Which Service?
Which service can be used to improve network traffic
for users around the world?
1. Amazon Connect
2. Amazon ElastiCache
3. Global Accelerator
4. Amazon CloudFront
3. Global Accelerator
What is the relationship between subnets and availability zones?
1. Subnets contain one or more availability zones
2. You can create one subnet per availability zone
3. Subnets span across multiple availability zones
4. You can create one or more subnets within each availability zone
4. You can create one or more subnets within each availability zone
What is the scope of a VPC within a region?
1. At least 2 data centers per region
2. Spans all Availability Zones within the region
3. Spans all Availability Zones globally
4. At least 2 subnets per region
2. Spans all Availability Zones within the region
Which service is used to manage the DNS records for domain names?
1. Amazon Virtual Private Cloud
2. AWS Direct Connect
3. Amazon CloudFront
4. Amazon Route 53
4. Amazon Route 53
Which AWS security service provides a firewall at the subnet level within a VPC?
1. Network Access Control List
2. Bucket Policy
3. IAM Policy
4. Security Group
1. Network Access Control List
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
Which statement best describes DNS resolution?
1. Launching resources in a virtual network that you define
2. Storing local copies of content at edge locations around the world
3. Connecting a VPC to the internet
4. Translating a domain name to an IP address
4. Translating a domain name to an IP address
Which items can be configured within the VPC management console? (Select TWO)
1. Security Groups
2. Subnets
3. Regions
4. Load Balancing
5. Auto Scaling
1. Security Groups
2. Subnets
What advantages does deploying Amazon CloudFront provide? (SELECT TWO)
1. Reduced latency
2. Improved performance for end users
3. Provides serverless compute services
4. Automated deployment of resources
5. A private network link to AWS cloud
1. Reduced latency
2. Improved performance for end users
Which type of security control can be used to deny network access from a specific IP address?
1. Security Group
2. AWS Shield
3. Network ACL
4. AWS WAF
3. Network ACL
Which statement below is incorrect in relation to Network ACLs?
1. They process rules in order
2. They are stateless
3. They support allow and deny rules
4. They operate at the Availability Zone level
4. They operate at the Availability Zone level
Which component is used to connect a VPC to the internet?
1. Public subnet
2. Edge location
3. Security group
4. Internet gateway
4. Internet gateway
Which of the following statements are correct about the benefits of AWS Direct Connect? (Select TWO)
1. Uses redundant paths across the Internet
2. Increased bandwidth (predictable bandwidth)
3. Quick to Implement
4. Increased reliability (predictable performance)
5. Lower cost than a VPN
2. Increased bandwidth (predictable bandwidth)
4. Increased reliability (predictable performance)
An organization has an on-premise cloud and accesses their AWS Cloud over the Internet. How can they create a private hybrid cloud connection that avoids the internet?
1. AWS Direct Connect
2. AWS Managed VPN
3. AWS VPC Endpoint
4. AWS VPN CloudHub
1. AWS Direct Connect
Which statement best describes security groups?
1. They are stateful and deny all inbound traffic by default.
2. They are stateful and allow all inbound traffic by default.
3. They are stateless and deny all inbound traffic by default.
4. They are stateless and allow all inbound traffic by default.
1. They are stateful and deny all inbound traffic by default.
Which AWS entity enables you to privately connect your VPC to an Amazon SQS queue?
VPC Interface Endpoint
Internet Gateway
AWS Direct Connect
VPC Gateway Endpoint
1. VPC Interface Endpoint
Which AWS services are delivered globally rather than regionally? (Select TWO.)
Amazon Route 53
Amazon CloudFront
Amazon RDS
Amazon VPC
Amazon EC2
1. Amazon Route 53
2. Amazon CloudFront
To grant EC2 instances in a private subnet the ability
to send outbound traffic to the public internet, you’d want to use:
1. Direct Connect
2. NAT Gateway
3. Flow Logs
4. AWS ECS
1. NAT Gateway
Which statement best describes an AWS account’s default network access control list?
1. It is stateless and denies all inbound and outbound traffic.
2. It is stateful and allows all inbound and outbound traffic.
3. It is stateless and allows all inbound and outbound traffic.
4. It is stateful and denies all inbound and outbound traffic.
3. It is stateless and allows all inbound and outbound traffic.
Your company has an application that uses Amazon EC2 instances to run the customer-facing website and Amazon RDS database instances to store customers’ personal information. How should the developer configure the VPC according to best practices?
1. Place the Amazon EC2 instances in a private subnet and the Amazon RDS database instances in a public subnet.
2. Place the Amazon EC2 instances in a public subnet and the Amazon RDS database instances in a private subnet.
3. Place the Amazon EC2 instances and the Amazon RDS database instances in a public subnet.
4. Place the Amazon EC2 instances and the Amazon RDS database instances in a private subnet.
2. Place the Amazon EC2 instances in a public subnet and the Amazon RDS database instances in a private subnet.
Q5. Which of the following statements are CORRECT regarding AWS Global Accelerator? (Select two)
Global Accelerator provides static IP addresses that act as a fixed entry point to your applications
Global Accelerator can be used to host static websites
Global Accelerator cannot be configured with an Elastic Load Balancer (ELB)
Global Accelerator is a good fit for non-HTTP use cases
Global Accelerator uses the AWS global network and its edge locations. But the edge locations used by Global Accelerator are different from Amazon CloudFront edge locations
1. Global Accelerator provides static IP addresses that act as a fixed entry point to your applications
4. Global Accelerator is a good fit for non-HTTP use cases