What Download ANS-C00 Test Is

NEW QUESTION 1
In the context of Amazon CloudFront Actions, you use the ______ when specifying APIs in IAM policies.

• A. object names
• B. class names
• C. entity names
• D. action names

Answer: D

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/UsingWithIAM.html

NEW QUESTION 2
What service is used to store the log files generated by CloudTrail?

• A. EC2
• B. EBS
• C. S3
• D. VPC

Answer: C

Explanation:
Reference: https://aws.amazon.com/cloudtrail/

NEW QUESTION 3
With AWS CloudTrail, creating multiple trails in one region allows ______ to focus on one aspect of AWS operation.

• A. callers
• B. events
• C. buckets
• D. stakeholders

Answer: D

Explanation:
Reference:
https://aws.amazon.com/cloudtrail/faqs/

NEW QUESTION 4
True or false: A VPC contains multiple subnets, where each subnet can span multiple Availability Zones.

• A. This is true only for US regions.
• B. This is false.
• C. This is true.
• D. This is true only if requested during the set-up of VP

Answer: B

Explanation:
Reference:
https://aws.amazon.com/vpc/faqs/

NEW QUESTION 5
Each custom AWS Config rule you create must be associated with a(n) AWS _____ , which contains the logic that evaluates whether your AWS resources comply with the rule.

• A. Lambda function
• B. Configuration trigger
• C. EC2 instance
• D. S3 bucket

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html

NEW QUESTION 6
Which of the following types of contents cannot serve over HTTP or HTTPS in Amazon CloudFront?

• A. Apple HTTP Live Streaming
• B. Static and dynamic download content
• C. Adobe Flash multimedia content
• D. CloudFront RTMP distribution

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-overview.html

NEW QUESTION 7
You would like to ensure that all Amazon S3 buckets going forward, current and newly created ones, have logging enabled. What type of trigger(s) should you use?

• A. only a periodic trigger
• B. only a configuration change trigger
• C. both configuration change and periodic triggers
• D. only a transitioning trigger

Answer: B

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config-rules.html

NEW QUESTION 8
In the context of Amazon CloudFront, when you configure the media player, the path you specify to the media file must contain the characters _____ .

• A. flv/std just before the domain name
• B. flv/std immediately after the domain name
• C. cfx/st just before the domain name
• D. cfx/st immediately after the domain name

Answer: D

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Streaming_URLs.html

NEW QUESTION 9
In Amazon CloudFront, you cannot configure CloudFront to process cookies for _____.

• A. HTTPS web distributions
• B. Web and RTMP distributions
• C. RTMP distributions
• D. HTTP web distributions

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html

NEW QUESTION 10
An AWS CloudTrail log file provides the identity and source IP address of the API caller, and a time of the API call, request parameters, and _____ .

• A. response elements
• B. event selectors
• C. port alarms
• D. destination buckets

Answer: A

Explanation:
Reference:
https://aws.amazon.com/cloudtrail/

NEW QUESTION 11
In order to change the name of the AWS Config _____ , you must stop the configuration recorder, delete the current one, and create a new one with a new name, since there can only be one of these per AWS account.

• A. SNS topic
• B. configuration history
• C. delivery channel
• D. S3 bucket path

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/update-dc.html

NEW QUESTION 12
In the "start using the AWS Direct Connect steps," when can you complete the Cross Connect step?

• A. After verifying your virtual interface
• B. After you have received your Letter of Authorization and Connecting Facility Assignment (LOA-CFA) from AWS
• C. 72 hours after submitting your request for AWS Direct Connect Connection
• D. Immediately after submitting your request for AWS Direct Connect Connection

Answer: B

Explanation:
Reference:
http://docs.aws.amazon.com/directconnect/latest/UserGuide/Colocation.html

NEW QUESTION 13
In your current role as the corporate network architect - you have decided to replace your existing hardware firewall appliances with a pair of Juniper SRX-Series Services Gateways. You have chosen these as AWS lists these as supportable devices for establishing IPsec connections. With this in mind, select the minimum set of options to ensure that you can establish IPsec connectivity between your on premise private corporate network and your AWS hosted VPC. Select which option is NOT required

• A. Initiate network connections from somewhere within your corporate network, this is required to bring the tunnels UP
• B. Deploy a Customer Gateway within your corporate network
• C. Deploy a Customer Gateway within your VPC
• D. Deploy a Virtual Private Gateway within your VPC

Answer: B

Explanation:
Reference:
https://aws.amazon.com/vpc/faqs/

NEW QUESTION 14
You are the AWS cloud architect and have been tasked with designing an appropriate subnetting design for your production VPC. Your production VPC requires secure communications back to the corporate private network. Quality of Service (QoS) is very important 24x7 for this particular connection, as real-time data is passed continually backwards and forwards between your on-prem bioinformatics enterprise application, and the number crunching servers deployed in the cloud. Any potential latency incurred on this connection will have a direct impact on the company's ability to attract investors and expansion into new markets. Select the correct network configuration that best facilitates your company's continued growth plans.

