AWS Certified Advanced Networking Practice Test 2 – (50 questions) - CompTIA, Cisco, Amazon Certification Bundle

Hosted Virtual Interfaces (VIFs) on AWS Direct Connect describe which of the following scenarios?

A partner providing a new connection on their interconnect to a customer
A customer providing a Virtual Interface (VIF) to another customer on their connection
A partner providing a VIF on their interconnect to a customer
A customer providing a new connection on their connection to another customer

What does the Amazon CloudFront invalidation feature do?

Blocks users from flooding edge locations with requests.
Removes duplicate objects from the origin server.
Allows the override of origin server encryption.
Removes objects from the CloudFront cache.

What aspect of an Amazon Virtual Private Cloud (Amazon VPC) is stateful?

Network Access Control Lists (ACLs)
Security groups
Amazon VPC Flow Logs
Prefix list

All billing for AWS Direct Connect ceases when which of the following occurs?

The last Virtual Interface (VIF) on a connection is deleted.
The port on the customer equipment is disabled.
The cross-connect is removed.
The connection is deleted.

What does an Amazon CloudFront cache behavior do?

Controls how requests are cached.
Applies rules to control selection of origins.
Enforces HTTPS encryption for all users.
Allows dynamic content caching.

Which AWS Cloud service will help you identify sensitive account data, like access and secret keys, stored in an Amazon Simple Storage Service (Amazon S3) bucket?

Amazon Inspector
AWS Config
AWS CloudTrail
Amazon Macie

What are the two types of Amazon Route 53 hosted zones? (Choose two.)

Public hosted zones
Global hosted zones
NULL hosted zones
Routed hosted zones
Private hosted zones

What does Amazon CloudFront do when it uses HTTP Live Streaming (HLS), HTTP Dynamic Streaming (HDS), Smooth Streaming, and MPEG DASH formats for streaming video?

Uses the native Amazon CloudFront media player for improved performance.
Uses multiple edge locations for improved performance.
Sends parallel streams for improved performance.
Encapsulates video into pull (rather than push) formats that allow clients to adapt to changing conditions for improved performance.

You are tasked with identifying unused security groups and ports in a Virtual Private Cloud (VPC). Which AWS capabilities should you use?

Amazon CloudWatch metrics
AWS CloudTrail
AWS Config
VPC Flow Logs

Amazon Route 53 cannot route queries to which AWS resources?

Amazon CloudFront distribution
Elastic Load Balancing load balancer
Amazon Elastic Compute Cloud (Amazon EC2) instance
AWS CloudFormation

When adding an alternate domain to your Amazon CloudFront distribution, the wildcard * can be used to do what?

Replace part of a subdomain name (for example, subdomain.*.example.com).
Replace part of a subdomain name (for example, *domain.example.com).
Act in the place of specifying subdomains individually.
Reference multiple files on your origin server.

To protect its website, the organization directs you to implement known-attacker protection for the website. The website resides behind an Application Load Balancer. You have subscribed to a threat intelligence service that posts hourly IP reputation lists. What combination of AWS Cloud services will allow you to block traffic based on this threat intelligence?

Amazon CloudWatch, AWS Lambda, AWS WAF
Amazon CloudFront, AWS Lambda, AWS WAF
AWS CloudTrail, AWS Lambda, AWS Config
AWS CloudTrail, Amazon CloudWatch, AWS Lambda

To stop sending traffic to resources with weighted routing for Amazon Route 53, you must do which one of the following?

Delete the resource record.
Change the resource record weight to 100.
Change the resource record weight to 0
Switch to a multivalue answer resource record.

When using AWS Certification Manager (ACM) and Amazon CloudFront, you configured your certificate within ACM. When you try to enable Amazon CloudFront, however, you do not see the certificate available for use. What could be the problem?

ACM does not support Amazon CloudFront.
You need to purchase a certificate from a third-party Certificate Authority (CA) and upload it to ACM.
You need to configure the preshared key for ACM.
You might not have created the ACM certificate in the right region.

In order to decrease the number of instances that have inbound web access, your team has recently placed a Network Address Translation (NAT) instance on Amazon Linux in the public subnet. The private subnet has a 0.0.0.0/0 route to the elastic network interface of the NAT instance. Users are complaining that web responses are slower than normal. What are practical steps to fix this issue? (Choose two.)

Replace the NAT instance with a NAT gateway
Enable enhanced networking on the NAT instance.
Create another NAT instance and add another 0.0.0.0/0 route in the private subnet.
Try a larger instance type for the NAT instance.

If you do not associate a health check with an Amazon Route 53 multivalue answer record, which of the following occurs?

Amazon Route 53 always considers the record to be healthy.
Amazon Route 53 always considers the record to be unhealthy.
Amazon Route 53 will give you an error.
You must use a Text (TXT) record instead.

How can you use the wildcard * when invalidating objects with Amazon CloudFront?

In place of specifying subdomains individually
As a form of object versioning.
To allow access to your origin server.
To specify a path that applies to many objects.

