Exam ANS-C00 topic 1 question 110 discussion

It is A

Clearly, A to automate VPC deployments. CloudFormation

A company wants to conduct a proof of concept for an SAP HANA application with a hey objective to automate the provisioning of infrastructure and the application. The company operates a hybrid cloud infrastructure with AWS Direct Connect between its data center and VPC. Security policy dictates that all traffic from AWS be routed through on-premises data center firewalls. Security policy also prohibits the use of a VPC internet gateway for internet access. The company enforces use of a forward proxy server for all outbound network traffic. All resources inside the VPC are able to reach on-premises servers. All Amazon EC2 Linux instances require package updates over the internet. However, the updates are failing and sending errors. What would cause these errors?

A company is migrating a legacy storefront web application to the AWS Cloud. The application is complex and will take several months to refactor. A solutions architect recommended an interim solution of using Amazon CloudFront with a custom origin pointing to the SSL endpoint URL for the legacy web application until the replacement is ready and deployed.The interim solution has worked for several weeks. However, all browser connections recently began showing an HTTP 502 Bad Gateway error with the header "X-Cache: Error from cloudfront." Monitoring services show that the HTTPS port 443 on the legacy web application is open and responding to requests. What is the likely cause of the error, and what is the solution?

A company is running services in a VPC with a CIDR block of 10.5.0.0/22. End users report that they no longer can provision new resources because some of the subnets in the VPC have run out of IP addresses. How should a network engineer resolve this issue? A.Add 10.5.2.0/23 as a second CIDR block to the VPC. Create a new subnetwith a new CIDR block, and provision new resources in the new subnet. B.Add 10.5.4.0/21 as a second CIDR block to the VPC. Assign a second network from this CIDR block to the existing subnets that have run out of IP addresses. C.Add 10.5.4.0/22 as a second CIDR block to the VPC. Assign a second network from this CIDR block to the existing subnets that have run out of IP addresses. D.Add 10.5.4.0/22 as a second CIDR block to the VPC. Create a new subnet with a new CIDR block, and provision new resources in the new subnet.

A VPC is deployed with a 10.0.0.0/16 CIDR block. The engineering team is reviewing DHCP options, and there is disagreement about the valid DNS addresses available for the VPC. Which addresses are valid IP addresses provided by Amazon for this subnet? (Choose two.) A.8.8.8.8 B.10.0.0.2 C.10.1.0.2 D.169.254.169.253 E.169.254.169.254

A company is delivering web content from an Amazon EC2 instance in a public subnet with address 2001:db8:1:100::1. Users report they are unable to access the web content. The VPC Flow Logs for the subnet contain the following entries: 2 012345678912 eni-0596e500123456789 2001:db8:2:200::2 2001:db8:1:100::1 0 0 58 234 24336 1551299195 1551299434 ACCEPT OK 2 012345678912 eni-0596e500123456789 2001:db8:1:100::1 2001:db8:2:200::2 0 0 58 234 24336 1551299195 1551299434 REJECT OK Which action will restore network reachability to the EC2 instance? A. Update the security group associated with eni-0596e500123456789 to permit inbound traffic. B. Update the security group associated with eni-0596e500123456789 to permit outbound traffic. C. Update the network ACL associated with the subnet to permit inbound traffic. D. Update the network ACL associated with the subnet to permit outbound traffic.

A gaming company is running an online multiplayer game in multiple AWS Regions. The company needs traffic from its end users to be routed to the Region that is closest to the end users geographically. When maintenance occurs in a Region, traffic must be routed to the next closest Region with no changes to the IP addresses being used as connections by the end users. Which solution will meet these requirements? A. Create an Amazon CloudFront distribution in front of all the Regions. B. Use an Amazon Route 53 geoproximity routing policy to navigate traffic to the closest Region. C. Use an Amazon Route 53 geolocation routing policy to navigate traffic to the closest Region. D. Configure AWS Global Accelerator in front of all the Regions.

A company installed an AWS Site-to-Site VPN and configured it to use two tunnels The company has learned that the VPN connectivity is unstable. During a ping test from the on-premises data center to AWS: a network engineer notices that the first few ICMP replies time out but that subsequent requests are successful. The AWS Management Console shows that the status for both tunnels last changed at the same time the ping responses were successfully received. Which steps should the network engineer take to resolve the instability*? (Select TWO ) A. Enable dead peer detection (DPD) on the customer gateway device. B. Change the tunnel configuration to active/standby on the virtual private gateway. C. Use AS PATH prepending on one path to cause all traffic to prefer that tunnel. D. Send ICMP requests to an instance in the VPC every 5 seconds from the on-premises network. E. Use a higher multi-exit discriminator (MED) value on the preferred path to prefer that tunnel.

A company's network engineer needs to evaluate and monitor DNS traffic. The company uses Amazon Route 53 as the DNS service for its public hosted zone. All DNS queries must be captured for future analysis. What should the network engineer do to meet these requirements? A. Use AWS WAF to log information to Amazon CloudWatch Logs about the queries that Route 53 receives. B. Use VPC Flow Logs to log information to Amazon CloudWatch Logs Insights about the queries that Route 53 receives. C. Use Route 53 query logging to log information to Amazon CloudWatch Logs about the queries that Route 53 receives. D. Use AWS CloudTrail to log information to Amazon CloudWatch Logs Insights about the queries that Route 53 receives.

A company uses an AWS Site-to-Site VPN to connect its corporate network The company recently added an AWS Direct Connect connection A network engineer wants all traffic to use the Direct Connect connection and for the VPN to be used as backup However after the Direct Connect connection was added traffic continued to pass through the VPN connection. What should the network engineer do to route the traffic through the Direct Connect connection'? A. Add routes to the VPC route tables that specify the Direct Connect connection. B. Set local preference BGP community tags on the on-premises router. C. Advertise the same network routes over the Direct Connect connection and VPN connection. D. Ensure the Direct Connect connection AS_PATH is longer than the VPN connection AS_PATH.

A company wants to use thin clients running virtual desktops to replace 500 desktop computers used by its call center employees The company is evaluating Amazon Workspaces as a solution. A network engineer who is testing with a thin client is unable to connect to Amazon Workspaces. After entering credentials the network engineer receives the following error: "An error occurred while launching your Workspace Please try again". What should the network engineer do to resolve this issue? A. Update the inbound rules on the network ACL on the subnets used for Amazon Workspaces to allow UDP on port 4172 and TCP on port 4172. B. Update the company's corporate firewall to allow outbound access to UDP on port 4172 and TCP on port 4172 Open inbound ephemeral ports explicitly to allow return communication. C. Update the inbound rules on the security group assigned to Amazon Workspaces to allow UDP on port 4172 and TCP on port 4172. D. Update the company's corporate firewall to allow inbound access to UDP on port 4172 and TCP on port 4172 Open outbound ephemeral ports explicitly to allow return communication.

A company has deployed a production environment in the AWS Cloud The environment is contained in a VPC and includes a virtual private gateway The company has established an AWS Direct Connect connection which includes a private virtual interface (VIF) and a VPN connection to the on-premises data center. For traffic originating in the VPC what is the order of BGP path selection from MOST preferred to LEAST preferred? A. Direct Connect, BGP routes, Static routes, Longest prefix match, VPN BGP routes B. Static routes, Longest prefix match, Direct Connect, BGP routes, VPN BGP routes C. Longest prefix match, Static routes, Direct Connect, BGP routes, VPN BGP routes D. Longest prefix match, VPN BGP routes, Static routes, Direct Connect, BGP routes

Only A is automation even I don't know how IPAM work :)

i would go for A

A is correct