A company is planning to use Amazon S3 to archive financial data. The data is currently stored in an on-premises data center. The companyuses AWS Direct Connect with a Direct Connect gateway and a transit gateway to connect to the on-premises data center. The data cannot betransported over the public internet and must be encrypted in transit.Which solution will meet these requirements?
A. Create a Direct Connect public VIF. Set up an IPsec VPN connection over the public VIF to access Amazon S3. Use HTTPS forcommunication.
B. Create an IPsec VPN connection over the transit VIF. Create a VPC and attach the VPC to the transit gateway. In the VPC, provision aninterface VPC endpoint for Amazon S3. Use HTTPS for communication.
C. Create a VPC and attach the VPC to the transit gateway. In the VPC, provision an interface VPC endpoint for Amazon S3. Use HTTPS forcommunication.
D. Create a Direct Connect public VIF. Set up an IPsec VPN connection over the public VIF to the transit gateway. Create an attachment forAmazon S3. Use HTTPS for communication.
An Australian ecommerce company hosts all of its services in the AWS Cloud and wants to expand its customer base to the United States (US).The company is targeting the western US for the expansion.The company's existing AWS architecture consists of four AWS accounts with multiple VPCs deployed in the ap-southeast-2 Region. All VPCsare attached to a transit gateway in ap-southeast-2. There are dedicated VPCs for each application service. The company also has VPCs forcentralized security features such as proxies, firewalls, and logging.The company plans to duplicate the infrastructure from ap-southeast-2 to the us-west-1 Region. A network engineer must establishconnectivity between the various applications in the two Regions. The solution must maximize bandwidth, minimize latency and minimizeoperational overhead.Which solution will meet these requirements?
A. Create VPN attachments between the two transit gateways. Configure the VPN attachments to use BGP routing between the two transitgateways.
B. Peer the transit gateways in each Region. Configure routing between the two transit gateways for each Region's IP addresses.
C. Create a VPN server in a VPC in each Region. Update the routing to point to the VPN servers for the IP addresses in alternate Regions.
D. Attach the VPCs in us-west-1 to the transit gateway in ap-southeast-2.
An IoT company sells hardware sensor modules that periodically send out temperature, humidity, pressure, and location data through theMQTT messaging protocol. The hardware sensor modules send this data to the company's on-premises MQTT brokers that run on Linux serversbehind a load balancer. The hardware sensor modules have been hardcoded with public IP addresses to reach the brokers.The company is growing and is acquiring customers across the world. The existing solution can no longer scale and is introducing additionallatency because of the company's global presence. As a result, the company decides to migrate its entire infrastructure from on premises tothe AWS Cloud. The company needs to migrate without reconfiguring the hardware sensor modules that are already deployed across theworld. The solution also must minimize latency.The company migrates the MQTT brokers to run on Amazon EC2 instances.What should the company do next to meet these requirements?
A. Place the EC2 instances behind a Network Load Balancer (NLB). Configure TCP listeners. Use Bring Your Own IP (BYOIP) from the on-premises network with the NLB.
B. Place the EC2 instances behind a Network Load Balancer (NLB). Configure TCP listeners. Create an AWS Global Accelerator acceleratorin front of the NLUse Bring Your Own IP (BYOIP) from the on-premises network with Global Accelerator.
C. Place the EC2 instances behind an Application Load Balancer (ALB). Configure TCP listeners. Create an AWS Global Acceleratoraccelerator in front of the ALB. Use Bring Your Own IP (BYOIP) from the on-premises network with Global Accelerator
D. Place the EC2 instances behind an Amazon CloudFront distribution. Use Bring Your Own IP (BYOIP) from the on-premises network withCloudFront.
A company has deployed a web application on AWS. The web application uses an Application Load Balancer (ALB) across multiple AvailabilityZones. The targets of the ALB are AWS Lambda functions. The web application also uses Amazon CloudWatch metrics for monitoring.Users report that parts of the web application are not loading properly. A network engineer needs to troubleshoot the problem. The networkengineer enables access logging for the ALB.What should the network engineer do next to determine which errors the ALB is receiving?