Voice calls to international numbers from inside your company must go through an opensource Session Border Controller (SBC) installed on a custom Linux Amazon Machine Image (AMI) in your Virtual Private Cloud (VPC) public subnet. The SBC handles the realtime media and voice signaling. International calls often have garbled voice, and it is difficult to understand what people are saying. What may increase the quality of international voice calls?

Place the SBC in a placement group to reduce latency.
Add additional network interfaces to the instance.
Use an Application Load Balancer to distribute load to multiple SBCs.
Enable enhanced networking on the instance.

How do you access traffic flow for Amazon Route 53?

Using the AWS Command Line Interface (CLI)
Through an Amazon Elastic Compute Cloud (Amazon EC2) instance inside your Amazon Virtual Private Cloud (Amazon VPC)
Through AWS Direct Connect
Using the AWS Management Console

What do Amazon CloudFront access logs do?

They are a way to monitor performance of your Amazon Simple Storage Service (Amazon S3) bucket.
They contain detailed information about every user request that Amazon CloudFront receives.
They enable you to capture information about the IP traffic going to and from network interfaces.
They enable governance, compliance, operational auditing, and risk auditing of your AWS account.

Your big data team is trying to determine why their proof of concept is running slowly. For the demo, they are trying to ingest 1 TB of data from Amazon Simple Storage Service (Amazon S3) on their c4.8xl instance. They have already enabled enhanced networking. What should they do to increase Amazon S3 ingest rates?

Run the demo on-premises and access Amazon S3 from AWS Direct Connect to reduce latency.
Split the data ingest on more than one instance, such as two c4.4xl instances.
Place the instance in a placement group and use an Amazon S3 endpoint.
Place a Network Load Balancer between the instance and Amazon S3 for more efficient load balancing and better performance.

What should you use if you want Amazon Route 53 to respond to Domain Name System (DNS) queries with up to eight healthy records selected at random?

Geolocation routing policy
Simple routing policy
Alias record
Multivalue answer routing policy

Which of the following allows you to create new AWS accounts programmatically?

AWS Identity and Access Management (IAM)
AWS Organizations
Amazon Simple Storage Service (Amazon S3)
AWS CloudTrail

Your database instance running on an r4.large instance seems to be dropping Transmission Control Protocol (TCP) packets based on a packet capture from a host with which it was communicating. During initial performance baseline tests, the instance was able to handle peak load twice as high as its current load. What could be the issue? (Choose two.)

The r4.large instance may have accumulated network credits before load testing, which would allow higher peak values.
There may be additional database processing errors causing connection timeouts.
The read replica database should be placed in a separate Availability Zone.
The Virtual Private Network (VPN) session should be configured for dynamic Border Gateway Protocol (BGP) routing for higher availability.

Why is referencing the Application Load Balancer or Classic Load Balancer by its DNS CNAME recommended?

IP addresses may change as the load balancers scale.
DNS CNAMEs provide a lower latency than IP addresses.
You want to preserve the source IP of the client.
IP addresses are public and open to the Internet.

AWS CloudFormation allows you to define your infrastructure as code in what artifact?

JSON
StackSets
Stacks
Templates

Your development team is testing the performance of a new application using enhanced networking. They have updated the kernel to the latest version that supports the Elastic Network Adapter (ENA) driver. What are the other two requirements for support? (Choose two.)

Use an instance that supports the ENA driver
Support the Intel Virtual Function driver in addition to the ENA driver
Flag the Amazon Machine Image (AMI) for enhanced networking support.
Enable enhanced networking on the elastic network interface.

With the enableDnsHostname attribute set to true, Amazon will do which of the following?

Enable Domain Name System (DNS) resolution for your Amazon Virtual Private Cloud (Amazon VPC).
Auto-assign DNS hostnames to Amazon Elastic Compute Cloud (Amazon EC2) instances.
Assign internal-only DNS hostnames to Amazon EC2 instances.
Allow for the manual configuration of hostnames to Amazon EC2 instances.

Which of the following is a security benefit of services such as AWS Service Catalog? (Choose two.)

Automation
Repeatability
Self-service
AWS Marketplace Integration
Curation

The new architecture for your application involves replicating your stateful application data from your Virtual Private Cloud (VPC) in US East (Ohio) to Asia Pacific (Tokyo). The replication instances are in public subnets in each region and communicate with public addresses over Transport Layer Security (TLS). Your team is seeing much lower replication throughput than they see within a single VPC. Which steps can you take to improve throughput?

Increase the application’s packets per second.
Configure the Maximum Transmission Unit (MTU) to 9,001 bytes on each instance’s eth0 to support jumbo frames.
Create a Virtual Private Network (VPN) connection between the regions and enable jumbo frames on each instance.
None of the above

What is the minimum number of connections supported in a Link Aggregation Group (LAG)?

4
3
2
1

You have the enableDnsHostname attribute set to true for your VPC. Your Amazon Elastic Compute Cloud (Amazon EC2) instances are not receiving DNS hostnames, however. What could be the potential cause?

