Free AWS Certified Advanced Networking – Specialty AWS-Certified-Advanced-Networking-Specialty Exam Practice Test

A company has recently established an AWS Direct Connect connection from its on-premises data center to AWS. A Network Engineer has blocked all traffic destined for Amazon S3 over the company's gateway to the internet from its on-premises firewall. S3 traffic should only traverse the Direct Connect connection. Currently, no one in the on-premises data center can access Amazon S3.Which solution will resolve this connectivity issue?

• Configure a private virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop for traffic destined for Amazon S3.
• Establish an S3 VPC endpoint for the company's Amazon VPC. Configure a private virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop
• Configure a public virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop for traffic destined for Amazon S3.
• Configure a public virtual interface on the Direct Connect connection. Establish an AWS managed VPN over the connection. Update the on-premises routing tables to choose the VPN connection as the preferred next hop.

A company uses an AWS Site-to-Site VPN to connect its corporate network The company recently added an AWS Direct Connect connection A network engineer wants all traffic to use the Direct Connect connection and for the VPN to be used as backup However after the Direct Connect connection was added traffic continued to pass through the VPN connectionWhat should the network engineer do to route the traffic through the Direct Connect connection'?

• Add routes to the VPC route tables that specify the Direct Connect connection
• Set local preference BGP community tags on the on-premises router
• Advertise the same network routes over the Direct Connect connection and VPN connection
• Ensure the Direct Connect connection AS_PATH is longer than the VPN connection AS_PATH

A corporate network routing table contains 624 individual RFC 1918 and public IP prefixes. You have two AWS Direct Connect connectors. You congure a private virtual interface on both connections to a virtual private gateway. The virtual private gateway is not currently attached to a VPC. Neither BGP session will maintain the Established state on the customer router. The AWS Management Console reports the private virtual interfaces as Down.What could you do to address the problem so that the AWS Management Console reports the private virtual interface as Available?

• Attach the virtual private gateway to a VPC and enable route propagation.
• Filter the public IP prexes on the corporate network from the private virtual interface.
• Change the BGP advertisements from the corporate network to only be a default route.
• Attach the second virtual interface to an alternative virtual private gateway. https://aws.amazon.com/es/premiumsupport/knowledge-center/virtual-interface-bgp-down/

Your hybrid networking environment consists of two application VPCs, a shared services VPC, and your corporate network. The corporate network is connected to the shared services VPC via an IPsec VPN with dynamic (BGP) routing enabled.The applications require access to a common authentication service in the shared services VPC. You need to enable native network access from the corporate network to both application VPCs.Which step should you take to meet the requirements?

• Use VPC peering to peer the application VPCs with the shared services VPC, and enable associated routing in the shared services VPC via the corporate VPN.
• Configure an IPsec VPN between the virtual private gateway in each application VPC to the virtual private gateway in the shared services VPC.
• Configure additional IPsec VPNs for each application VPC back to the corporate network, and enable VPC peering to the shared services VPC.
• Enable CloudHub functionality to route traffic between the three VPCs and the corporate network using dynamic BGP routing.

An organization is migrating its on-premises applications to AWS by using a lift-and-shift approach, taking advantage of managed AWS services wherever possible. The company must be able to edit the application code during the migration phase. One application is a traditional three-tier application, consisting of a web presentation tier, an application tier, and a database tier. The external calling client applications need their sessions to remain sticky to both the web and application nodes that they initially connect to.Which load balancing solution would allow the web and application tiers to scale horizontally independent from one another other?

• Use an Application Load Balancer at the web tier and a Classic Load Balancer at the application tier. Set session stickiness on both, but update the application code to create an application-controlled cookie on the Classic Load Balancer.
• Use an Application Load Balancer at both the web and application tiers, setting session stickiness at the target group level for both tiers.
• Deploy a web node and an application node as separate containers on the same host, using task linking to create a relationship between the pair. Add an Application Load Balancer with session stickiness in front of all web node containers.
• Use a Network Load Balancer at the web tier, and an Application Load Balancer at the application tier. Enable session stickiness on the Application Load Balancer, but take advantage of the native WebSockets protocols available to the Network Load Balancer.

