connectivity account Create an attachment to the VPC subnets* 4. In the Production account: Accept the attachmen
2. B. Associate a route table with the attachment.
3. C. * 1. In the Production account Create a resource share In AWS Resource Access Manager for the VPC subnets Provide the Connectivity account ID Enable the feature to allow external accounts.* 2. In the Connectivity account Accept the resource* 3. In the Production account Create an attachment on the transit gateway to the VPC subnets* 4. In the Connectivity account Accept the attachment Associate a route table will the attachment.
4. D. * 1. In the Connectivity account Create a resource share in AWS Resource Access Manager for the VPC subnet
5. E. Provide the Production account ID Enable the feature lo allow external accounts.* 2. In the Production account Accept the resource* 3. In the Connectivity account Create an attachment on the transit gateway to the VPC subnets A In the Production account Accept the attachment Associate a route table with the attachment.
6. F. * 1. In the Connectivity account Create a resource share in AWS Resource Access Manager for the transit gateway Provide the Production account ID Enable the feature to allow external accounts* 2. In the Production account Accept the resource.* 3 In the Production account Create an attachment to the VPC subnets* 4. In the Connectivity account Accept the attachmen
7. G. Associate a route tab e win toe attachment

Correct Answer: A