Amazon (ANS-C01) Exam Questions And Answers page 27
You are architecting your e-business application for PCI compliance. To meet the compliance requirements, you need to monitor web application logs to identify any malicious activity. You also need to monitor for remote attempts to change the network interface of web instances.
Which two AWS services will be helpful to achieve this goal?
Which two AWS services will be helpful to achieve this goal?
AWS CloudTrail and VPC Flow Logs
AWS CloudTrail and CloudWatch Logs
AWS CloudTrail and AWS Config
Network Security and Optimization
Network Automation and Optimization
You are auditing an AWS infrastructure after you noticed some abnormal charges on the bill. You use AWS Config to monitor your changes. What else is required to find out who made the change?
There is no information to find this. You will need to sign up for Config Premium.
Use the eventID of the change and reference it with your Flow Logs.
Use the eventId of the change and reference it with CloudTrail to find the culprit.
Use the eventID of the change and reference it with CloudWatch to find the culprit.
Networking Fundamentals
Network Security and Optimization
You are building an application in AWS that requires Amazon Elastic MapReduce (Amazon EMR). The application needs to resolve hostnames in your internal, on-premises Active Directory domain. You update your DHCP Options Set in the VPC to point to a pair of Active Directory integrated DNS servers running in your VPC.
Which action is required to support a successful Amazon EMR cluster launch?
Which action is required to support a successful Amazon EMR cluster launch?
Add a conditional forwarder to the Amazon-provided DNS server.
Enable seamless domain join for the Amazon EMR cluster.
Launch an AD connector for the internal domain.
Configure an Amazon Route 53 private zone for the EMR cluster.
AWS Networking Services
Network Security and Optimization
You are building an application that provides real-time audio and video services to customers on the Internet. The application requires high throughput. To ensure proper audio and video transmission, minimal latency is required.
Which of the following will improve transmission quality?
Which of the following will improve transmission quality?
Enable enhanced networking
Select G2 instance types
Enable jumbo frames
Use multiple elastic network interfaces
AWS Networking Services
Network Security and Optimization
You are configuring a CloudFront distribution, and when you try to attach an SSL, you do not see your SSL listed. What is the most likely reason for this?
You must configure an https record in Route 53 first.
Sometimes, it won't show, and you need to retrieve the ARN for the SSL and enter it manually.
You requested an SSL for the wrong region.
You didn't wait 48 hours after approving the SSL.
AWS Networking Services
Network Security and Optimization
You are configuring a virtual interface for access to your VPC on a newly provisioned 1-Gbps AWS Direct Connect connection. Which two configuration values do you need to provide? (Choose two.)
Public AS number
VLAN ID
IP prefixes to advertise
Direct Connect location
Virtual private gateway
AWS Networking Services
Network Security and Optimization
You are configuring a VPN to AWS for your company. You have configured the VGW and CGW. You have created the VPN. You have also run the necessary commands on your router. You allowed all TCP and UDP traffic between your datacenter and your VPC. The tunnel still doesn't come up. What is the most likely reason?
You forgot to turn on route propagation in the route table.
You do not have a public ASN.
Your advertised subnet is too large.
You haven't added protocol 50 to your firewall.
AWS Networking Services
Network Security and Optimization
You are configuring multiple Direct Connect links for your organization and need them to be in an HA Active/Passive configuration with extreme sensitivity to outages in order to encourage very quick failover times. You also need to be able to control which link is active.
What two configuration changes should you implement? (Choose two.)
What two configuration changes should you implement? (Choose two.)
MPLS
BFD
AS_PATH Prepending
BGP
Networking Fundamentals
Network Security and Optimization
You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URLs, the instances should be able to access any Amazon S3 bucket in the same region via any URL.
Which of the following solutions should you deploy? (Choose two.)
Which of the following solutions should you deploy? (Choose two.)
Include s3.amazonaws.com in the whitelist.
Create a VPC endpoint for S3.
Run Squid proxy on a NAT instance.
Deploy a NAT gateway into your VPC.
Utilize a security group to restrict access.
Hybrid Networking
Network Security and Optimization
You are deploying a web application in a VPC that requires SSL mutual authentication with a client- side, smartcard-stored certificate. The ELB Classic Load Balancer listener must support mutual authentication between the client and the application.
Which load balancer protocol should you select for this application?
Which load balancer protocol should you select for this application?
HTTP
HTTPS
SSL
TCP
AWS Networking Services
Network Security and Optimization
Comments