Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

ANS-C00 by Amazon - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

A network engineer is managing two AWS Direct Connect connections. Each connection has a public virtual interface configured with a private ASN. The engineer wants to configure active/passive routing between the Direct Connect connections to access Amazon public endpoints. What BGP configuration is required for the on-premises equipment? (Choose two.)

A Use Local Pref to control outbound traffic.
B Use AS Prepending to control inbound traffic.
C Use eBGP multi-hop between loopback interfaces.
D Use BGP Communities to control outbound traffic.
E Advertise more specific prefixes over one Direct Connect connection.

Question 4

Your company has a 1-Gbps AWS Direct Connect connection to AWS. Your company needs to send traffic from on-premises to a VPC owned by a partner company. The connectivity must have minimal latency at the lowest price.
Which of the following connectivity options should you choose?

A Create a new Direct Connect connection, and set up a new circuit to connect to the partner VPC using a private virtual interface.
B Create a new Direct Connect connection, and leverage the existing circuit to connect to the partner VPC.
C Create a new private virtual interface, and leverage the existing connection to connect to the partner VPC.
D Enable VPC peering and use your VPC as a transitive point to reach the partner VPC.

Question 5

Your organization's corporate website must be available on www.acme.com and acme.com.
How should you configure Amazon Route 53 to meet this requirement?

A Configure acme.com with an ALIAS record targeting the ELB. www.acme.com with an ALIAS record targeting the ELB.
B Configure acme.com with an A record targeting the ELB. www.acme.com with a CNAME record targeting the acme.com record.
C Configure acme.com with a CNAME record targeting the ELB. www.acme.com with a CNAME record targeting the acme.com record.
D Configure acme.com using a second ALIAS record with the ELB target. www.acme.com using a PTR record with the acme.com record target.

Question 6

You are preparing to launch Amazon WorkSpaces and need to configure the appropriate networking resources.
What must be configured to meet this requirement?

A At least two subnets in different Availability Zones.
B A dedicated VPC with Active Directory Services.
C An IPsec VPN to on-premises Active Directory.
D Network address translation for outbound traffic.

Question 7

You have a three-tier web application with separate subnets for Web, Applications, and Database tiers. Your CISO suspects your application will be the target of malicious activity. You are tasked with notifying the security team in the event your application is port scanned by external systems.
Which two AWS Services cloud you leverage to build an automated notification system? (Choose two.)

A Internet gateway
B VPC Flow Logs
C AWS CloudTrail
D Lambda
E AWS Inspector

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 2 • Questions 1-25 of 34

1 2

→

Know a question that should be here? Contribute to this exam

An organization with a growing ecommerce presence uses the AWS CloudHSM to offload the SSL/TLS processing of its web server fleet. The company leverages
Amazon EC2 Auto Scaling for web servers to handle the growth. What architectural approach is optimal to scale the encryption operation?

A Use multiple CloudHSM instances, and load balance them using a Network Load Balancer.
B Use multiple CloudHSM instances to the cluster; request to it will automatically load balance.
C Enable Auto Scaling on the CloudHSM instance, with similar configuration to the web tier Auto Scaling group.
D Use multiple CloudHSM instances, and load balance them using an Application Load Balancer.

You have multiple Amazon Elastic Compute Cloud (EC2) instances running a web server in a VPC configured with security groups and NACL. You need to ensure layer 7 protocol level logging of all network traffic (ACCEPT/REJECT) on the instances. What should be enabled to complete this task?

A CloudWatch Logs at the VPC level
B Packet sniffing at the instance level
C VPC flow logs at the subnet level
D Packet sniffing at the VPC level