2023年最新のAmazon AWS-Advanced-Networking-Specialty試験問題には156問があります
無料で使えるAWS-Advanced-Networking-Specialty別格な問題集をダウンロード2023年01月03日に更新された156問があります
Amazon AWS-Advanced-Networking-Specialty 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
| トピック 9 |
|
| トピック 10 |
|
| トピック 11 |
|
| トピック 12 |
|
| トピック 13 |
|
| トピック 14 |
|
| トピック 15 |
|
| トピック 16 |
|
質問 61
You are configuring a virtual interface for access to your VPC on a newly provisioned 1-Gbps AWS Direct Connect connection. Which two configuration values do you need to provide? (Select two.)
- A. Public AS number
- B. Virtual private gateway
- C. VLAN ID
- D. IP prefixes to advertise
- E. Direct Connect location
正解: A,B
解説:
Explanation
References: https://aws.amazon.com/directconnect/faqs/
質問 62
A company has recently established an AWS Direct Connect connection from its on-premises data center to AWS. A Network Engineer has blocked all traffic destined for Amazon S3 over the company's gateway to the internet from its on-premises firewall. S3 traffic should only traverse the Direct Connect connection. Currently, no one in the on-premises data center can access Amazon S3.
Which solution will resolve this connectivity issue?
- A. Configure a public virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop for traffic destined for Amazon S3.
- B. Configure a public virtual interface on the Direct Connect connection. Establish an AWS managed VPN over the connection. Update the on-premises routing tables to choose the VPN connection as the preferred next hop.
- C. Configure a private virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop for traffic destined for Amazon S3.
- D. Establish an S3 VPC endpoint for the company's Amazon VPC. Configure a private virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop
正解: A
質問 63
A Network Engineer needs to create a public virtual interface on the company's AWS Direct Connect connection and only import routes which originated from the same region as the Direct Connect location.
What action should accomplish this?
- A. Configure a filter on the company's router to only import routes with the 7224:8100 BGP community attribute.
- B. Configure a prefix list on the customer router containing the AWS IP address ranges for the specific region.
- C. Configure a filter on the company's router to only import routes without a BGP community attribute and a maximum path length of 3.
- D. Configure a filter in the console and only allow routes advertised by AWS without a BGP community attribute and a maximum path length of 3.
正解: A
解説:
https://docs.aws.amazon.com/directconnect/latest/UserGuide/routing-and-bgp.html
7224:8100-Routes that originate from the same AWS Region in which the AWS Direct Connect point of presence is associated.
質問 64
An organization launched an IPv6-only web portal to support IPv6-native mobile clients. Front-end instances launch in an Amazon VPC associated with an appropriate IPv6 CIDR. The VPC IPv4 CIDR is fully utilized. A single subnet exists in each of two Availability Zones with appropriately configured IPv6 CIDR associations. Auto Scaling is properly configured, and no Elastic Load Balancing is used.
Customers say the service is unavailable during peak load times. The network engineer attempts to launch an instance manually and receives the following message: "There are not enough free addresses in subnet
'subnet-12345677' to satisfy the requested number of instances."
What action will resolve the availability problem?
- A. Add a secondary IPv4 CIDR to the Amazon VPC. Assign secondary IPv4 address space to each of the existing subnets.
- B. Create a new subnet using a VPC secondary IPv4 CIDR, and associate an IPv6 CIDR. Include the new subnet in the Auto Scaling group.
- C. Create a new subnet using a VPC secondary IPv6 CIDR, and associate an IPv6 CIDR. Include the new subnet in the Auto Scaling group.
- D. Resize the IPv6 CIDR on each of the existing subnets. Modify the Auto Scaling group maximum number of instances.
正解: B
質問 65
Your company needs to directly update an S3 bucket that serves as a CloudFront origin with the most reliability possible. Your company also has a set of private EC2 servers that it needs to access with the same reliability. Which combination will provide the best solution? Choose the correct answer:
- A. A Virtual Gateway and a Public VIF
- B. A Hosted VIF and a Private VIF
- C. A Public VIF and a Private VIF
- D. A Private VIF is all you need to access all AWS resources.
正解: C
解説:
The Public VIF will allow access to the S3 bucket, and the Private VIF will allow access to the EC2 instances.
