Real Amazon-Web-Services ANS-C00 Testing Material Online

NEW QUESTION 1
The IPsec protocol suite is made up of various components covering aspects such as confidentiality, encryption, and integrity. Select the correct statement below regarding the correct configuration options for ensure IPsec confidentiality:

• A. The following protocols may be used to configure IPsec confidentiality, DES, 3DES, MD5
• B. The following protocols may be used to configure IPsec confidentiality, DES, 3DES, AES
• C. The following protocols may be used to configure IPsec confidentiality, PSK, RSA
• D. The following protocols may be used to configure IPsec confidentiality, PSK, MD5
• E. The following protocols may be used to configure IPsec confidentiality, PSK, RSA

Answer: B

Explanation:
Reference:
https://en.wikipedia.org/wiki/IPsec

NEW QUESTION 2
AWS Config flags a resource as ______ if a resource violates any conditions of an AWS Config rule that it evaluates on the resource in question.

• A. corrupted
• B. noncompliant
• C. invalid
• D. misconfigured

Answer: B

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html

NEW QUESTION 3
Which of the following types of contents cannot serve over HTTP or HTTPS in Amazon CloudFront?

• A. Apple HTTP Live Streaming
• B. Static and dynamic download content
• C. Adobe Flash multimedia content
• D. CloudFront RTMP distribution

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-overview.html

NEW QUESTION 4
Select the answer/s that correctly state how Jumbo Frames work

• A. Jumbo Frames assist with application disk storage
• B. Jumbo Frames can assist with application performance
• C. Jumbo Frames are supported across Virtual Private Gateway connections
• D. Jumbo Frames are enabled by increasing the MTU size to 9000 kilobytes

Answer: B

Explanation:
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html

NEW QUESTION 5
An AWS CloudTrail log file provides the identity and source IP address of the API caller, and a time of the API call, request parameters, and _____ .

• A. response elements
• B. event selectors
• C. port alarms
• D. destination buckets

Answer: A

Explanation:
Reference:
https://aws.amazon.com/cloudtrail/

NEW QUESTION 6
By default, all AWS accounts are limited to EIPs, because public (IPv4) Internet addresses are a scarce public resource.

• A. 5
• B. 8
• C. 6
• D. 2

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html

NEW QUESTION 7
To directly manage your CloudTrail security layer, you can use ______ for your CloudTrail log files.

• A. SSE-S3
• B. SCE-KMS
• C. SCE-S3
• D. SSE-KMS

Answer: D

Explanation:
Reference:
http://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-withaws- kms.html

NEW QUESTION 8
Each custom AWS Config rule you create must be associated with a(n) AWS _____ , which contains the logic that evaluates whether your AWS resources comply with the rule.

• A. Lambda function
• B. Configuration trigger
• C. EC2 instance
• D. S3 bucket

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html

NEW QUESTION 9
In order to change the name of the AWS Config _____ , you must stop the configuration recorder, delete the current one, and create a new one with a new name, since there can only be one of these per AWS account.

• A. SNS topic
• B. configuration history
• C. delivery channel
• D. S3 bucket path

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/update-dc.html

NEW QUESTION 10
You have several Amazon Glacier vaults you would like to monitor. How might you monitor those vaults?

• A. Create a custom AWS Config rule.
• B. Use an AWS master Config rule.
• C. Use an AWS managed Config rule.
• D. Create a KMS policy and attach it to your Amazon Glacier vaul

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_developrules_ nodejs.html#creating-custom-rules-for-additional-resource-types

NEW QUESTION 11
Which service is used by default to store the CloudTrail log files?

• A. Elastic Block Store (EBS)
• B. Redshift
• C. Simple Storage Service (S3)
• D. Glacier

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-working-with-log-files.html

NEW QUESTION 12
Which of the following does not configure Amazon CloudFront cache behaviors to forward cookies to an origin for web distributions?

• A. Origin server
• B. AWS CLI
• C. Amazon EMR
• D. Amazon S3

Answer: D

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html

NEW QUESTION 13
A user is trying to send custom metrics to CloudWatch using the PutMetricData APIs. Which of the below mentioned points should the user needs to take care while sending the data to CloudWatch?

• A. The size of a request is limited to 128KB for HTTP GET requests and 64KB for HTTP POST requests
• B. The size of a request is limited to 40KB for HTTP GET requests and 8KB for HTTP POST requests
• C. The size of a request is limited to 16KB for HTTP GET requests and 80KB for HTTP POST requests
• D. The size of a request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests

Answer: D

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.ht ml

NEW QUESTION 14
Which of the following statements is true of AWS Elastic Beanstalk?

