Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

A company has two business units (BUs). The company operates in the us-east-1 Region and the us-west-1 Region. The company plans to extend to more Regions in the future. Each BU has

a VPC in each Region. Each Region has a transit gateway with the BU VPCs attached. The transit gateways in both Regions are peered.

The company will create several more BUs in the future and will need to isolate some of the BUs from the other BUs. The company wants to migrate to an architecture to incorporate more

Regions and BUs.

Which solution will meet these requirements with the MOST operational efficiency?

A.

Create a new transit gateway for each new BU in each Region. Peer the new transit gateways with the existing transit gateways. Update the route tables to control traffic between BUs.

B.

Create an AWS Cloud WAN core network with an edge location in both Regions. Configure a segment for each BU with VPC attachments to the new BU VPCs. Use segment actions to control traffic between segments.

C.

Create an AWS Cloud WAN core network with an edge location in both Regions. Configure a segment for each BU with VPC attachments to the new BU VPCs. Configure the segments to isolate attachments to control traffic between segments.

D.

Attach new VPCs to the existing transit gateways. Update route tables to control traffic between BUs.

A company is planning to use Amazon S3 to archive financial data. The data is currently stored in an on-premises data center. The company uses AWS Direct Connect with a Direct Connect gateway and a transit gateway to connect to the on-premises data center. The data cannot be transported over the public internet and must be encrypted in transit.

Which solution will meet these requirements?

A.

Create a Direct Connect public VIF. Set up an IPsec VPN connection over the public VIF to access Amazon S3. Use HTTPS for communication.

B.

Create an IPsec VPN connection over the transit VIF. Create a VPC and attach the VPC to the transit gateway. In the VPC, provision an interface VPC endpoint for Amazon S3. Use HTTPS for communication.

C.

Create a VPC and attach the VPC to the transit gateway. In the VPC, provision an interface VPC endpoint for Amazon S3. Use HTTPS for communication.

D.

Create a Direct Connect public VIF. Set up an IPsec VPN connection over the public VIF to the transit gateway. Create an attachment for Amazon S3. Use HTTPS for communication.

A company uses Amazon Route 53 to register a public domain, example.com, in an AWS account. A central services group manages the account. The company wants to create a subdomain, test.example.com, in another AWS account to offer name services for Amazon EC2 instances that are hosted in the account. The company does not want to migrate the parent domain to the subdomain account.

A network engineer creates a new Route 53 hosted zone for the subdomain in the second account.

Which combination of steps must the network engineer take to complete the task? (Choose two.)

A.

Add records for the hosts of the new subdomain to the new Route 53 hosted zone.

B.

Update the DNS service for the parent domain by adding name server (NS) records for the subdomain.

C.

Update the DNS service for the subdomain by adding name server (NS) records for theparent domain.

D.

Create an alias record from the parent domain that points to the hosted zone for the subdomain in the second account.

E.

Add a start of authority (SOA) record in the parent domain for the subdomain.

A company has a total of 30 VPCs. Three AWS Regions each contain 10 VPCs. The company has attached the VPCs in each Region to a transit gateway in that Region. The company also

has set up inter-Region peering connections between the transit gateways.

The company wants to use AWS Direct Connect to provide access from its on-premises location for only four VPCs across the three Regions. The company has provisioned four Direct

Connect connections at two Direct Connect locations.

Which combination of steps will meet these requirements MOST cost-effectively? (Select THREE.)

A.

Create four virtual private gateways. Attach the virtual private gateways to the four VPCs.

B.

Create a Direct Connect gateway. Associate the four virtual private gateways withthe Direct Connect gateway.

C.

Create four transit VIFs on each Direct Connect connection. Associate the transit VIFs with the Direct Connect gateway.

D.

Create four transit VIFs on each Direct Connect connection. Associate the transit VIFs with the four virtual private gateways.

E.

Create four private VIFs on each Direct Connect connection to the Direct Connect gateway.

F.

Create an association between the Direct Connect gateway and the transit gateways.

A company runs an application across multiple AWS Regions and multiple Availability Zones. The company needs to expand to a new AWS Region. Low latency is critical to the functionality of the application.

A network engineer needs to gather metrics for the latency between the existing. Regions and the new Region. The network engineer must gather metrics for at least the previous 30 days.

