ANS-C01 Network Design • Complete Question Bank
Complete ANS-C01 Network Design question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. ``` Tunnel1: State: UP Last Status Change: 2024-03-15 10:23:45 UTC Details: Tunnel is in UP state with BGP established. Tunnel2: State: DOWN Last Status Change: 2024-03-15 10:25:12 UTC Details: Tunnel is in DOWN state due to phase 2 negotiation failure. ```
Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111111111111:root"
},
"Action": [
"route53resolver:AssociateResolverRule",
"route53resolver:DisassociateResolverRule"
],
"Resource": "*"
}
]
}
```Refer to the exhibit. VPC Flow Logs entry: 2 123456789010 eni-12345678 10.0.1.5 203.0.113.50 443 38000 6 20 5000 1450670868 1450670868 ACCEPT OK And the following security group inbound rule: Type: Custom TCP, Protocol: TCP, Port Range: 443, Source: 10.0.0.0/16 And NACL inbound rule: Rule #100: Type: HTTP (80), Protocol: TCP, Port Range: 80, Source: 0.0.0.0/0, Allow Rule #120: Type: HTTPS (443), Protocol: TCP, Port Range: 443, Source: 10.0.0.0/16, Allow Rule #*: Type: All traffic, Protocol: All, Port Range: All, Source: 0.0.0.0/0, Deny
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Logical connection over a Direct Connect link to access AWS services
Bundle of multiple physical connections for higher bandwidth and redundancy
Document authorizing you to connect to an AWS Direct Connect location
Globally available resource to connect multiple VPCs across regions
Layer 2 encryption for Direct Connect connections
Drag a concept onto its matching description — or click a concept then click the description.
Central hub connecting multiple VPCs and on-premises networks
Connect multiple VPCs across regions to a single Direct Connect
Hub-and-spoke VPN topology between multiple on-premises sites
Managed OpenVPN-based service for remote users
Private access to S3 and DynamoDB without internet gateway
Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:CreateVpnConnection",
"ec2:DeleteVpnConnection",
"ec2:DescribeVpnConnections",
"ec2:CreateCustomerGateway",
"ec2:DeleteCustomerGateway",
"ec2:CreateVpnGateway",
"ec2:AttachVpnGateway",
"ec2:DetachVpnGateway"
],
"Resource": "*"
}
]
}
```Refer to the exhibit.
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:CreateVpcPeeringConnection",
"ec2:AcceptVpcPeeringConnection",
"ec2:DeleteVpcPeeringConnection"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ec2:CreateRoute",
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:Vpc": ["arn:aws:ec2:us-east-1:111111111111:vpc/vpc-11111111"]
}
}
}
]
}
```Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:CreateNetworkInterface",
"ec2:AttachNetworkInterface"
],
"Resource": "*"
},
{
"Effect": "Deny",
"Action": "ec2:CreateVpc",
"Resource": "*"
}
]
}
```Refer to the exhibit. CLI output from an EC2 instance: [ec2-user@ip-10-0-1-5 ~]$ traceroute 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets 1 10.0.1.1 (10.0.1.1) 1.123 ms 1.089 ms 1.045 ms 2 10.0.0.1 (10.0.0.1) 1.234 ms 1.198 ms 1.167 ms 3 * * * 4 * * * ...
Refer to the exhibit.
IAM Policy JSON:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"elasticloadbalancing:Describe*",
"cloudwatch:GetMetricStatistics"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface"
],
"Resource": "arn:aws:ec2:us-east-1:123456789012:network-interface/*"
}
]
}Refer to the exhibit.
CloudFormation template snippet:
Resources:
MyVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: "10.0.0.0/16"
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: "10.0.1.0/24"
MapPublicIpOnLaunch: true
PublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: "10.0.2.0/24"
MapPublicIpOnLaunch: true
InternetGateway:
Type: AWS::EC2::InternetGateway
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref MyVPC
InternetGatewayId: !Ref InternetGateway
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVPC
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: "0.0.0.0/0"
GatewayId: !Ref InternetGateway
PublicSubnet1RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet1
RouteTableId: !Ref PublicRouteTable
PublicSubnet2RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet2
RouteTableId: !Ref PublicRouteTableRefer to the exhibit. VPC Flow Logs record: 2 123456789010 eni-1235abcde 10.0.1.5 10.0.1.8 443 34567 6 10 5000 1620140761 1620140821 ACCEPT OK 2 123456789010 eni-1235abcde 10.0.1.8 10.0.1.5 34567 443 6 12 7000 1620140821 1620140881 ACCEPT OK 2 123456789010 eni-1235abcde 10.0.1.5 203.0.113.5 443 34568 6 8 4000 1620140761 1620140821 ACCEPT OK 2 123456789010 eni-1235abcde 203.0.113.5 10.0.1.5 34568 443 6 10 5000 1620140821 1620140881 ACCEPT OK
Refer to the exhibit.