• A. AWS Elastic Beanstalk uses CloudWatch for monitoring and alarms, meaning CloudWatch costs are applied to your AWS account for any alarms that you use.
• B. AWS Elastic Beanstalk uses CloudWatch for monitoring and alarms, and both are free of charge.
• C. AWS Elastic Beanstalk doesn't use CloudWatch for monitoring and alarms, but you pay extra for any AWS Elastic Beanstalk Alarm you set in the monitoring tool.
• D. AWS Elastic Beanstalk has its own free-of-charge monitoring tool, and you are not charged for the alarm you set.

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.alarms.html

NEW QUESTION 15
With AWS CloudTrail, creating multiple trails in one region allows ______ to focus on one aspect of AWS operation.

• A. callers
• B. events
• C. buckets
• D. stakeholders

Answer: D

Explanation:
Reference:
https://aws.amazon.com/cloudtrail/faqs/

NEW QUESTION 16
What is the maximum number of CloudTrails that you can create per AWS region?

• A. 10
• B. 2
• C. 16
• D. 5

Answer: D

Explanation:
Reference:
https://aws.amazon.com/cloudtrail/faqs/

NEW QUESTION 17
Within the TCP/IP model what is the name of the Packet Data Unit (PDU) used between Transport Layers for communication between sender and receiver

• A. Frames
• B. Packets
• C. Data
• D. Segments

Answer: D

Explanation:
Reference:
https://en.wikipedia.org/wiki/Transmission_Control_Protocol

NEW QUESTION 18
You can use the ______ command of the AWS Config service CLI to see the compliance state for each AWS resource of a specific type.

• A. describe-compliance-by-resource
• B. get-compliance-details-by-config-rule
• C. describe-compliance-by-config-rule
• D. get-compliance-details-by-config-rule

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_view-compliance.html

NEW QUESTION 19
From the following options, select the answer that correctly describes the implementation of the HTTP protocol

• A. By definition, HTTP is a connection-less oriented protocol and therefore utilises TCP
• B. By definition, HTTP is a connection orientated protocol and therefore utilises TCP
• C. By definition, HTTP is a connection-less oriented protocol and therefore utilises UDP
• D. By definition, HTTP can be configured to be either connection or connection-less oriented - by specifying the appropriate HTTP header.

Answer: B

Explanation:
Reference:
https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol

NEW QUESTION 20
You can use the _____ command of the AWS Config service CLI to see the compliance state of each resource that AWS Config evaluates for a specific rule.

• A. describe-compliance-by-resource
• B. describe-compliance-by-config-rule
• C. get-compliance-details-by-config-rule
• D. get-compliance-details-by-config-rule

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_view-compliance.html

NEW QUESTION 21
In your current role as the corporate network architect - you have decided to replace your existing hardware firewall appliances with a pair of Juniper SRX-Series Services Gateways. You have chosen these as AWS lists these as supportable devices for establishing IPsec connections. With this in mind, select the minimum set of options to ensure that you can establish IPsec connectivity between your on premise private corporate network and your AWS hosted VPC. Select which option is NOT required

• A. Initiate network connections from somewhere within your corporate network, this is required to bring the tunnels UP
• B. Deploy a Customer Gateway within your corporate network
• C. Deploy a Customer Gateway within your VPC
• D. Deploy a Virtual Private Gateway within your VPC

Answer: B

Explanation:
Reference:
https://aws.amazon.com/vpc/faqs/

NEW QUESTION 22
Which AWS service is used within an AWS Config Rule to perform the logic evaluation of that rule?

• A. Inspector
• B. WAF
• C. Lambda
• D. SWF

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_nodejssample. html

NEW QUESTION 23
In AWS Direct Connect, which of the following is true of configuring your router to connect to the AWS Direct Connect router?

• A. After creating a virtual interface for your AWS Direct Connect connection, you can download the router configuration file from the available link
• B. After Completing the Cross Connect step, the download link for router configuration will be available
• C. After submitting your AWS Direct Connect connection request, you will receive the router configuration details by email within 72 hours
• D. In Create a Virtual Interface step, the general configuration of your router would be available for downloading.

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.html#routerconfig

NEW QUESTION 24
A user is collecting 1000 records per second. The user wants to send the data to CloudWatch using a custom namespace, Which of the below mentioned options is recommended for this activity?

• A. Aggregate the data with statistics, such as Min, max, Average, Sum and Sample data and send the data to CloudWatch
• B. Send all the data values to CloudWatch in a single command by separating them with a comm
• C. CloudWatch will parse automatically
• D. It is not possible to send all the data in one cal
• E. Thus, it should be sent one by on
• F. CloudWatch will aggregate the data automatically
• G. Create one csv file of all the data and send a single file to CloudWatch

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/publishingMetrics.html

NEW QUESTION 25
......