Exam Logo

Amazon (SAP-C01) Exam Questions And Answers page 76

You are designing a connectivity solution between on-premises infrastructure and Amazon VPC. Your servers on-premises will be communicating with your VPC instances. You will be establishing IPSec tunnels over the Internet You will be using VPN gateways, and terminating the IPSec tunnels on AWS supported customer gateways.

Which of the following objectives would you achieve by implementing an IPSec tunnel as outlined above? (Choose four.)
Designing highly available, cost-efficient, fault-tolerant, scalable systems Designing enterprise-wide scalable operations on AWS
You are designing a data leak prevention solution for your VPC environment. You want your VPC Instances to be able to access software depots and distributions on the Internet for product updates. The depots and distributions are accessible via third party CDNs by their URLs.
You want to explicitly deny any other outbound connections from your VPC instances to hosts on the internet.

Which of the following options would you consider?
Designing for security and compliance
You are designing a multi-platform web application for AWS The application will run on EC2 instances and will be accessed from PCs. Tablets and smart phones Supported accessing platforms are Windows, MacOS, IOS and Android Separate sticky session and SSL certificate setups are required for different platform types.

Which of the following describes the most cost effective and performance efficient architecture setup?
Designing highly available, cost-efficient, fault-tolerant, scalable systems Migrating complex, multi-tier applications on AWS
You are designing an intrusion detection prevention (IDS/IPS) solution for a customer web application in a single VPC. You are considering the options for implementing IOS IPS protection for traffic coming from the Internet.

Which of the following options would you consider? (Choose two.)
Implementing cost control strategies Designing for security and compliance
You are designing an SSL/TLS solution that requires HTTPS clients to be authenticated by the Web server using client certificate authentication. The solution must be resilient.

Which of the following options would you consider for configuring the web server infrastructure? (Choose two.)
Designing enterprise-wide scalable operations on AWS Designing for security and compliance
You are designing a personal document-archiving solution for your global enterprise with thousands of employees. Each employee has potentially gigabytes of data to be backed up in this archiving solution. The solution will be exposed to the employees as an application, where they can just drag and drop their files to the archiving system. Employees can retrieve their archives through a web interface. The corporate network has high bandwidth AWS Direct Connect connectivity to AWS.
You have a regulatory requirement that all data needs to be encrypted before being uploaded to the cloud.

How do you implement this in a highly available and cost-efficient way?
Designing highly available, cost-efficient, fault-tolerant, scalable systems Designing for security and compliance
You are designing a photo-sharing mobile app. The application will store all pictures in a single Amazon S3 bucket.
Users will upload pictures from their mobile device directly to Amazon S3 and will be able to view and download their own pictures directly from Amazon S3.
You want to configure security to handle potentially millions of users in the most secure manner possible.

What should your server-side application do when a new user registers on the photo-sharing mobile application?
Designing for security and compliance
You are designing a social media site and are considering how to mitigate distributed denial-of-service (DDoS) attacks.

Which of the below are viable mitigation techniques? (Choose three.)
Designing highly available, cost-efficient, fault-tolerant, scalable systems Implementing cost control strategies
You are designing Internet connectivity for your VPC. The Web servers must be available on the Internet.

The application must have a highly available architecture.

Which alternatives should you consider? (Choose two.)
Designing highly available, cost-efficient, fault-tolerant, scalable systems Designing enterprise-wide scalable operations on AWS
You are designing Internet connectivity for your VPC. The Web servers must be available on the Internet. The application must have a highly available architecture.

Which alternatives should you consider? (Choose two.)
Designing highly available, cost-efficient, fault-tolerant, scalable systems