ANS-C00 Online Practice Questions and Answers

You are moving a two-tier application into an Amazon VPC. An Elastic Load Balancing (ELB) load balancer is configured in front of the application tier. The application tier is driven through RESTful interfaces. The data tier uses relational database service (RDS) MySQL. Company policy requires end-toend encryption of all data in transit.

What ELB configuration complies with the corporate encryption policy?

A. Configure the ELB load balancer protocol as HTTP. Configure the application instances for SSL termination. Configure Amazon RDS for SSL, and use REQUIRE SSL grants.

B. Configure the ELB protocols in TCP mode. Configure the application instances for SSL termination. Configure Amazon RDS for SSL, and use REQUIRE SSL grants.

C. Configure the ELB load balancer protocol as HTTPS. Offload application instance encryption to the load balancer. Install your SSL certificate on Amazon RDS, and configure SSL.

D. Configure the ELB protocols in SSL mode. Offload application instance encryption to the load balancer. Install your SSL/TLS certificate on Amazon RDS, and configure SSL.

Your company has set up AWS Direct Connect to connect on-premises to an Amazon VPC instance. Two Direct Connect connections terminate at two different Direct Connect locations. You are using two routers, R1 and R2, at your end (one of each Direct Connect connection). R1 and R2 do NOT have connectivity between them. Both routers advertise the same routers over BGP to the VGW. You have a stateful firewall on each router. The routers drop some of the traffic coming from the VPC.

Which two actions should you take to fix this problem? (Choose two.)

A. Use BGP AS prepend attribute to prepend additional AS numbers while advertising routers from R1 to VGW.

B. Use BGP local preference attribute to assign R1 to a lower local preference number than R2.

C. Use BGP local preference attribute to assign R1 a higher local preference number than R2.

D. Use BGP MED attribute to assign a higher MED value to the routes advertised R1 to VGW.

E. Use BGP MED attribute to assign a higher MED value to the routes advertised from R2 to VGW.

A company is deploying a non-web application on an Elastic Load Balancing. All targets are servers located on-premises that can be accessed by using AWS Direct Connect. The company wants to ensure that the source IP addresses of clients connecting to the application are passed all the way to the end server.

How can this requirement be achieved?

A. Use a Network Load Balancer to automatically preserve the source IP address.

B. Use a Network Load Balancer and enable the X-Forwarded-Forattribute.

C. Use a Network Load Balancer and enable the ProxyProtocolattribute.

D. Use an Application Load Balancer to automatically preserve the source IP address in the XForwarded-Forheader.

Your company needs an inexpensive solution to host their AD data in the cloud. They do not need all of the features of AD but do need to be able to use it with WorkSpaces. What is the best solution?

A. AD Connector

B. Hosted Microsoft AD

C. Simple AD

D. Deploy an AD server on an M3.large instance

You have two placement groups in a VPC. What communication speed can be expected between the two placement groups?

A. 5Gbps

B. 10Gbps

C. 20Gbps

D. You cannot communicate between two placement groups.

To allow all traffic to access an instance in "Subnet 1" that uses "Security Group 1", what two options need to be configured? (Choose two.)

A. NACL rule allowing 0.0.0.0/0 to access "Subnet 1"

B. Security Group rule in "Security Group 1" that allows 0.0.0.0/0 inbound

C. Security Group rule in "Security Group 1" that allows outbound traffic to 0.0.0.0/0

D. NACL rule allowing 0.0.0.0/0 to access "Security Group 1"

Which statement about VPC endpoints is incorrect?

A. Endpoints are transitive for Direct Connect connections.

B. Endpoints cannot be extended out of a VPC.

C. Endpoints cannot be tagged.

D. An S3 endpoint allows Amazon AMIs to install some software.

You are architecting your e-business application for PCI compliance. To meet the compliance requirements, you need to monitor web application logs to identify any malicious activity. You also need to monitor for remote attempts to change the network interface of web instances.

Which two AWS services will be helpful to achieve this goal?

A. Amazon CloudWatch Logs and VPC Flow Logs

B. AWS CloudTrail and VPC Flow Logs

C. AWS CloudTrail and CloudWatch Logs

D. AWS CloudTrail and AWS Config

What does the term "statistics" mean with respect to CloudWatch metrics?

A. Time of a metric collection

B. Data aggregation over a specific period of time

C. Status of a metric

D. Unit of a metric

An insurance company is planning the migration of workloads from its on-premises data center to the AWS Cloud. The company requires end-to-end domain name resolution. Bi-directional DNS resolution between AWS and the existing on- premises environments must be established. The workloads will be migrated into multiple VPCs. The workloads also have dependencies on each other, and not all the workloads will be migrated at the same time.

Which solution meets these requirements?

A. Configure a private hosted zone for each application VPC, and create the requisite records. Create a set of Amazon Route 53 Resolver inbound and outbound endpoints in an egress VPC. Define Route 53 Resolver rules to forward requests for the on-premises domains to the on-premises DNS resolver. Associate the application VPC private hosted zones with the egress VPC, and share the Route 53 Resolver rules with the application accounts by using AWS Resource Access Manager. Configure the on-premises DNS servers to forward the cloud domains to the Route 53 inbound endpoints.

B. Configure a public hosted zone for each application VPC, and create the requisite records. Create a set of Amazon Route 53 Resolver inbound and outbound endpoints in an egress VPC. Define Route 53 Resolver rules to forward requests for the on-premises domains to the on-premises DNS resolver. Associate the application VPC private hosted zones with the egress VPC, and share the Route 53 Resolver rules with the application accounts by using AWS Resource Access Manager. Configure the on-premises DNS servers to forward the cloud domains to the Route 53 inbound endpoints.

C. Configure a private hosted zone for each application VPC, and create the requisite records. Create a set of Amazon Route 53 Resolver inbound and outbound endpoints in an egress VPC. Define Route 53 Resolver rules to forward requests for the on-premises domains to the on-premises DNS resolver. Associate the application VPC private hosted zones with the egress VPC, and share the Route 53 Resolver rules with the application accounts by using AWS Resource Access Manager. Configure the on-premises DNS servers to forward the cloud domains to the Route 53 outbound endpoints.

D. Configure a private hosted zone for each application VPC, and create the requisite records. Create a set of Amazon Route 53 Resolver inbound and outbound endpoints in an egress VPC. Define Route 53 Resolver rules to forward requests for the on-premises domains to the on-premises DNS resolver. Associate the Route 53 outbound rules with the application VPCs, and share the private hosted zones with the application accounts by using AWS Resource Access Manager. Configure the on-premises DNS servers to forward the cloud domains to the Route 53 inbound endpoints.