AWS Certified Advanced Networking - Specialty - Exam Simulator

Your company is expanding its customer base globally and needs to ensure that users from different regions have optimal performance when accessing your web application. You currently use Elastic Load Balancing (ELB) to distribute traffic among your application servers. To further improve performance and traffic management, you are considering integrating additional AWS services. Which solution would best suit this requirement?

You are working as a network architect for a company that has recently migrated its web applications to AWS. They are aiming to improve the performance and security of their global web traffic. The company has registered its domain through Amazon Route 53 and is using Amazon CloudFront as a Content Delivery Network (CDN) to cache and serve their web content closer to end-users across the globe. They want to make sure that the DNS records are optimally configured to integrate with CloudFront, ensuring both availability and security. Which DNS configuration should you choose in Route 53 to best meet these requirements?

Your company has an e-commerce application hosted on a fleet of EC2 instances in a multi-AZ architecture. It has been reported that the application occasionally experiences high latency during peak traffic times. To address this issue, your manager asks you to design a solution that ensures high availability and scalability. You decide to integrate an AWS Network Load Balancer (NLB) into the architecture. Considering the need for high availability, scalability, and security, which of the following configurations is the most appropriate? 1. Associate the NLB with a target group that contains the existing EC2 instances. 2. Enable cross-zone load balancing in the NLB settings. 3. Ensure that health checks are configured to monitor the application endpoints. 4. Use an Auto Scaling Group to dynamically adjust the number of EC2 instances based on traffic. Which of the following steps should NOT be included in your design?

You have been tasked with designing a network monitoring and logging solution for a hybrid cloud architecture that spans both AWS and on-premises resources. Your organization is keen to capture baseline network performance metrics for their AWS resources and requires real-time insights to identify potential bottlenecks. Which AWS service would you use to achieve this, and how would you implement it considering the need to monitor both AWS and hybrid networks?

A large enterprise is looking to expand its network infrastructure to the AWS Cloud using a software-defined wide area network (SD-WAN) approach. They currently have an on-premises data center with several branch offices connected through an MPLS network. They want to leverage AWS services to provide reliable, secure, and scalable connectivity between their on-premises network and their VPCs in AWS. They are considering using AWS Transit Gateway and AWS VPN in combination with their SD-WAN for optimal performance. Given these requirements, which architecture should they implement?

As a senior network architect for a growing company, you've been tasked with designing a routing strategy and connectivity architecture that connects multiple AWS accounts, AWS regions, and VPCs. During the planning phase, you realize that there are IP address overlaps between different VPCs in different AWS accounts. You need to ensure seamless connectivity across these VPCs without conflicts. Which service and setup would be the most appropriate to manage these IP overlaps effectively?

Your company, ABC Corp, has recently deployed an AWS Direct Connect connection between its on-premises data center and its VPC in AWS. As part of the implementation phase, you need to test and validate the connectivity between these environments. However, you realize that the on-premises network cannot reach your resources in the VPC. Which of the following steps should you take to identify and resolve the connectivity issue?

You are a network engineer for a multinational company that has a complex AWS environment with multiple AWS accounts, Regions, and Virtual Private Clouds (VPCs). Your company is using AWS Transit Gateway to facilitate the network connectivity among different VPCs. Recently, the security team has requested enhanced network monitoring and logging to ensure compliance with regulatory requirements and to identify any potential security threats. Which of the following solutions should you implement to achieve robust network monitoring and logging for your AWS Transit Gateway setup?

You are managing a multi-account AWS environment and need to configure DNS monitoring and logging for a hybrid architecture involving Amazon Route 53 and Amazon VPCs. Your architecture includes a primary on-premises data center connected to your AWS environment via Direct Connect. You aim to log all DNS queries that originate from both the on-premises and AWS VPC environments for security and troubleshooting purposes. What is the BEST approach to achieve comprehensive DNS query logging in this scenario?

John, a network engineer at a growing tech company, is tasked with optimizing the cloud network resources using Infrastructure as Code (IaC). He needs to automate the configuration of AWS networking components such as VPC, subnets, and security groups. John decides to use Terraform for this purpose. How should John proceed with automating the creation and management of these AWS resources using Terraform?

Your company has a hybrid network infrastructure onboard AWS leveraging a Transit Gateway to interconnect multiple VPCs and on-premises data centers. You're tasked with optimizing the routing configurations to enhance network performance. Currently, different static and dynamic routing protocols are used throughout the network setup. However, the internal networking team has noticed overlapping CIDR blocks affecting existing route summarizations. What should you do to optimize the routing in your AWS environment while handling the CIDR overlap?

You are a network engineer responsible for managing an Amazon VPC that supports a critical application. Your application is experiencing intermittent connectivity issues when communicating with an on-premises data center over a VPN. You suspect there might be a problem with packet size mismatches. How would you identify and resolve this issue to restore network connectivity?

You are a network engineer for a global media streaming company that aims to optimize its content delivery network (CDN) to enhance performance and availability. Your company currently uses AWS Direct Connect for a dedicated network connection from your on-premises data center to AWS. However, users in different regions report varying network performance. To improve the latency and availability of your streaming services, you decide to implement AWS Global Accelerator. What combination of AWS services and configurations would best optimize network connectivity for your users?

Jane is a DevOps engineer at a FinTech company. Recently, her team has been tasked with improving the security incident reporting and alerting mechanisms to ensure they meet strict compliance requirements for financial services. They want to ensure any configuration changes in their network environment that could impact security are automatically detected and reported. They decide to use AWS Config for this purpose. Which of the following steps should Jane take to achieve this goal?

You have recently taken on the role of Network Architect at a mid-sized company utilizing AWS. The company has several AWS accounts and wants to implement a network audit strategy to validate and audit security group configurations. During an audit, it was discovered that some instances have overly permissive security group rules that allow inbound traffic from any IP address. Your task is to ensure that all security groups are as restrictive as possible while still allowing necessary traffic. Which of the following AWS tools or approaches would best help you automate the process of identifying and remediating overly permissive security group rules across multiple accounts and VPCs?

You are an AWS Certified Advanced Networking Specialist tasked with enhancing the security of a client's web application. Your client has expressed concerns about the privacy and integrity of DNS queries generated by their application. They are also worried about potential web exploits and malicious traffic targeting their service. You decide to implement secure DNS communications alongside other security measures. Which configuration steps should you take to achieve these objectives using AWS WAF and DNS security protocols?