Amazon ANS-C01 dumps - 100% Pass Guarantee!

A network engineer is working on a private DNS design to integrate AWS workloads and on-premises resources. The AWS deployment consistsof five VPCs in the eu-west-1 Region that connect to the on-premises network over AWS Direct Connect. The VPCs communicate with eachother by using a transit gateway. Each VPC is associated with a private hosted zone that uses the aws.example.internal domain. The networkengineer creates an Amazon Route 53 Resolver outbound endpoint in a shared services VPC and attaches the shared services VPC to thetransit gateway.The network engineer is implementing a solution for DNS resolution. Queries for hostnames that end with aws.example.internal must use theprivate hosted zone. Queries for hostnames that end with all other domains must be forwarded to a private on-premises DNS resolver.Which solution will meet these requirements?

A. Add a forwarding rule for "*" that targets the on-premises server's DNS IP address. Add a system rule for aws.example.internal thattargets Route 53 Resolver.

B. Add a forwarding rule for aws.example.internal that targets Route 53 Resolver. Add a system rule for "." that targets the Route 53Resolver outbound endpoint.

C. Add a forwarding rule for "*" that targets the Route 53 Resolver outbound endpoint.

D. Add a forwarding rule for "." that targets the Route 53 Resolver outbound endpoint.

A consulting company manages AWS accounts for its customers. One of the company's customers needs to add intrusion prevention for itsenvironment without having to re-architect the environment. The customer's environment includes five VPCs in two AWS Regions in the UnitedStates. VPC-to-VPC connectivity is achieved through VPC peering. The customer does not plan to increase the number of VPCs within the next2 years. The solution must accommodate unencrypted traffic.Which solution will meet these requirements?

A. Configure VPC security groups and network ACLs.

B. Use an AWS Network Firewall centralized deployment model in each VPC.

C. Use an AWS Network Firewall distributed deployment model in each VPC.

D. Deploy AWS Shield in each VPC.

A company is running a hybrid cloud environment. The company has multiple AWS accounts as part of an organization in AWS Organizations.The company needs a solution to manage a list of IPv4 on-premises hosts that will be allowed to access resources in AWS. The solution mustprovide version control for the list of IPv4 addresses and must make the list available to the AWS accounts in the organization.Which solution will meet these requirements?

A. Create a customer-managed prefix list. Add entries for the initial list of on-premises IPv4 hosts. Create a resource share in AWSResource Access Manager. Add the managed prefix list to the resource share. Share the resource with the organization.

B. Create a customer-managed prefix list. Add entries for the initial list of on-premises IPv4 hosts. Use AWS Firewall Manager to share themanaged prefix list with the organization.

C. Create a security group. Add inbound rule entries for the initial list of on-premises IPv4 hosts. Create a resource share in AWS ResourceAccess Manager. Add the security group to the resource share. Share the resource with the organization.

D. Create an Amazon DynamoDB table. Add entries for the initial list of on-premises IPv4 hosts. Create an AWS Lambda function thatassumes a role in each AWS account in the organization to authorize inbound rules on security groups based on entries from theDynamoDB table.

A company has two business units (BUs). The company operates in the us-east-1 Region and the us-west-1 Region. The company plans to extend to more Regions in the future. Each BU has a VPC in each Region. Each Region has a transit gateway with the BU VPCs attached. The transit gateways in both Regions are peered.

The company will create several more BUs in the future and will need to isolate some of the BUs from the other BUs. The company wants to migrate to an architecture to incorporate more Regions and BUs.

Which solution will meet these requirements with the MOST operational efficiency?

A. Create a new transit gateway for each new BU in each Region. Peer the new transit gateways with the existing transit gateways. Update the route tables to control traffic between BUs.

B. Create an AWS Cloud WAN core network with an edge location in both Regions. Configure a segment for each BU with VPC attachments to the new BU VPCs. Use segment actions to control traffic between segments.

C. Create an AWS Cloud WAN core network with an edge location in both Regions. Configure a segment for each BU with VPC attachments to the new BU VPCs. Configure the segments to isolate attachments to control traffic between segments.

D. Attach new VPCs to the existing transit gateways. Update route tables to control traffic between BUs.

A company ran out of IP address space in one of the Availability Zones in an AWS Region that the company uses. The Availability Zone that is out of space is assigned the 10.10.1.0/24 CIDR block. The company manages its networking configurations in an AWS CloudFormation stack. The company' VPC is assigned the 10 10.0.0/16 CIDR block and has available capacity in the 10.10.1.0/22 CIDR block.

How should a network specialist add more IP address space in the existing VPC with the LEAST operational overhead?

A. Update the AWS::EC2::Subnet resource for the Availability Zone in the CloudFormation stack. Change the CidrBlock property to 10.10.1.0/22.

B. Update the AWS::EC2::VPC resource in the CloudFormation stack. Change the CidrBlock property to 10.10.1.0/22.

C. Copy the CloudFormation stack. Set the AWS::EC2::VPC resource CidrBlock property to 10.10.0.0/16. Set the AWS::EC2::Subnet resource CidrBlock property to 10.10.1.0/22 for the Availability Zone.

D. Create a new AWS::EC2::Subnet resource for the Availability Zone in the CloudFormation stack. Set the CidrBlock property to 10.10.2.0/24.