ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 54 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 54
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

You are implementing a URL whitelisting system for a company that wants to restrict outbound HTTP'S connections to specific domains from their EC2-hosted applications. You deploy a single EC2 instance running proxy software and configure It to accept traffic from all subnets and EC2 instances in the VPC. You configure the proxy to only pass through traffic to domains that you define in its whitelist configuration. You have a nightly maintenance window or 10 minutes where all instances fetch new software updates. Each update Is about 200MB In size and there are 500 instances In the VPC that routinely fetch updates. After a few days you notice that some machines are failing to successfully download some, but not all of their updates within the maintenance window. The download
URLs used for these updates are correctly listed in the proxy's whitelist configuration and you are able to access them manually using a web browser on the instances.
What might be happening? (Choose two.)

  • A. You are running the proxy on an undersized EC2 instance type so network throughput is not sufficient for all instances to download their updates in time.
  • B. You are running the proxy on a sufficiently-sized EC2 instance in a private subnet and its network throughput is being throttled by a NAT running on an undersized EC2 instance.
  • C. The route table for the subnets containing the affected EC2 instances is not configured to direct network traffic for the software update locations to the proxy.
  • D. You have not allocated enough storage to the EC2 instance running the proxy so the network buffer is filling up, causing some requests to fail.
  • E. You are running the proxy in a public subnet but have not allocated enough EIPs to support the needed network throughput through the Internet Gateway (IGW).
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by cldy at April 1, 2021, 6:53 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cldy
Highly Voted 3 years, 9 months ago
A. B. possible reasons for the "failing to successfully download some, but not all of their updates" requirement.
upvoted 6 times
...
arsovai
Most Recent 1 month, 3 weeks ago
Selected Answer: AB
A,B If you have 500 x3 large instances behind a t3 nat gateway micro instance, than the nat gateway is not sufficently sized to handle the routing
upvoted 1 times
...
amministrazione
10 months, 2 weeks ago
A. You are running the proxy on an undersized EC2 instance type so network throughput is not sufficient for all instances to download their updates in time. D. You have not allocated enough storage to the EC2 instance running the proxy so the network buffer is filling up, causing some requests to fail.
upvoted 1 times
...
JPA210
1 year, 4 months ago
Selected Answer: AD
B is not plausible, because no-one uses NAT instances anymore, NAT Gateway is what is used nowadays. C and E simple don't make sense, so the only possible ones are A and D.
upvoted 2 times
...
shammous
1 year, 5 months ago
Selected Answer: AD
There is no mention of NAT instance so I would rule answer B out. the only plausible answer involving the proxy is C.
upvoted 1 times
...
TechX
2 years, 12 months ago
Selected Answer: AB
Answer: AB Explanation: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-ec2-config.html
upvoted 1 times
...
Juks
3 years, 6 months ago
A and B https://acloud.guru/forums/aws-certified-solutions-architect-professional/discussion/-KGXk5Feqh4hQm1Bjt9U/tricky_network_question
upvoted 1 times
...
01037
3 years, 7 months ago
I'll choose A&B. D looks like a correct answer, but I think it depends on the proxy software and nothing is mentioned about it.
upvoted 1 times
...
Malcnorth59
3 years, 7 months ago
A. E. Is the answer
upvoted 1 times
sTeVe86
3 years, 4 months ago
E is incorrect, otherwise all failed.
upvoted 1 times
...
...
kenkool
3 years, 9 months ago
AD is the answer
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel