ANS-C00 : AWS Certified Advanced Networking – Specialty : Part 11

  1. How many BGP advertised routes can you have per route table?

    • 50
    • 200
    • 100
    • As many as you want as long as you contact AWS first.
    Explanation:
    You can only have 100 advertised routes from BGP. This cannot be changed.
  2. What MTU is recommended for VPN and Direct Connect links?

    • 1500 
    • 2000
    • 128
    • Jumbo Frames
    Explanation:
    Jumbo frames will not pass through VPN and Direct Connect links using AWS connections. You must use an MTU of 1500.
  3. Which statement about placement groups is incorrect?

    • A placement group is a logical grouping of instances in a single AZ.
    • If you stop an instance and restart it, it will always return to the same placement group. 
    • To help ensure capacity in a placement group, deploy all instances at once.
    • There is no charge for creating a placement group.
    Explanation:
    There may not be sufficient capacity in the placement group.
  4. Which two statements about placement groups are correct? (Choose two.)

    • A placement group can span multiple VPCs. 
    • A placement group can span multiple Availability Zones.
    • You cannot merge placement groups. 
    • It is best to use the same instance types in a placement group.
    Explanation:
    A placement group can span multiple VPCs but may not experience the full performance benefit. The only way to add instances from one placement group to another is to create AMIs out of the instances and spin them all up into one placement group.
  5. What are two reasons to have multiple IP addresses or interfaces on one server? (Choose two.)

    • You can host multiple SSLs
    • Create management networks
    • Direct Connect connections
    • Teaming multiple NICs for more throughput
    Explanation:
    You cannot bind multiple interfaces for faster speeds on AWS
  6. Which statement about Elastic IP addresses is incorrect?

    • Additional EIPs associated with one instance incur a charge.
    • Once an EIP is associated with an instance, you must manually change the hostname if you want it to match.
    • Once you associate an EIP with an instance, the original public IP is released.
    • Disassociated EIPs incur a charge.
    Explanation:
    The hostname automatically changes to match the new EIP.
  7. Which of these is not specified on an ENI?

    • A primary private IPv4 address
    • A source/destination check flag
    • A MAC address
    • An A record
    Explanation:
    An A record is not specified on an ENI. This is created in Route 53.
  8. What are two reasons that could cause an HTTP health check to fail? (Choose two.)

    • Security group blocking port 80 to the instance 
    • HTTP server not running 
    • No Internet Gateway
    • NACL blocking port 443 to the instance
    Explanation:
    A load balancer does not perform health checks through the internet gateway, so it is not necessary and 443 is HTTPS not HTTP
  9. Which one of these healthcheck reason codes is not a valid reason code?

    • Elb.InitialHealthChecking
    • Target.UnHealthy 
    • Target.NotInUse
    • Target.InvalidState
    Explanation:
    Target. UnHealthy does not exist.
  10. What are two features of an Application Load Balancer? (Choose two.)

    • Scales to handle any amount of traffic without interference
    • Can distribute traffic over multiple Availability Zones 
    • Can receive a static IP address
    • Can support SSLs
    Explanation:
    The network load balancer can scale larger and receive a static IP address, but not the Application load balancer.
  11. What must be added to your web server configuration to view the true requesting IP address?

    • X-Actual-IP
    • X-Forwarded-Proto
    • X-Amzn-Trace-ID
    • X-Forwarded-For
    Explanation:
    X-Forwarded-For. X-Forwarded-Proto is to see the protocol, X-Actual-IP doesn’t exist and X-Amzn-Trace-ID is for Amazon’s unique identifier.
  12. What are 2 possible ALIAS records? (Choose two.)

    • DynamoDB
    • Elastic Beanstalk
    • CloudFront
    • EC2 Instance
    Explanation:
    You cannot create an ALIAS record that points to an EC2 instance or DynamoDB.
  13. What are two routing methods used by Route 53? (Choose two.)

    • RIP
    • Failover
    • Latency
    • AS_PATH
    Explanation:
    RIP is used for network routing and AS_PATH is used for BGP path manipulation.
  14. Which is not a valid Route 53 record?

    • SPF
    • NAPTR
    • AAAA
    • BFD
    Explanation:
    BFD stands for Bi-directional Forwarding Detection and has nothing to do with Route 53.
  15. What is the minimum number of subnets for an RDS subnet group?

    • 3
    • 4
    • 1
    • 2
    Explanation:
    This allows for high availability and failover in case an RDS instance goes down.
  16. What is the DNS server address for a VPC (10.111.0.0/16) with a subnet of 10.111.4.0/24?

    • 10.111.0.2 
    • 10.111.4.2
    • 10.111.1.2
    • 10.111.4.1
    Explanation:
    The DNS server is the base VPC CIDR + 2.
  17. Which statement about VPC endpoints is incorrect?

    • Endpoints are transitive for Direct Connect connections. 
    • Endpoints cannot be extended out of a VPC.
    • Endpoints cannot be tagged.
    • An S3 endpoint allows Amazon AMIs to install some software.
    Explanation:
    Endpoints are not transitive for Direct Connect connections or any other connections. To access S3 resources through an endpoint from outside of a VPC, an EC2 proxy must be used.
  18. Which two methods can be used to ensure items are distributed only to the correct parties? (Choose two.)

    • Signed URLs
    • Signed cookies
    • Signed biscuits
    • Signed SSLs
    Explanation:
    Signed cookies and signed URLs are used to ensure only intended parties can access CloudFront resources.
  19. What is NOT a benefit of CloudFront?

    • Helps ease the strain on your web servers
    • Distributes traffic evenly to EC2 instances 
    • Speeds up distribution of RTMP content
    • Speeds up distribution of static and dynamic web content
    Explanation:
    Elastic Load balancers distribute traffic to EC2 instances.
  20. What two items are required for all AWS VPNs? (Choose two.)

    • Virtual Private Gateway 
    • ASN
    • A hardware router
    • Customer Gateway
    Explanation:
    An ASN is only required for dynamic VPNs and hardware routers are not required.
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments