ANS-C01 Network Implementation • Complete Question Bank
Complete ANS-C01 Network Implementation question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. ``` VPC Flow Logs version 2 account-id 123456789012 interface-id eni-0a1b2c3d4e5f67890 srcaddr 10.0.1.10 dstaddr 10.0.2.10 srcport 12345 dstport 443 protocol 6 packets 10 bytes 1500 start 1625097600 end 1625097660 action ACCEPT log-status OK ```
Refer to the exhibit. ``` AWS Transit Gateway Route Table Route Table ID: tgw-rtb-0123456789abcdef0 Routes: 10.0.0.0/16 attachment tgw-attach-11111111111111111 (VPC-A) 10.1.0.0/16 attachment tgw-attach-22222222222222222 (VPC-B) 0.0.0.0/0 blackhole ``` ``` VPC-A Route Table (public subnet) Destination Target 10.0.0.0/16 local 10.1.0.0/16 tgw-1234567890abcdef0 0.0.0.0/0 igw-1234567890abcdef0 ```
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Stateful firewall that controls inbound and outbound traffic at instance level
Stateless firewall that controls traffic at subnet level
Web application firewall that protects against common web exploits
Managed DDoS protection service with enhanced detection and mitigation
Managed firewall service that provides stateful inspection for VPC traffic
Drag a concept onto its matching description — or click a concept then click the description.
Capture IP traffic information for security and troubleshooting
Monitor network performance metrics like throughput and latency
Test network path between two resources and identify configuration issues
Copy network traffic for content inspection or security analysis
Trace requests through distributed applications, including network calls
Refer to the exhibit. CLI output from a VPC Flow Log: 2 123456789010 eni-12345 10.0.1.5 10.0.2.10 443 54872 6 10 1000 1432919027 1432919028 ACCEPT OK 2 123456789010 eni-12345 10.0.1.5 10.0.2.10 443 54873 6 25 4000 1432919028 1432919029 REJECT OK
Refer to the exhibit.
IAM policy attached to an EC2 instance role:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/16"
}
}
}
]
}Refer to the exhibit.
AWS CLI output:
{
"RouteTables": [
{
"Associations": [
{
"Main": true,
"RouteTableId": "rtb-12345",
"SubnetId": null
}
],
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": "nat-67890",
"Origin": "CreateRoute",
"State": "active"
}
],
"RouteTableId": "rtb-12345",
"VpcId": "vpc-abcde"
}
]
}Refer to the exhibit.
CloudFormation snippet:
Resources:
MyTransitGateway:
Type: AWS::EC2::TransitGateway
Properties:
AmazonSideAsn: 64512
AutoAcceptSharedAttachments: disable
DefaultRouteTableAssociation: enable
DefaultRouteTablePropagation: enable
DnsSupport: enable
VpnEcmpSupport: enable
MyVpcAttachment:
Type: AWS::EC2::TransitGatewayAttachment
Properties:
SubnetIds:
- subnet-abc
- subnet-def
TransitGatewayId: !Ref MyTransitGateway
VpcId: vpc-12345Refer to the exhibit. VPC Flow Logs record: 2 123456789010 eni-12345 10.0.1.5 10.0.2.10 443 34567 6 25 7500 1620140761 1620140821 ACCEPT OK
Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:CreateVpc",
"ec2:CreateSubnet",
"ec2:CreateInternetGateway",
"ec2:AttachInternetGateway",
"ec2:CreateRouteTable",
"ec2:CreateRoute",
"ec2:AssociateRouteTable"
],
"Resource": "*"
},
{
"Effect": "Deny",
"Action": "ec2:CreateVpc",
"Resource": "arn:aws:ec2:us-east-1:123456789012:vpc/*",
"Condition": {
"StringEquals": {
"ec2:VpcCidrBlock": "10.0.0.0/16"
}
}
}
]
}
```Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/16"
}
}
}
]
}
```{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/16"
}
}
}
]
}Refer to the exhibit.
```
<AWS CloudFormation snippet>
Resources:
MyVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
PublicSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: 10.0.1.0/24
PrivateSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: 10.0.2.0/24
InternetGateway:
Type: AWS::EC2::InternetGateway
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref MyVPC
InternetGatewayId: !Ref InternetGateway
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVPC
PublicRoute:
Type: AWS::EC2::Route
DependsOn: AttachGateway
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PublicSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet
RouteTableId: !Ref PublicRouteTable
```Refer to the exhibit. The following is an excerpt from a VPC Flow Log: 2 123456789010 eni-12345678 10.0.1.5 10.0.2.10 443 12345 6 10 1000 1234567890 1234567890 ACCEPT OK 2 123456789010 eni-12345678 10.0.1.5 10.0.2.10 443 12346 6 10 1000 1234567890 1234567890 REJECT OK
Refer to the exhibit. The following is an AWS CLI output:
{
"RouteTables": [
{
"RouteTableId": "rtb-12345678",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"State": "active"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": "igw-12345678",
"State": "active"
},
{
"DestinationCidrBlock": "10.0.0.0/8",
"GatewayId": "vpce-12345678",
"State": "blackhole"
}
]
}
]
}Refer to the exhibit. The following is a CloudFormation snippet:
PrivateSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
PrivateRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway
PrivateSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.1.0/24
RouteTableId: !Ref PrivateSubnetRouteTableRefer to the exhibit.
```
# AWS CLI output: describe-vpc-endpoint-services
{
"ServiceNames": [
"com.amazonaws.vpce.us-east-1.vpce-svc-0123456789abcdef0"
],
"ServiceDetails": [
{
"ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-0123456789abcdef0",
"ServiceId": "vpce-svc-0123456789abcdef0",
"ServiceType": [
{
"ServiceType": "Interface"
}
],
"AvailabilityZones": ["us-east-1a", "us-east-1b"],
"Owner": "123456789012",
"PrivateDnsName": "example.com",
"VpcEndpointPolicySupported": true,
"AcceptanceRequired": true,
"ManagesVpcEndpoints": false,
"BaseEndpointDnsNames": ["vpce-0123456789abcdef0-us-east-1a.vpce.amazonaws.com"]
}
]
}
```Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"StringEquals": {
"aws:SourceVpce": "vpce-0123456789abcdef0"
}
}
}
]
}
```Refer to the exhibit.
```
# CloudFormation snippet
Resources:
MyVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
PublicSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: 10.0.1.0/24
MapPublicIpOnLaunch: true
```Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:CreateVpc",
"ec2:CreateSubnet",
"ec2:CreateInternetGateway",
"ec2:AttachInternetGateway",
"ec2:CreateRouteTable",
"ec2:AssociateRouteTable",
"ec2:CreateRoute",
"ec2:CreateSecurityGroup",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupEgress"
],
"Resource": "*"
},
{
"Effect": "Deny",
"Action": "ec2:CreateVpcPeeringConnection",
"Resource": "*"
}
]
}```