A. Send the logs to Amazon CloudWatch Logs. Review the ALB logs in CloudWatch Insights to determine which error messages the ALB isreceiving.
B. Configure the Amazon S3 bucket destination. Use Amazon Athena to determine which error messages the ALB is receiving.
C. Configure the Amazon S3 bucket destination. After Amazon CloudWatch Logs pulls the ALB logs from the S3 bucket automatically,review the logs in CloudWatch Logs to determine which error messages the ALB is receiving.
D. Send the logs to Amazon CloudWatch Logs. Use the Amazon Athena CloudWatch Connector to determine which error messages the ALBis receiving.
A company is using an AWS Site-to-Site VPN connection from the company's on-premises data center to a virtual private gateway in the AWSCloud Because of congestion, the company is experiencing availability and performance issues as traffic travels across the internet before thetraffic reaches AWS. A network engineer must reduce these issues for the connection as quickly as possible with minimum administrationeffort.Which solution will meet these requirements?
A. Edit the existing Site-to-Site VPN connection by enabling acceleration. Stop and start the VPN service on the customer gateway for thenew setting to take effect.
B. Configure a transit gateway in the same AWS Region as the existing virtual private gateway. Create a new accelerated Site-to-Site VPNconnection. Connect the new connection to the transit gateway by using a VPN attachment. Update the customer gateway device to usethe new Site to Site VPN connection. Delete the existing Site-to-Site VPN connection
C. Create a new accelerated Site-to-Site VPN connection. Connect the new Site-to-Site VPN connection to the existing virtual privategateway. Update the customer gateway device to use the new Site-to-Site VPN connection. Delete the existing Site-to-Site VPNconnection.
D. Create a new AWS Direct Connect connection with a private VIF between the on-premises data center and the AWS Cloud. Update thecustomer gateway device to use the new Direct Connect connection. Delete the existing Site-to-Site VPN connection.
A company has created three VPCs: a production VPC, a nonproduction VPC, and a shared services VPC. The production VPC and thenonproduction VPC must each have communication with the shared services VPC. There must be no communication between the productionVPC and the nonproduction VPC. A transit gateway is deployed to facilitate communication between VPCs.Which route table configurations on the transit gateway will meet these requirements?
A. Configure a route table with the production and nonproduction VPC attachments associated with propagated routes for only the sharedservices VPC. Create an additional route table with only the shared services VPC attachment associated with propagated routes from theproduction and nonproduction VPCs.
B. Configure a route table with the production and nonproduction VPC attachments associated with propagated routes for each VPC.Create an additional route table with only the shared services VPC attachment associated with propagated routes from each VPC.
C. Configure a route table with all the VPC attachments associated with propagated routes for only the shared services VPCreate anadditional route table with only the shared services VPC attachment associated with propagated routes from the production andnonproduction VPCs.
D. Configure a route table with the production and nonproduction VPC attachments associated with propagated routes disabled. Create anadditional route table with only the shared services VPC attachment associated with propagated routes from the production andnonproduction VPCs.
A company's network engineer is designing a hybrid DNS solution for an AWS Cloud workload. Individual teams want to manage their own DNShostnames for their applications in their development environment. The solution must integrate the application-specific hostnames with thecentrally managed DNS hostnames from the on-premises network and must provide bidirectional name resolution. The solution also mustminimize management overhead.Which combination of steps should the network engineer take to meet these requirements? (Choose three.)