質問 66
In the "start using the AWS Direct Connect steps," when can you complete the Cross Connect step?
- A. After you have received your Letter of Authorization and Connecting Facility Assignment (LOA- CFA) from AWS
- B. Immediately after submitting your request for AWS Direct Connect Connection
- C. After verifying your virtual interface
- D. 72 hours after submitting your request for AWS Direct Connect Connection
正解: A
解説:
To complete the steps of "start using the AWS Direct Connect," after submitting your request for AWS Direct Connect connection, AWS will send you an email within 72 hours with a Letter of Authorization and Connecting Facility Assignment (LOA-CFA). After you have received your LOA- CFA, you need to complete your cross-network connection, also known as a cross connect.
Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/Colocation.html
質問 67
What is the minimum number of subnets for an RDS subnet group? Choose the correct answer:
- A. 0
- B. 1
- C. 2
- D. 3
正解: B
解説:
This allows for high availability and failover in case an RDS instance goes down.
質問 68
An organization runs a consumer-facing website on AWS. The Amazon EC2-based web fleet is load balanced using the AWS Application Load Balancer, Amazon Route 53 is used to provide the public DNS services.
The following URLs need to server content to end users:
test.example.com
web.example.com
example.com
Based on this information, what combination of services must be used to meet the requirement?
(Select two.)
- A. Host condition a ALB listener to route example.com to appropriate target groups.
- B. Host condition in ALB listener to route *.example.com to appropriate target groups.
- C. Path condition in ALB listener to route *.example.com to appropriate target groups.
- D. Host condition in ALB listener to route $$$$.example.com to appropriate target groups.
- E. Path condition in ALB listener to route example.com to appropriate target groups.
正解: A,B
解説:
Based on Host Conditions mentioned on this URL:
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#rule-condition-types
質問 69
The Web Application Development team is worried about malicious activity from 200 random IP addresses.
Which action will ensure security and scalability from this type of threat?
- A. Use inbound network ACL rules to block the IP addresses.
- B. Use inbound security group rules to block the IP addresses.
- C. Write iptables rules on the instance to block the IP addresses.
- D. Use AWS WAF to block the IP addresses.
正解: A
質問 70
An organization launched an IPv6-only web portal to support IPv6-native mobile clients. Front- end instances launch in an Amazon VPC associated with an appropriate IPv6 CIDR. The VPC IPv4 CIDR is fully utilized. A single subnet exists in each of two Availability Zones with appropriately configured IPv6 CIDR associations. Auto Scaling is properly configured, and no Elastic Load Balancing is used.
Customers say the service is unavailable during peak load times. The network engineer attempts to launch an instance manually and receives the following message: "There are not enough free addresses in subnet `subnet-12345677' to satisfy the requested number of instances." What action will resolve the availability problem?
- A. Add a secondary IPv4 CIDR to the Amazon VPC. Assign secondary IPv4 address space to each of the existing subnets.
- B. Create a new subnet using a VPC secondary IPv4 CIDR, and associate an IPv6 CIDR. Include the new subnet in the Auto Scaling group.
- C. Create a new subnet using a VPC secondary IPv6 CIDR, and associate an IPv6 CIDR. Include the new subnet in the Auto Scaling group.
- D. Resize the IPv6 CIDR on each of the existing subnets. Modify the Auto Scaling group maximum number of instances.
正解: B
質問 71
A company has 225 mobile and desktop devices and 300 partner VPNs that need access to an AWS VPC.
VPN users should not be able to reach one another. Which approach will meet the technical and security requirements while minimizing costs?
- A. Use an Amazon EC2 instance VPN for the desktop, mobile, and partner VPN connections. Use features of the VPN instance to limit routing and connectivity.
- B. Use the AWS IPsec VPN for the partner VPN connections. Use an Amazon EC2 instance VPN for the mobile and desktop devices. Use Network ACLs and security groups to maintain routing separation.
- C. Create an AWS Direct Connect connection between on-premises and AWS Use a public virtual interface to connect to the AWS IPsec VPN for the mobile, desktop, and partner VPN connections.
- D. Use the AWS IPsec VPN for the mobile, desktop, and partner VPN connections. Use network access control lists (Network ACLs) and security groups to maintain routing separation.
