AmazonのANS-C01認証の最優秀問題集お客様はANS-C01を購入した前に、我々のウェブサイトでANS-C01問題集のサンプルを無料でダウンロードして自分の要求と一致するかどうか確認することができます。先行販売サービスは言うまでもなく、CertShikenのアフターサービスはお客様の販売者への評価の基準だと思います。お客様の利益を保証するために、完全的なアフターサービスは必要となります。我々の提供するANS-C01のアフターサービスは一年の無料更新と半年以内の失敗返金ということです。 Amazon AWS Certified Advanced Networking Specialty Exam 認定 ANS-C01 試験問題 (Q266-Q271):質問 # 266
A company needs to temporarily scale out capacity for an on-premises application and wants to deploy new servers on Amazon EC2 instances. A network engineer must design the networking solution for the connectivity and for the application on AWS.
The EC2 instances need to share data with the existing servers in the on-premises data center.
The servers must not be accessible from the internet. All traffic to the internet must route through the firewall in the on-premises data center. The servers must be able to access a third-party web application.
Which configuration will meet these requirements?
A. Create a VPC that has public subnets and private subnets. Create a customer gateway, a virtual private gateway, and an AWS Site-to-Site VPN connection. Create a route table, and associate the public subnets with the route table. Add a default route to the internet gateway. Create a route table, and associate the private subnets with the route table. Add routes for the on-premises data center subnets to the virtual private gateway. Deploy the application to the private subnets.
B. Create a VPC that has private subnets. Create a customer gateway, a virtual private gateway, and an AWS Site-to-Site VPN connection. Create a route table, and associate the private subnets with the route table. Add a default route to the virtual private gateway. Deploy the application to the private subnets.
C. Create a VPC that has public subnets. Create a customer gateway, a virtual private gateway, and an AWS Site-to-Site VPN connection. Create a route table, and associate the public subnets with the route table. Add a default route to the internet gateway. Add routes for the on-premises data center subnets to the virtual private gateway. Deploy the application to the public subnets.
D. Create a VPC that has public subnets and private subnets. Create a customer gateway, a virtual private gateway, and an AWS Site-to-Site VPN connection. Create a NAT gateway in a public subnet. Create a route table, and associate the public subnets with the route table. Add a default route to the internet gateway. Create a route table, and associate the private subnets with the route table. Add a default route to the NAT gateway. Add routes for the data center subnets to the virtual private gateway. Deploy the application to the private subnets.
正解:B
解説:
You don't need to a private subnet as you should only be able to get to the instances from on prem, also you don't need a public subnet with a nat gateway as internet traffic goes through on prem firewall.
質問 # 267
A company has an AWS environment that includes multiple VPCs that are connected by a transit gateway. The company has decided to use AWS Site-to-Site VPN to establish connectivity between its on-premises network and its AWS environment.
The company does not have a static public IP address for its on-premises network. A network engineer must implement a solution to initiate the VPN connection on the AWS side of the connection for traffic from the AWS environment to the on-premises network.
Which combination of steps should the network engineer take to establish VPN connectivity between the transit gateway and the on-premises network? (Choose three.)
A. Use a public certificate authority (CA) from AWS Private Certificate Authority to create a certificate.
B. Create a customer gateway. Specify the current dynamic IP address of the customer gateway device's external interface.
C. Create a customer gateway without specifying the IP address of the customer gateway device.
D. Configure the Site-to-Site VPN tunnel options to use Internet Key Exchange version 2 (IKEv2).
E. Configure the Site-to-Site VPN tunnel options to use Internet Key Exchange version 1 (IKEv1).
F. Use a private certificate authority (CA) from AWS Private Certificate Authority to create a certificate.
質問 # 268
A company is deploying a new web application that uses a three-tier model with a public-facing Network Load Balancer and web servers in an Amazon VPC. The application servers are hosted in the company's data center. There is an AWS Direct Connect connection between the VPC and the company's data center.
Load testing results indicate that up to 100 servers, equally distributed across multiple Availability Zones, are required to handle peak loads. The Network Engineer needs to design a VPC that has a /24 CIDR assigned to it.
How should the Engineer allocate subnets across three Availability Zones for each tier?
Response:
A. Network Load Balancer: /28 per subnet
Web: /25 per subnet
B. Network Load Balancer: /28 per subnet
Web: /27 per subnet
C. Network Load Balancer: /28 per subnet
Web: /26 per subnet
D. Network Load Balancer: /29 per subnet
Web: /26 per subnet
正解:C
質問 # 269
Which other AWS service is used to track `Related Events' within the Configuration Item?
Response:
A. SQS
B. AWS WAF
C. AWS CloudTrail
D. S3
正解:C
質問 # 270
Your company has decided to deploy AWS WorkSpaces for its hosted desktop solution. Your manager is very concerned with security and cost, as well as reliability. What two things should be deployed?
(Choose two.)
Response: