Your company's policy requires that all VPCs peer with a "common services: VPC. This VPC contains a fleet of layer 7 proxies and an Internet gateway. No other VPC is allowed to provision an Internet gateway. You configure a new VPC and peer with the common service VPC as required by policy. You launch an Amazon EC2. Windows instance configured to forward all traffic to the layer 7 proxies in the common services VPC. The application on this server should successfully interact with Amazon S3 using its properly configured AWS Identity and Access Management (IAM) role. However, Amazon S3 is returning 403 errors to the application.
Which step should you take to enable access to Amazon S3?
A. Update the S3 bucket policy with the private IP address of the instance.Your company has a highly available Direct Connect solution that utilizes two datacenters. Each data center contains one two-connection LAG and one standard DX connection. How many LOAs will be filled out in total if your company completes an order to add a new connection to each one of the LAGs?
A. 1An organization has ordered a new AWS Direct Connect connection. The AWS Management Console reports that the connection is available and BGP status is up. However, the networking team is not able to reach instances in the VPC using ping on the organization's private IP address.
What could cause this connectivity issue? (Choose two.)
A. The VGW is not advertising the correct CIDR range back on-premises.You have two autoscaling groups in your VPC. One deploys servers that host the index of your website and another that deploys servers that host the images for your website. What three steps would you take to ensure the right servers are used for the right purpose? (Choose three.)
A. Create a path-based routing rule to route traffic destined for "/" to target group 1 and "/*.jpg" to target group 2.A publishing company recently merged with an ecommerce company. Each company uses a VPC to run compute resources. The two VPCs have overlapping CIDR ranges. The publishing company needs to access an internal application that runs on Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones in the ecommerce company VPC.
Which set of actions will provide the needed interconnectivity between the VPCs?
A. 1. Create a Network Load Balancer (NLB) for the application in the ecommerce company VPC. Configure the NLB for the Availability Zones that the target instances use. 2. Create a VPC endpoint service configuration, and specify the NLB. Add the publishing company's AWS account as a principal to the allow list. 3. Create interface endpoint connections to the service in the publishing company VPC in the same Availability Zones as the NLB.Which service would you use to see CPU usage?
A. CloudTrailYour company wishes to improve the performance of its EC2 instances. They require low latency and high throughput. They are currently deployed on T2.medium. It is imperative that you experience as little downtime as possible, but cost and performance are most important. How should you accomplish this?
A. Create AMIs from the instances, create new instances on t2.medium, and start those instances in a placement group.A Network Engineer is designing a new system on AWS that will take advantage of Amazon CloudFront for both content caching and for protecting the underlying origin. There is concern that an external agency might be able to access the IP addresses for the application's origin and then attack the origin despite it being served by CloudFront. Which of the following solutions provides the strongest level of protection to the origin?
A. Use an IP whitelist rule in AWS WAF within CloudFront to ensure that only known-client IPs are able to access the application.Imagine you are using AWS Direct Connect with just one connection from your router to the AWS Direct Connect router. If your connection becomes unavailable, the communication with AWS cloud is lost. What is the best method to prevent this from happening?
A. AWS Direct Connect neither provides BGP nor provides the failover.An application runs on a fleet of Amazon EC2 instances in a VPC. All instances can reach one another using private IP addresses. The application owner has a new requirement that the domain name received via DHCP should be different for a particular set of instances that are currently in one particular subnet.
What changes should be made to meet this requirement while continuing to support the existing application requirements?
A. Modify the existing DHCP option set and specify the different domain name for the specified subnet.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ANS-C00 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.