You need to create a baseline of normal traffic flow in order to implement some security changes to your organization.
What two items would be best to use? (Choose two.)
A. Wireshark
B. CloudTrail
C. An IDS
D. CloudWatch
In your current role as the corporate network architect - you have decided to replace your existing hardware firewall appliances with a pair of Juniper SRX-Series Services Gateways. You have chosen these as AWS lists these as supportable devices for establishing IPsec connections. With this in mind, select the minimum set of options to ensure that you can establish IPsec connectivity between your on premise private corporate network and your AWS hosted VPC.
Select which option is NOT required.
A. Initiate network connections from somewhere within your corporate network, this is required to bring the tunnels UP
B. Deploy a Customer Gateway within your corporate network
C. Deploy a Customer Gateway within your VPC
D. Deploy a Virtual Private Gateway within your VPC
You are your company's AWS cloud architect. You have created a VPC topology that consists of 3 VPCs. You have a centralised VPC (VPC-Shared) that provides shared services to the remaining 2 departmental dedicated VPCs (VPC-Dept1 and VPC-Dept2). The centralised VPC is VPC peered to both of the departmental VPCs, that is a VPC peering connection exists between VPC-Shared and VPC-Dept1, and a VPC peering connection exists between VPC-Shared and VPC-Dept2.
Select the correct option from the list below.
A. Network traffic is possible between VPC-Shared instances and VPC-Dept1 and VPC-Dept2 instances as long as the appropriate routes and security groups are in place, but only for communication that is initiated from VPC1-Shared instances as the default peering bi-directional communication flag has been disabled.
B. Instances within VPC-Dept1 can communicate directly with instances in VPC-Shared, as long as the appropriate routes and security groups are in place, and vice versa regardless of who initiates communication
C. All network communication remains blocked between all VPCs until the respective peering bidirectional communication flags are set to the appropriate setting that allows traffic to flow.
D. Network traffic is possible between VPC-Shared instances and VPC-Dept1 and VPC-Dept2 instances as long as the appropriate routes and security groups are in place, but only for communication that is initiated from VPC1-Shared instances as the default peering bi-directional communication flag has been enabled.
Select the VPC Peering statement below that is NOT true
A. VPC peering supports transitive peering relationships for IPv6 traffic but not IPv4
B. VPC peering can be performed between VPCs in different AWS accounts in the same region
C. TCP connections can be performed between peered VPCs
D. UDP connections can be performed between peered VPCs
Select the answer/s that correctly state how Jumbo Frames work A. Jumbo Frames assist with application disk storage
B. Jumbo Frames can assist with application performance
C. Jumbo Frames are supported across Virtual Private Gateway connections
D. Jumbo Frames are enabled by increasing the MTU size to 9000 kilobytes
You are the AWS cloud architect and have been tasked with designing an appropriate subnetting design for your production VPC. Your production VPC requires secure communications back to the corporate private network. Quality of Service (QoS) is very important 24 × 7 for this particular connection, as real-time data is passed continually backwards and forwards between your on-prem bioinformatics enterprise application, and the number crunching servers deployed in the cloud. Any potential latency incurred on this connection will have a direct impact on the company's ability to attract investors and expansion into new markets.
Select the correct network configuration that best facilitates your company's continued growth plans.
A. Provision a Direct Connect connection - between your service provider's data center and the AWS region that your cloud compute resources exist in. Configure just a Private Virtual Interface. As this is a Direct Connection, a Virtual Private Gateway is not required
B. Configure a site-to-site layer 2 software router using OpenVPN within your VPC and ensure that QoS enabled - this is a secure and cheap option
C. Configure a site-to-site layer 3 software router using OpenVPN within your VPC and ensure that QoS enabled - this is a secure and cheap option
D. Provision a Direct Connect connection - between your existing service provider's data center and the AWS region that your cloud compute resources exist in. Configure a Virtual Private Gateway and Private Virtual Interface
You have just provisioned a new VPC a with a CIDR block of 172.16.12.0/24. The entire CIDR block is fully utilized by subdividing it into 6 subnets, we will refer to these as Subnet1 through to Subnet6. The first 2 subnets (Subnet1 and Subnet2) are the same size. The last 4 subnets (Subnet3, Subnet4, Subnet5, Subnet6) are also the same size. Subnet5 is half the size of Subnet2. The address space as occupied by the first two subnets is contiguous, as is the address space occupied by the last 4 subnets. Within Subnet3 AWS reserves the address 172.16.12.129 for the VPC router.
Select the correct IP address reserved by AWS for DNS in the Subnet2.
A. 172.16.64.1
B. 172.16.64.65
C. 172.16.12.66
D. 172.16.12.64
From the following options, select the answer that correctly describes the implementation of the HTTP protocol
A. By definition, HTTP is a connection-less oriented protocol and therefore utilises TCP
B. By definition, HTTP is a connection orientated protocol and therefore utilises TCP
C. By definition, HTTP is a connection-less oriented protocol and therefore utilises UDP
D. By definition, HTTP can be configured to be either connection or connection-less oriented - by specifying the appropriate HTTP header.
Considering your knowledge of both the OSI and TCP/IP models - select the following statement which you consider to NOT be true.
A. The TCP/IP Application layer maps to 2 of the OSI Layers
B. The top layer in the OSI model is named the Application layer
C. The TCP/IP Application layer maps to 3 of the OSI Layers
D. The top layer in the TCP/IP model is named the Application layer
Your application server instances reside in the private subnet of your VPC. These instances need to access a Git repository on the Internet. You create a NAT gateway in the public subnet of your VPC. The NAT gateway can reach the Git repository, but instances in the private subnet cannot. You confirm that a default route in the private subnet route table points to the NAT gateway. The security group for your application server instances permits all traffic to the NAT gateway.
What configuration change should you make to ensure that these instances can reach the patch server?
A. Assign public IP addresses to the instances and route 0.0.0.0/0 to the Internet gateway.
B. Configure an outbound rule on the application server instance security group for the Git repository.
C. Configure inbound network access control lists (network ACLs) to allow traffic from the Git repository to the public subnet.
D. Configure an inbound rule on the application server instance security group for the Git repository.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ANS-C00 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.