AWS Certified Advanced Networking - Specialty (ANS-C01): ANS-C01

A banking company is successfully operating its public mobile banking stack on AWS. The mobile banking stack is deployed in a VPC thatincludes private subnets and public subnets. The company is using IPv4 networking and has not deployed or supported IPv6 in theenvironment. The company has decided to adopt a third-party service provider's API and must integrate the API with the existing environment.The service provider's API requires the use of IPv6.A network engineer must turn on IPv6 connectivity for the existing workload that is deployed in a private subnet. The company does not wantto permit IPv6 traffic from the public internet and mandates that the company's servers must initiate all IPv6 connectivity. The networkengineer turns on IPv6 in the VPC and in the private subnets.Which solution will meet these requirements?

A. Create an internet gateway and a NAT gateway in the VPC. Add a route to the existing subnet route tables to point IPv6 traffic to theNAT gateway.

B. Create an internet gateway and a NAT instance in the VPC. Add a route to the existing subnet route tables to point IPv6 traffic to theNAT instance.

C. Create an egress-only Internet gateway in the VPAdd a route to the existing subnet route tables to point IPv6 traffic to the egress-onlyinternet gateway.

D. Create an egress-only internet gateway in the VPC. Configure a security group that denies all inbound traffic. Associate the securitygroup with the egress-only internet gateway.

A software-as-a-service (SaaS) company is migrating its private SaaS application to AWS. The company has hundreds of customers thatconnect to multiple data centers by using VPN tunnels. As the number of customers has grown, the company has experienced more difficultyin its effort to manage routing and segmentation of customers with complex NAT rules.After the migration to AWS is complete, the company's AWS customers must be able to access the SaaS application directly from their VPCs.Meanwhile, the company's on-premises customers still must be able to connect through IPsec encrypted tunnels.Which solution will meet these requirements?

A. Connect the AWS customer VPCs to a shared transit gateway. Use AWS Site-to-Site VPN connections to the transit gateway for the on-premises customers

B. Use AWS PrivateLink to connect the AWS customers. Use a third-party routing appliance in the SaaS application VPC to terminateonpremises Site-to-Site VPN connections.

C. Peer each AWS customer's VPCs to the VPC that hosts the SaaS application. Create AWS Site-to-Site VPN connections on the SaaS VPCvirtual private gateway.

D. Use Site-to-Site VPN tunnels to connect each AWS customer's VPCs to the VPC that hosts the SaaS application. Use AWS Site-to-SiteVPN to connect the on-premises customers.

A company has 10 web server Amazon EC2 instances that run in an Auto Scaling group in a production VPC. The company has 10 other webservers that run in an on-premises data center. The company has a 10 Gbps AWS Direct Connect connection between the on-premises datacenter and the production VPC.The company needs to implement a load balancing solution that receives HTTPS traffic from thousands of external users. The solution mustdistribute the traffic across the web servers on AWS and the web servers in the on-premises data center. Regardless of the location of the webservers, HTTPS requests must go to the same web server throughout the entire session.Which solution will meet these requirements?

A. Create a Network Load Balancer (NLB) in the production VPC. Create a target group. Specify ip as the target type. Register the EC2instances and the on-premises servers with the target group Enable connection draining on the NLB

B. Create an Application Load Balancer (ALB) in the production VPC. Create a target group Specify ip as the target type. Register the EC2instances and the on-premises servers with the target group. Enable application-based session affinity (sticky sessions) on the ALB.

C. Create a Network Load Balancer (NLB) in the production VPCreate a target group. Specify instance as the target type. Register the EC2instances and the on-premises servers with the target group. Enable session affinity (sticky sessions) on the NLB.

D. Create an Application Load Balancer (ALB) in the production VPC. Create a target group. Specify instance as the target type Registerthe EC2 instances and the on-premises servers with the target group Enable application-based session affinity (sticky sessions) on theALB.