DNS resolution is not supported over VPC peering.
You need to configure your Amazon Route 53 private hosted zone
Amazon does not assign DNS hostnames to instances.
enableDnsSupport is not set to true.

Amazon Route 53 uses several methods to deliver a 100 percent availability Service Level Agreement (SLA). Which method guards against failures of Top Level Domain (TLD) servers?

Shuffle sharding
Routing policies
Anycast striping
Latency routing

Which networking feature will provide the most benefits to support a clustered computing application that requires very low latency and high network throughput?

Enhanced networking
Network Input/Output (I/O) credits
Placement groups
Amazon Route 53 performance groups

Which of the following is a type of Virtual Interface (VIF) that is supported on AWS Direct Connect?

Global
Virtual Private Network (VPN)
Local
Public

You are assessing load balancer options for your AWS deployment. You want support for static IP addresses for the load balancer. What would be the best choice of Elastic Load Balancing load balancer for this purpose?

Amazon Route 53
Network Load Balancer
Application Load Balancer
Classic Load Balancer

Which of the following allows you to restrict access to your Amazon Simple Storage Service (Amazon S3) bucket to Amazon CloudFront distributions that you control?

Custom HTTP header
Origin Access Identity (OAI)
AWS [email protected]
Preshared keys

A resilient AWS Direct Connect connection requires you to connect at what number of AWS Direct Connect locations?

1
2
3
4

What is a Content Delivery Network (CDN)?

A managed Domain Name System (DNS) service
A type of load balancer
A distributed network of caches
A protocol for the distribution of traffic over the web

Private keys in AWS Certificate Manager are protected using which one of the following?

AWS CloudHSM
AWS Key Management Service
Client-side encryption
Amazon S3 server-side encryption

How many prefixes can be announced from a customer to AWS over an AWS Direct Connect Private Virtual Interface (VIF)?

10
50
100
1,000

You are using Amazon CloudFront for your website. A user requests content, which is routed to a local edge location. What happens before the requested content is available at that edge location?

Amazon CloudFront will respond with an HTTP 404 error
Amazon CloudFront will not send users to edge locations that do not contain the requested data.
Amazon CloudFront always pre-positions content in edge locations so that users never experience a cache miss.
The edge location sends a request to the origin server, serves the user the content, and then stores the content.

AWS WAF integrates with which one of the following AWS resources?

Amazon Simple Storage Service (Amazon S3)
Amazon DynamoDB
Amazon CloudFront
Amazon Route 53

When using a Link Aggregation Group (LAG) composed of two AWS Direct Connect connections, how many IPv4 Border Gateway Protocol (BGP) sessions are required per Virtual Interface (VIF)?

1
2
3
4

Amazon CloudFront can work with which of the following origin servers? (Choose three.)

Amazon Simple Storage Service (Amazon S3)
Elastic Load Balancing
On-premises servers
An Amazon Elastic Compute Cloud (Amazon EC2) Auto Scaling group
A Virtual Private Cloud (VPC) route table

AWS Shield Standard provides protection at which layers of the Open Systems Interconnection (OSI) model? (Choose two.)

Physical (Layer 1)
Data Link (Layer 2)
Network (Layer 3)
Transport (Layer 4)
Application (Layer 7)

Which of the following has the highest route priority in the Border Gateway Protocol (BGP) path selection algorithm used by AWS?

Static routes
Local routes to the Virtual Private Cloud (VPC)
Shortest AS path
BGP routes from a Virtual Private Network (VPN)

What is the default expiry time for an Amazon CloudFront cache?

300 seconds
24 hours
12 months
Objects never expire by default.

Which Amazon Virtual Private Cloud (Amazon VPC) feature allows you to access AWS Cloud services without the use of an Internet gateway?

VPC endpoints
VPC peering
Customer-hosted endpoints
Network Address Translation (NAT) gateway

What would you recommend to make a scalable architecture for performing very high throughput data transfers?

Use enhanced networking.
Configure the Amazon Virtual Private Cloud (Amazon VPC) routing table to have a single hop between every instance in the VPC.
Distribute the flows across many instances.
Advertise routes to external networks with Border Gateway Protocol (BGP) to increase routing scale.

AWS Certified Advanced Networking Practice Test 2 – (50 questions)

AWS Certified Advanced Networking Practice Test 2 – (50 questions)

Quiz Summary

Information

Results

Results

Categories

1. Question

2. Question

3. Question

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question

11. Question

12. Question

13. Question

14. Question

15. Question

16. Question

17. Question

18. Question

19. Question

20. Question

21. Question

22. Question

23. Question

24. Question

25. Question

26. Question

27. Question

28. Question

29. Question

30. Question

31. Question

32. Question

33. Question

34. Question

35. Question

36. Question

37. Question

38. Question

39. Question

40. Question

41. Question

42. Question

43. Question

44. Question

45. Question

46. Question

47. Question

48. Question

49. Question

50. Question