AWS ANS-C00 Certified Advanced Networking Practice Questions 2023 - Part 17

1. You work for your company as an AWS(Amazon Web Service) administrator. You?ve setup a Classic Load balancer and EC2 Instances for an application. You have setup HTTPS listeners with the default security policies. Your Security department has mentioned that the security policy defined for the load balancer does not meet the regulations defined for the policy. What changes would you make to be in line with the requirements of the IT security department?

A) Create a custom security policy and associate it with the Classic Load Balancer
B) Create a new SSL and associate it with the underlying EC2 Instances
C) Create a custom security policy and associate it with the EC2 Instance
D) Create a new SSL and associate it with the underlying Classic Load balancer



2. Your company has setup a host of networking components in AWS. They have out stringent controls in place to ensure that these networking components are only changed by designated IT personnel. But they still need to get notified of any unwarranted access on networking components. Which of the following service can help in this requirement?

A) AWS Cloud trail
B) AWS VPC Flow Logs
C) AWS Inspector
D) AWS Trusted Advisor



3. You?ve setup an a Classic Load Balancer and EC2 Instances behind the Load Balancer. The following Security Groups have been set � Security Group for the ELB - Accept Incoming traffic on port 80 from 0.0.0.0/0 � Security Group for the EC2 Instances - Accept Incoming traffic on port 80 from 0.0.0.0/0 It has been noticed that the EC2 Instances are getting a large number of direct requests from the Internet. What should be done to resolve the issue.

A) Change the EC2 Instance security group to only accept traffic from the ELB Security Group on port 80
B) Change the ELB security group to only accept traffic from the EC2 Instances on port 80
C) Change the EC2 Instance security group to only accept traffic from the ELB Security Group on port 443
D) Change the ELB security group to only accept traffic from the EC2 Instances on port 443



4. Your company needs VPN connectivity to an AWS(Amazon Web Service) VPC. There are around 100 mobile devices , 40 remote computers and a site office which needs to connect. How would you achieve this connectivity? Choose 2 answers from the options given below(Select 2answers)

A) Use AWS(Amazon Web Service) Direct Connect with a public VIF for the site office
B) Use AWS(Amazon Web Service) Managed VPN for the mobile and remote computers
C) Use AWS(Amazon Web Service) Managed VPN for the site office
D) Use a custom VPN server to accept connections from the mobile and remote computers



5. Your company has many VPC?s , one for Development, one for Staging, one for Production and one Management VPC. It is required for traffic to flow from the other VPC?s to the Management VPC?s. The VPC?s should also be traversable via the on-premise Infrastructure. How would you architect the solution with the least amount of effort?

A) Create a VPN connection between the Management VPC and all other VPC5. Create a VPN connection between the Management VPC and the on-premise environment.
B) Create a Virtual Private gateway connection between all of the VPC?s. Create a VPN connection between Management VPC and the on-premise environment.
C) Creating a VPC peering connection between the VPC?s. Create a VPN connection between all the VPC?s and the on-premise environment.
D) Creating a VPC peering connection between the VPCS. Create a VPN connection between the Management VPC and the on-premise environment.