正解: A
質問 72
You have to set up an AWS Direct Connect connection to connect your on-premises to an AWS VPC. Due to budget requirements, you can only provision a single Direct Connect port. You have two border gateway routers at your on-premises data center that can peer with the Direct Connect routers for redundancy.
Which two design methodologies, in combination, will achieve this connectivity? (Select two.)
- A. Create two Direct Connect private VIFs for the same VPC, each with a different peer IP.
- B. Terminate the Direct Connect circuit on a L2 border switch, which in turn has trunk connections to the two routers.
- C. Create one Direct Connect private VIF for the VPC with two customer peer IPs.
- D. Provision two VGWs for the VPC and create one Direct Connect private VIF per VGW.
- E. Terminate the Direct Connect circuit on any of the one routers, which in turn will have an IBGP session with the other router.
正解: A,B
質問 73
A company hosts several applications in the AWS Cloud across multiple VPCs that are connected to a transit gateway. Redundant AWS Direct Connect connections and a Direct Connect gateway provide private network connectivity to the company's on-premises environment. During a maintenance window, the networking team adds eight VPCs. The application management team notices that there is no reachability between the newly created VPCs and the on-premises environment. Connectivity between all VPCs through the transit gateway is working as expected.
Which of the following are possible causes of the connectivity issues? (Choose TWO)
- A. The on-premises route tables do not contain the exact CIDR blocks of the newly created VPCs
- B. The route tables for the newly created VPCs have only summary routes for the on-premises environment that point to the transit gateway attachment.
- C. The prefixes that are advertised from the Direct Connect gateway to the on-premises router are shorter than the CIDR blocks of the newly created VPCs
- D. The route tables for the newly created VPCs do not have the routes to the on-premises environment that point to the transit gateway attachment
- E. The prefixes that are advertised from the Direct Connect gateway to the on-premises router do not contain the CIDR blocks of the newly created VPCs
正解: B,C
質問 74
Your company maintains an Amazon Route 53 private hosted zone. DNS resolution is restricted to a single, pre-existing VPC. For a new application deployment, you create an additional VPC in the same AWS account. Both this new VPC and your on-premises DNS infrastructure must resolve records in the existing private hosted zone.
Which two activities are required to enable DNS resolution both within the new VPC and from the on-premises infrastructure? (Select two.)
- A. Update the on-premises DNS to include forwarders to the Route 53 nameserver IP addresses.
- B. Launch Amazon EC2-based DNS proxies in the new VPC. Specify the proxies in the DHCP options set.
- C. Update the Route 53 private hosted zone's VPC associations to include the new VPC.
- D. Update the DHCP options set for the new VPC with the Route 53 nameserver IP addresses.
- E. Launch Amazon EC2-based DNS proxies in the new VPC. Specify the proxies as forwarders in the on-premises DNS.
正解: C,E
解説:
https://aws.amazon.com/es/premiumsupport/knowledge-center/r53-private-ubuntu/
質問 75
A department in your company has created a new account that is not part of the organization's consolidated billing family. The department has also created a VPC for its workload. Access is restricted by network access control lists to the department's on-premises private IP allocation. An AWS Direct Connect private virtual interface for this VPC advertises a default route to the company network. When the department downloads data from an Amazon Elastic Compute Cloud(EC2) instance in its new VPC, what are the associated charges?
- A. The department pays Internet Data Out charges.
- B. The company pays Internet Data Out charges.
- C. The department pays AWS Direct Connect Data Out charges.
- D. The company pays AWS Direct Connect Data Out charges.
正解: C
解説:
- not in consolidated billing
- route to own VPC to a private IP address via own Private IF
"After creating a VIF, AWS Direct Connect data transfer charges then apply and are charged to the account that owns the VIF. The account that owns the VIF can be different from the account that owns the AWS Direct Connect connection." - Straight from the Study Guide.
質問 76
......
Amazon AWS-Advanced-Networking-Specialty試験実践テスト問題:https://www.goshiken.com/Amazon/AWS-Advanced-Networking-Specialty-mondaishu.html
最新の認定試験AWS-Advanced-Networking-Specialty問題集-実践テスト問題:https://drive.google.com/open?id=1mha8J01aTAlS1MVcwDqSjFzLCG_7bmLb