A. Use an Amazon Route 53 Resolver inbound endpoint.
B. Modify the DHCP options set by setting a custom DNS server value.
C. Use an Amazon Route 53 Resolver outbound endpoint.
D. Create DNS proxy servers.
E. Create Amazon Route 53 private hosted zones.
F. Set up a zone transfer between Amazon Route 53 and the on-premises DNS.
A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The ALB is the origin in an AmazonCloudFront distribution. The company wants to implement a custom authentication system that will provide a token for its authenticatedcustomers.The web application must ensure that the GET/POST requests come from authenticated customers before it delivers the content. A networkengineer must design a solution that gives the web application the ability to identify authorized customers.What is the MOST operationally efficient solution that meets these requirements?
A. Use the ALB to inspect the authorized token inside the GET/POST request payload. Use an AWS Lambda function to insert a customizedheader to inform the web application of an authenticated customer request.
B. Integrate AWS WAF with the ALB to inspect the authorized token inside the GET/POST request payload. Configure the ALB listener toinsert a customized header to inform the web application of an authenticated customer request.
C. Use an AWS Lambda@Edge function to inspect the authorized token inside the GET/POST request payload. Use the Lambda@Edgefunction also to insert a customized header to inform the web application of an authenticated customer request.
D. Set up an EC2 instance that has a third-party packet inspection tool to inspect the authorized token inside the GET/POST requestpayload. Configure the tool to insert a customized header to inform the web application of an authenticated customer request.
A company has deployed an application in a VPC that uses a NAT gateway for outbound traffic to the internet. A network engineer notices alarge quantity of suspicious network traffic that is traveling from the VPC over the internet to IP addresses that are included on a deny list.The network engineer must implement a solution to determine which AWS resources are generating the suspicious traffic. The solution mustminimize cost and administrative overhead.Which solution will meet these requirements?
A. Launch an Amazon EC2 instance in the VPC. Use Traffic Mirroring by specifying the NAT gateway as the source and the EC2 instance asthe destination. Analyze the captured traffic by using open-source tools to identify the AWS resources that are generating the suspicioustraffic.
B. Use VPC flow logs. Launch a security information and event management (SIEM) solution in the VPC. Configure the SIEM solution toingest the VPC flow logs. Run queries on the SIEM solution to identify the AWS resources that are generating the suspicious traffic.
C. Use VPC flow logs. Publish the flow logs to a log group in Amazon CloudWatch Logs. Use CloudWatch Logs Insights to query the flowlogs to identify the AWS resources that are generating the suspicious traffic.
D. Configure the VPC to stream the network traffic directly to an Amazon Kinesis data stream. Send the data from the Kinesis data streamto an Amazon Kinesis Data Firehose delivery stream to store the data in Amazon S3. Use Amazon Athena to query the data to identify theAWS resources that are generating the suspicious traffic.
A company has its production VPC (VPC-A) in the eu-west-1 Region in Account 1. VPC-A is attached to a transit gateway (TGW-A) that isconnected to an on-premises data center in Dublin, Ireland, by an AWS Direct Connect transit VIF that is configured for an AWS Direct Connectgateway. The company also has a staging VPC (VPC-B) that is attached to another transit gateway (TGW-B) in the eu-west-2 Region in Account2.A network engineer must implement connectivity between VPC-B and the on-premises data center in Dublin.Which solutions will meet these requirements? (Choose two.)
A. Configure inter-Region VPC peering between VPC-A and VPC-B. Add the required VPC peering routes. Add the VPC-B CIDR block in theallowed prefixes on the Direct Connect gateway association.
B. Associate TGW-B with the Direct Connect gateway. Advertise the VPC-B CIDR block under the allowed prefixes.
C. Configure another transit VIF on the Direct Connect connection and associate TGW-B. Advertise the VPC-B CIDR block under the allowedprefixes.
D. Configure inter-Region transit gateway peering between TGW-A and TGW-B. Add the peering routes in the transit gateway route tables.Add both the VPC-A and the VPC-B CIDR block under the allowed prefix list in the Direct Connect gateway association.
E. Configure an AWS Site-to-Site VPN connection over the transit VIF to TGW-B as a VPN attachment.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ANS-C01 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.