AWS (EXTRA MODULE 5)

AWS Module 5 — VPC

Q — You launch a new Amazon VPC and create two subnets: one public and one private. You want your web server in the public subnet to be reachable form the internet, and your database in the private subnet to stay isolated. Which of the following configurations is required?

a) Attach an Internet Gateway to the VPC an update the public subnet’s route table to direct 0.0.0.0/0 to the IGW.
b) Assign a public IP address to the database in the private subnet.
c) Add a NAT Gateway to the private subnet for inbound traffic.
d) Allow all inbound traffic on both subnets.

a) Attach an Internet Gateway to the VPC an update the public subnet’s route table to direct 0.0.0.0/0 to the IGW.

AWS Module 5 — VPC

Q1 — You set up a VOC Peering connection between VPC-A and VPC-B, VPC-A also has a peering connection with VPC-C. However, instances in VPC-B cannot communicate with instances in in VPC-C. Whys is this happening?

a) The CIDR blocks of the VPCs overlap.
b) VPC Peering does not support transitive routing.
c) The peering connection must be created in the same Availability Zone.
d) Security Groups do not allow cross-VPC traffic.

b) VPC Peering does not support transitive routing.

AWS Module 5 — VPC

Q2 — An Enterprise has 10 VPCs and 2 on-premises networks that all need to communicate with each other. Which AWS service provides the simplest, scalable hub-and-spoke design for this architecture?

a) VPC Peering
b) Transit Gateway
c) Internet Gateway
d) NAT Gateway

b) Transit Gateway

AWS Module 5 — VPC Flow Logs

Q — You enable VPC Flow Logs on a subnet to monitor traffic. Later, you notice that some DNS queries to the Amazon-provided DNS server are missing from the flow log records. Why is this happening?

a) VPC Flow Logs only capture accepted traffic.
b) VPC Flow Logs only record traffic between EC2 instances.
c) Some types of traffic, like DNS queries to the Amazon DNS server, are not captured by Flow Logs.
d) The subnet route table was not updated with an Internet Gateway.

c) Some types of traffic, like DNS queries to the Amazon DNS server, are not captured by Flow Logs.

AWS Module 5 — Amazon Route 53 & DNS

Q1 — A media company needs a service to manage their domain registrations with different providers. They will also be using the service to route internet traffic to their resources hosted both in the AWS Cloud and elsewhere. Which AWS solution would BEST meet their needs?

a) AWS Direct Connect
b) Amazon Route 53
c) AWS Global Accelerator
d) Amazon CloudFront

b) Amazon Route 53

AWS Module 5 — Amazon Route 53 & DNS

Q2 — What is the primary function of Domain Name Service (DNS)?

a) It allows you to create a subsection of a Virtual Private Cloud (VPC) where you can isolate resources and control access.
b) It provisions a logically isolated section of the AWS Cloud where you can isolate resources and control access.
c) It filters inbound and outbound traffic to Amazon EC2 instances in a virtual private cloud (VPC).
d) It translates human-readable domain names to machine readable IP addresses.

d) It translates human-readable domain names to machine readable IP addresses.

Module 5 — VPC Network Peering

Q — A customer exploring edge networking services to improve application availability, performance, and security. They need a solution for traffic routing when something goes wrong in one of their application’s locations. Specifically, it takes into account the endpoint health, user location, and policies. Which AWS solution would BEST meet their needs?

a) AWS Direct Connect
b) Amazon Route 53
c) AWS Global Accelerator
d) Amazon CloudFront

c) AWS Global Accelerator

AWS Module 5 — Amazon CloudFront

Q — A financial customer needs a content delivery solution to deliver required training videos and static content to their financial consultants worldwide. They want to make sure the solution provides low latency. Which AWS solution would BEST meet their needs?

a) AWS Direct Connect
b) Amazon Route 53
c) AWS Global Accelerator
d) Amazon CloudFront

d) Amazon CloudFront