CloudFormation snippet:
Resources:
MyVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
MySubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: 10.0.1.0/24
AvailabilityZone: us-east-1a
MyIGW:
Type: AWS::EC2::InternetGateway
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref MyVPC
InternetGatewayId: !Ref MyIGW
MyRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVPC
MyRoute:
Type: AWS::EC2::Route
DependsOn: AttachGateway
Properties:
RouteTableId: !Ref MyRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref MyIGW
MySubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref MySubnet
RouteTableId: !Ref MyRouteTableRefer to the exhibit.
IAM policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateVpc",
"ec2:CreateSubnet",
"ec2:DeleteVpc",
"ec2:DeleteSubnet"
],
"Resource": "*"
}
]
}Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/16"
}
}
}
]
}
```Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:AttachNetworkInterface"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateVpcEndpoint",
"ec2:DescribeVpcEndpoints",
"ec2:ModifyVpcEndpoint"
],
"Resource": "*"
}
]
}
```Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}Refer to the exhibit.
AWS CLI output:
{
"Vpc": {
"VpcId": "vpc-0123456789abcdef0",
"CidrBlock": "10.0.0.0/16",
"Ipv6CidrBlock": "2001:db8:1234:1a00::/56",
"EnableDnsHostnames": true,
"EnableDnsSupport": true
},
"Subnets": [
{
"SubnetId": "subnet-1a",
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": "us-east-1a",
"MapPublicIpOnLaunch": false
},
{
"SubnetId": "subnet-2a",
"CidrBlock": "10.0.2.0/24",
"AvailabilityZone": "us-east-1a",
"MapPublicIpOnLaunch": true
}
],
"RouteTables": [
{
"RouteTableId": "rtb-main",
"Associations": [{"SubnetId": "subnet-1a"}],
"Routes": [
{"DestinationCidrBlock": "10.0.0.0/16", "Target": "local"},
{"DestinationCidrBlock": "0.0.0.0/0", "Target": "igw-12345"}
]
},
{
"RouteTableId": "rtb-custom",
"Associations": [{"SubnetId": "subnet-2a"}],
"Routes": [
{"DestinationCidrBlock": "10.0.0.0/16", "Target": "local"},
{"DestinationCidrBlock": "0.0.0.0/0", "Target": "igw-12345"}
]
}
]
}Refer to the exhibit.
CloudFormation snippet:
Resources:
MyVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
PublicSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: 10.0.1.0/24
MapPublicIpOnLaunch: true
PrivateSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: 10.0.2.0/24
MapPublicIpOnLaunch: false
InternetGateway:
Type: AWS::EC2::InternetGateway
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref MyVPC
InternetGatewayId: !Ref InternetGateway
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVPC
PublicRoute:
Type: AWS::EC2::Route
DependsOn: AttachGateway
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PublicSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet
RouteTableId: !Ref PublicRouteTable
PrivateRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVPC
PrivateRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway
PrivateSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet
RouteTableId: !Ref PrivateRouteTable
NatGateway:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt ElasticIP.AllocationId
SubnetId: !Ref PublicSubnet
ElasticIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpcRefer to the exhibit.
IAM policy JSON:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:CreateVpcPeeringConnection",
"ec2:AcceptVpcPeeringConnection",
"ec2:DeleteVpcPeeringConnection"
],
"Resource": "*"
}
]
}Refer to the exhibit.
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowVPCEConnection",
"Effect": "Allow",
"Principal": "*",
"Action": "ec2:AcceptVpcEndpointConnections",
"Resource": "arn:aws:ec2:us-east-1:123456789012:vpc-endpoint/*",
"Condition": {
"StringEquals": {
"aws:SourceArn": "arn:aws:ec2:us-east-1:111111111111:vpc-endpoint/vpce-abc123"
}
}
}
]
}
```Refer to the exhibit. The following is a VPC Flow Logs entry: 2 123456789010 eni-1234567890abcdef 10.0.1.5 10.0.2.10 443 80 6 10 5000 1620000000 1620000060 ACCEPT OK
Refer to the exhibit. The following is an excerpt from a VPC route table: Destination | Target 10.0.0.0/16 | local 0.0.0.0/0 | igw-1234567890abcdef0 172.31.0.0/16 | vgw-1234567890abcdef0
Refer to the exhibit. The following is an AWS CLI command output:
{
"DirectConnectGateway": {
"directConnectGatewayId": "dxgw-1234567890abcdef0",
"directConnectGatewayName": "My-DXGW",
"amazonSideAsn": 64512,
"ownerAccount": "123456789012",
"state": "available"
}
}Refer to the exhibit.
```
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CreateVpc", "ec2:DeleteVpc", "ec2:CreateSubnet", "ec2:DeleteSubnet" ], "Resource": "*", "Condition": { "StringEquals": { "aws:RequestedRegion": "us-east-1" } } } ]}
```