A company provisions an AWS Direct Connect connection to permit access to Amazon EC2 resources in several Amazon VPCs and to data stored in private Amazon S3 buckets. The Network Engineer needs to configure the company's on-premises router for this Direct Connect connection.Which of the following actions will require the LEAST amount of configuration overhead on the customer router?

• Configure private virtual interfaces for the VPC resources and for Amazon S3.
• Configure private virtual interfaces for the VPC resources and a public virtual interface for Amazon S3.
• Configure a private virtual interface to a Direct Connect gateway for the VPC resources and for Amazon S3.
• Configure a private virtual interface to a Direct Connect gateway for the VPC resources and a public virtual interface for Amazon S3.

A company has 225 mobile and desktop devices and 300 partner VPNs that need access to an AWS VPC. VPN users should not be able to reach one another. Which approach will meet the technical and security requirements while minimizing costs?

• Use the AWS IPsec VPN for the mobile, desktop, and partner VPN connections. Use network access control lists (Network ACLs) and security groups to maintain routing separation.
• Use the AWS IPsec VPN for the partner VPN connections. Use an Amazon EC2 instance VPN for the mobile and desktop devices. Use Network ACLs and security groups to maintain routing separation.
• Create an AWS Direct Connect connection between on-premises and AWS Use a public virtual interface to connect to the AWS IPsec VPN for the mobile, desktop, and partner VPN connections.
• Use an Amazon EC2 instance VPN for the desktop, mobile, and partner VPN connections. Use features of the VPN instance to limit routing and connectivity.

A company uses a single connection to the internet when connecting its on-premises location to AWS. It has selected an AWS Partner Network (APN) Partner to provide a point-to-point circuit for its first-ever 10 Gbps AWS Direct Connect connection.What steps must be taken to order the cross-connect at the Direct Connect location?

• Obtain the LOA/CFA from the APN Partner when ordering connectivity. Upload it to the AWS Management Console when creating a new Direct Connect connection. AWS will ensure that the cross-connect is installed.
• Obtain the LOA/CFA from the AWS Management Console when ordering the Direct Connect connection. Provide it to the APN Partner when ordering connectivity. The Direct Connect partner will ensure that the cross-connect is installed.
• Obtain the LOA/CFA each from the AWS Management Console and the APN Partner. Provide both to the Facility Operator of the Direct Connect location. The Facility Operator will ensure that the cross-connect is installed.
• Identify the APN Partner in the AWS Management Console when creating the Direct Connect connection. Provide the resulting Connection ID to the APN Partner, who will ensure that the cross-connect is installed.

A financial company is designing a secure AWS network architecture to support a hybrid cloud strategy. Systems deployed in the AWS Cloud are mission critical and have strict availability requirements. The company anticipates the need for hundreds of VPCs. Instances will be transient and rely heavily on DNS resolution The applications must be designed to have Availability Zone isolation and tolerate the loss of an Availability ZoneWhat is the MOST reliable way to implement DNS in this scenario?

• Create a new DHCP options set with DNS settings with on-premises DNS servers that traverse an AWS Direct Connect connection.
• Create private hosted zones and share them with each VPC. Use Amazon Route 53 Resolver for hybrid DNS.
• Modify the default DHCP options set with a fleet of proxy DNS servers that are deployed in each VPC.
• Create a fleet of DNS proxy servers in a central VPC. Share the proxy fleet with each VPC using AWS PrivateLink.

A company is deploying a non-web application on an AWS load balancer. All targets are servers located on-premises that can be accessed by using AWS Direct Connect. The company wants to ensure that the source IP addresses of clients connecting to the application are passed all the way to the end server.How can this requirement be achieved?

• Use a Network Load Balancer to automatically preserve the source IP address.
• Use a Network Load Balancer and enable the X-Forwarded-For attribute.
• Use a Network Load Balancer and enable the ProxyProtocol v2 attribute.
• Use an Application Load Balancer to automatically preserve the source IP address in the X-Forwarded-For header. https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol