Exam ANS-C00 topic 1 question 326 discussion

C. Any combination of Amazon S3 buckets and HTTP servers

NEW Qs here, Feb 2022

C. Any combination of Amazon S3 buckets and HTTP servers

C. Any combination of Amazon S3 buckets and HTTP servers

Q13, Feb, 2022 A company wants to migrate its production and development applications to the AWS Cloud across multiple VPCs in three AWS Regions us-east-1 (N Virginia), eu-west-1 (Ireland), and ap- southeast-1 (Singapore) The company needs a scalable solution that provides connectivity between all three Regions The solution also must provide private connectivity to the company's on-premises data center in Northern Virginia Data that is transferred from on premises and data that is transferred between Regions must be encrypted in transit The company requires predictable network performance and must minimize cost The company has initiated a solution by deploying a transit gateway with two route tables in each Region One route table is for the production environment, and one route table is for the development environment What else must the company do to meet its requirements with the LOWEST latency? A. Deploy an AWS Direct Connect connection in us-east-1 and a public VIF to the on-premises data center On each transit gateway, create a VPN attachment over the public VIF for the production and development route tables Create transit gateway peenng connections to route traffic between Regions

Q12 - Fe, 2012 A company has two AWS accounts: one for Production and one for Connectivity. A network engineer needs to connect the Production account VPC to a transit gateway in the Connectivity account. The feature to auto accept shared attachments is not enabled on the transit gateway. Which sot of stops should the network engineer follow in each AWS account to meet those requirements? A. In the Production account Create a resource share In AWS Resource Access Manager for the transit gateway Provide the Connectivity account ID Enable the feature to allow external accounts . In the Connectivity account Accept the resource . In the Connectivity account Create an attachment to the VPC subnets . In the Production account: Accept the attachment. Associate a route table with the attachment.

Q11 - Feb, 2022 A financial services company receives real-time stock quotes in its ingestion VPC. The company plans to perform customer-specific data analysis on the stock quotes in various VPCs. The stock quotes must be distributed simultaneously from Amazon EC2 instances in the ingestion VPC to EC2 instances in the data analysis VPCs Which set of configuration steps should the company lake to meet these requirements? A.Configure EC2 instances m f he ingestion VPC as IP unicast senders Configure a transit gateway to serve as a unicast router for instances that send traffic destined for the EC2 instances in the data analysis VPCs. B.Configure VPC peering between the ingestion VPC and the data analysis VPCs Configure an Application Load Balancer to distribute Virtual Extensible LAN (VXLAN)-encapsulated traffic from the sender EC2 instances to the receiver EC2 instances.

Q10 - Feb, 2022 A company recently migrated its Amazon EC2 instances to VPC private subnets to satisfy a security compliance requirement. The EC2 instances now use a NAT gateway tor internet access After the migration, some long-running database queries from private EC2 instances to a publicly accessible third-party database no longer receive responses The database query logs reveal that the queries successfully completed after 7 minutes but that the client EC2 instances never received the response. Which configuration change should a network engineer implement to resolve this issue'' A.Configure the NAT gateway timeout to allow connections for up to 600 seconds B.Enable enhanced networking on the client EC2 instances C.Enable TCP keepalive on the client EC2 instances with a value of less than 300 seconds D.Close idle TCP connections though the NAT gateway

Q9 - Feb, 2022 A company's developers wrote an AWS Lambda function to modify existing private route tables in response to a security appliance's auto scaling events. The Lambda function will be invoked on lifecycle hooks for an Auto Scaling group and Is configured to run in a VPC The developers are unsure if the following 1AM policy provides sufficient permissions to be used as an execution role for this Lambda function. { "Version": "2012-10-17", "Statement": [ { "Effect": "XIlew", "Action": : "logs:CreatelogGroup", "logs :OreateLogStream", "logs : PutogcgEvents", "ec2:CreateRoute", "ec2:DescribeNetworkInterfaces", "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses" ], "Resource": "*" } ] } The developers ask a network engineer to review the permissions. Which set of permissions should the network engineer add lo the policy?

Q8 - Feb, 2022 An insurance company is planning the migration of workloads from its on-premises data center to the AWS Cloud The company requires end-to-end domain name resolution Bidirectional DNS resolution between AWS and the existing on-premises environments must be established The workloads will be migrated into multiple VPCs. The workloads also have dependencies on each other, and not all the workloads will be migrated at the same time Which solution meets these requirements? Which solution meets these requirements? A.Configure a private hosted zone for each application VPC, and create the requisite records Create a set of Amazon Route 53 Resolver inbound and outbound endpoint In an egress VPC Define Route 53 Resolver rules to forward requests for the on-premises domains to the on-premises DNS resolver Associate the application VPC private hosted zones with the egress VPC and share the Route 53 Resolver rules with the application accounts by using AWS Resource Access Manager. Configure the on premises DNS servers to forward the cloud domains to the Route 53 inbound endpoint.

Q7 - FEb, 2022 A company uses an AWS Site-to-Site VPN to connect its corporate network The company recently added an AWS Direct Connect connection A network engineer wants all traffic to use the Direct Connect connection and for the VPN to be used as backup However after the Direct Connect connection was added traffic continued to pass through the VPN connection What should the network engineer do to route the traffic through the Direct Connect connection'? A.Add routes to the VPC route tables that specify the Direct Connect connection B.Set local preference BGP community tags on the on-premises router C.Advertise the same network routes over the Direct Connect connection and VPN connection D.Ensure the Direct Connect connection AS_PATH is longer than the VPN connection AS_PATH

Q6 - Feb 2022 A company has established an AWS Direct Connect connection between its customer gateway at its on-premises data center and a virtual private gateway m the AWS Cloud The BGP routing protocol configuration includes the Autonomous System Number {ASN) of 7224 on the AWS end of the connection and the BGP ASN of 65004 on the company end of the connection The company's IT administrators report that servers that run at the on-premises data center are not able to communicate with the company's web application that runs on a fleet of Amazon EC2 Instances A network engineer performs initial troubleshooting The network engineer finds that the private VIF is operational and that there is a fully established BGP peering session However, the company still cannot route traffic over the private VIF Which of the following is a possible cause of this connectivity issue? A.Firewall or ACL rules are blocking TCP pod 179 or are blocking high-numbered ephemeral TCP ports

Q5 - Feb 2022 A manufacturing company has a hybrid environment that includes an AWS Direct Connect gateway that is associated with an AWS Transit Gateway The company wants to extend a third-party application that is hosted in its on-premises data center into one of its VPCs The application vendor has stated that It must use an overlay IP address to meet the company's requirement for high availability. The DHCP administrator has assigned a non-overlapping RFC1918 private address for use as the overlay IP address The security team requires connectivity to remain private Which solution meets these requirements with the LEAST management overhead'' A.Create a layer 2 VPN across a public VIF by using a software-based VPN on a pair of Amazon EC2 instances Use BGP to advertise the routes over the VPN

Q4-Feb 2022 A company hosts several applications in the AWS Cloud across multiple VPCs that are connected to a transit gateway Redundant AWS Direct Connect connections and a Direct Connect gateway provide private network connectivity lo the company's on-premises environment During a maintenance window, the networking team adds eight VPCs The application management team notices that there is no reachability between the newly created VPCs and the on-premises environment Connectivity between all VPCs through the transit gateway is working as expected. Which of the following are possible causes of the connectivity issues? (Choose TWO) A.The prefixes that are advertised from the Direct Connect gateway to the on-premises router are shorter than the CIDR blocks of the newly created VPCs

Q3 - Feb 2022 A logistics company has deployed a hybrid environment that has multiple VPCs in both the us- east-1 Region and the af-south-1 Region The on-premises data center is connected to us-east-1 through an AWS Direct Connect connection The Direct Connect connection is connected to a Direct Connect gateway that is associated with a transit gateway The transit gateway is attached to all the VPCs in us-east-1 An application that is deployed in af-south-1 requires access to a database in the data center The application also requires access to file storage in a VPC in us-east-1 Which solution will meet these requirements with the LOWEST latency? A.Create a transit gateway in af-south-1, and attach the VPCs Create a transit gateway peering connection between the transit gateways

NEW Qs here, Feb 2022 - Q2 A company uses multiple AWS accounts within AWS Organizations and has services deployed in a single AWS Region. The instances in a private subnet occasionally download patches from the internet through a NAT gateway The company recently migrated from VPC peering to AWS Transit Gateway The cumulative traffic through deployed NAT gateways Is less than 1Gbps The NAT gateway hourly charge contributes to most of the NAT gateway costs across all linked accounts. What should the company do to reduce NAT gateway hourly costs? A. Deploy and use NAT gateways in the same Availability Zone as the heavy-traffic resources. B- Move to a centralized NAT gateway architecture with NAT gateways deployed in an egress VPC Use VPC peering to send traffic through the centralized NAT gateways. cchaconUse VPC endpoints to send traffic to AWS services in the same Region. Move to a centralized NAT gateway architecture with NAT gateways deployed in an egress VPC Use AWS Transit Gateway to send traffic through the centralized NAT gateways.

A company uses AWS Direct Connect lo connect its corporate network to multiple VPCs in the same AWS account and the same AVVS Region Each VPC uses its own private VIF and its own virtual LAN on the Direct Connect connection The company has grown and will soon surpass the limit of VPCs and private VIFs for each connection What is the MOST scalable way to add VPCs with on- premises connectivity? Provision a new Direct Connect connection to handle the additional VPCs Use the new connection to connect additional VPCs. Create virtual private gateways for each VPC that is over the service quota Use AWS Site-to-Site VPN to connect the virtual private gateways to the corporate network Create a Direct Connect gateway, and add virtual private gateway associations to the VPCs. Configure a private VIF to connect to the corporate network Create a transit gateway and attach the VPCs Create a Direct Connect gateway, and associate it with the transit gateway Create a transit VIF to the Direct Connect gateway