• A. Provision a Direct Connect connection - between your service provider's data center and the AWS region that your cloud compute resources exist in . Configure just a Private VirtualInterfac
• B. As this is a Direct Connection, a Virtual Private Gateway is not required
• C. Configure a site-to-site layer 2 software router using OpenVPN within your VPC and ensure that QoS enabled - this is a secure and cheap option
• D. Configure a site-to-site layer 3 software router using OpenVPN within your VPC and ensure that QoS enabled - this is a secure and cheap option
• E. Provision a Direct Connect connection - between your existing service provider's data center and the AWS region that your cloud compute resources exist i
• F. Configure a Virtual Private Gateway and Private Virtual Interface

Answer: D

Explanation:
Reference:
https://aws.amazon.com/directconnect/faqs/

NEW QUESTION 15
Within the TCP/IP model what is the name of the Packet Data Unit (PDU) used between Transport Layers for communication between sender and receiver

• A. Frames
• B. Packets
• C. Data
• D. Segments

Answer: D

Explanation:
Reference:
https://en.wikipedia.org/wiki/Transmission_Control_Protocol

NEW QUESTION 16
You are your company’s AWS cloud architect. You have created a VPC topology that consists of 3
VPCs. You have a centralised VPC (VPC-Shared) that provides shared services to the remaining 2 departmental dedicated VPCs (VPC-Dept1 and VPC-Dept2). The centralised VPC is VPC peered to both of the departmental VPCs, that is a VPC peering connection exists between VPC-Shared and VPC-Dept1, and a VPC peering connection exists between VPC-Shared and VPC-Dept2. Select the correct option from the list below.

• A. Network traffic is possible between VPC-Shared instances and VPC-Dept1 and VPC-Dept2 instances as long as the appropriate routes and security groups are in place, but only for communication that is initiated from VPC1-Shared instances as the default peering bi-directional communication flag has been disabled.
• B. Instances within VPC-Dept1 can communicate directly with instances in VPC-Shared, as long as the appropriate routes and security groups are in place, and vice versa regardless of who initiates communication
• C. All network communication remains blocked between all VPCs until the respective peering bidirectional communication flags are set to the appropriate setting that allows traffic to flow.
• D. Network traffic is possible between VPC-Shared instances and VPC-Dept1 and VPC-Dept2 instances as long as the appropriate routes and security groups are in place, but only for communication that is initiated from VPC1-Shared instances as the default peering bi-directional communication flag has been enabled.

Answer: B

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/peering-configurations-partialaccess. html#one-to-two-vpcs-instances

NEW QUESTION 17
Which of the following services is used to send an alert from CloudWatch?

• A. AWS SNS
• B. AWS EBS
• C. AWS SES
• D. AWS SQS

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/related_services.html

NEW QUESTION 18
What is the maximum number of CloudTrails that you can create per AWS region?

• A. 10
• B. 2
• C. 16
• D. 5

Answer: D

Explanation:
Reference:
https://aws.amazon.com/cloudtrail/faqs/

NEW QUESTION 19
Which CloudWatch attributes are used for the statistics generation?

• A. All the options are used
• B. Dimension
• C. Data point unit
• D. NameSpace

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html

NEW QUESTION 20
Use _____ to get more visibility into the health of your AWS Elastic Beanstalk application and take appropriate actions in case of hardware failure or performance degradation.

• A. Amazon Elastic Beanstalk command line
• B. Amazon EC2 log files
• C. Amazon CloudWatch
• D. Amazon Load balancing

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.concepts.design.html

NEW QUESTION 21
From the following options, select the answer that correctly describes the implementation of the HTTP protocol

• A. By definition, HTTP is a connection-less oriented protocol and therefore utilises TCP
• B. By definition, HTTP is a connection orientated protocol and therefore utilises TCP
• C. By definition, HTTP is a connection-less oriented protocol and therefore utilises UDP
• D. By definition, HTTP can be configured to be either connection or connection-less oriented - by specifying the appropriate HTTP header.

Answer: B

Explanation:
Reference:
https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol

NEW QUESTION 22
Which service is used by default to store the CloudTrail log files?

• A. Elastic Block Store (EBS)
• B. Redshift
• C. Simple Storage Service (S3)
• D. Glacier

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-working-with-log-files.html

NEW QUESTION 23
AWS CloudTrail can be configured to _____ log files across multiple accounts and regions so that log
files are delivered to a single bucket.

• A. aggregate
• B. disperse
• C. replicate
• D. encrypt

Answer: A

Explanation:
Reference:
https://aws.amazon.com/cloudtrail/

NEW QUESTION 24
Imagine you are using AWS Direct Connect with just one connection from your router to the AWS Direct Connect router. If your connection becomes unavailable, the communication with AWS cloud is lost. What is the best method to prevent this from happening?

• A. AWS Direct Connect neither provides BGP nor provides the failover.
• B. AWS Direct Connect recommends to have the same configuration set up in a multi AZ zone to prevent such loss in connections.
• C. AWS Direct Connect recommends that you request and configure two dedicated connections to AWS either using BGP Multipath (Active/Active) connection or the failover (Active/Passive) connection.
• D. AWS Direct connect does not have a provision to prevent the situation but when you design the system, it is recommended to request a back-up instance to which the traffic can be re-routed.

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.html#RedundantConnectio ns

NEW QUESTION 25
You can turn on the AWS Config service from the AWS CLI by running the subscribe command and passing as parameters a valid IAM role, SNS topic, and ______.

• A. EBS volume
• B. EC2 instance
• C. S3 bucket
• D. Kinesis stream

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/gs-cli-subscribe.html

NEW QUESTION 26
......