Which solution will meet these requirements?

A.

Configure an AWS Network Access Analyzer Network Access Scope, and use the analysis to review the latency.

B.

Set up AWS Network Manager Infrastructure Performance. Publish network performance metrics to Amazon CloudWatch.

C.

Use an Amazon VPC Reachability Analyzer path to review the latency.

D.

Set up VPC Flow Logs. Publish log metrics to Amazon CloudWatch.

A company uses AWS Network Firewall to protect outgoing traffic for multiple VPCs that are in the same AWS account. Each VPC contains Amazon EC2 instances that host the company's applications. Each EC2 instance is tagged with the name of the application it hosts. The EC2 instances are in Auto Scaling groups.

A Network Firewall stateful rule group must remain up-to-date, even when an Auto Scaling group launches and terminates EC2 instances.

Which solution will meet this requirement with the LEAST implementation and administrative effort?

A.

Create a network ACL for each application. Reference the network ACL in the stateful rule group.

B.

Create a prefix list for each application. Reference the prefix list in the stateful rule group.

C.

Create an AWS Lambda function that queries the EC2 instance tags for each application name and then updates the stateful rule group with the IP address of each instance.

D.

Create a resource group for each application name. Reference the Amazon Resource Name (ARN) for the resource groups in the stateful rule group.

A company wants to improve visibility into its AWS environment. The AWS environment consists of multiple VPCs that are connected to a transit gateway. The transit gateway connects to an on-premises data center through an AWS Direct Connect gateway and a pair of redundant Direct Connect connections that use transit VIFs. The company must receive notification each time a new route is advertised to AWS from on premises over Direct Connect.

What should a network engineer do to meet these requirements?

A.

Enable Amazon CloudWatch metrics on Direct Connect to track the received routes. Configure a CloudWatch alarm to send notifications when routes change.

B.

Onboard Transit Gateway Network Manager to Amazon CloudWatch Logs Insights. Use Amazon EventBridge (Amazon CloudWatch Events) to send notifications when routes change.

C.

Configure an AWS Lambda function to periodically check the routes on the Direct Connect gateway and to send notifications when routes change.

D.

Enable Amazon CloudWatch Logs on the transit VIFs to track the received routes. Create a metric filter Set an alarm on the filter to send notifications when routes change.

A company is deploying a new stateless web application on AWS. The web application will run on Amazon EC2 instances in private subnets behind an Application Load Balancer. The EC2 instances are in an Auto Scaling group. The web application has a stateful management application for administration that will run on EC2 instances that are in a separate Auto Scaling group.

The company wants to access the management application by using the same URL as the web application, with a path prefix of /management. The protocol, hostname, and port number must be the same for the web application and the management application. Access to the management application must be restricted to the company's on-premises IP address space. An SSL/TLS certificate from AWS Certificate Manager (ACM) will protect the web application.

Which combination of steps should a network engineer take to meet these requirements? (Select TWO.)

A.

Insert a rule for the load balancer HTTPS listener. Configure the rule to check the path-pattern condition type for the /management prefix and to check the source-ip condition type for the on-premises IP address space. Forward requests to the management application target group if there is a match. Edit the management application target group and enable stickiness.

B.

Modify the default rule for the load balancer HTTPS listener. Configure the rule to check the path-pattern condition type for the /management prefix and to check the source-Ip condition type for the on-premises IP address space. Forward requests to the management application target group if there is not a match. Enable group-level stickiness in the rule attributes.

C.

Insert a rule for the load balancer HTTPS listener. Configure the rule to check the path-pattern condition type for the /management prefix and to check the X-Forwarded-For HTTP header for the on-premises IP address space. Forward requests to the managementapplication target group if there is a match. Enable group-level stickiness in the rule attributes.

D.

Modify the default rule for the load balancer HTTPS listener. Configure the rule to check the path-pattern condition type for the /management prefix and to check the source-Ip condition type for the on-premises IP address space. Forward requests to the web application target group if there is not a match.

E.

Forward all requests to the web application target group. Edit the web application target group and disable stickiness.

A company delivers applications over the internet. An Amazon Route 53 public hosted zone is the authoritative DNS service for the company and its internet applications, all of which are offered from the same domain name.

A network engineer is working on a new version of one of the applications. All the application's components are hosted in the AWS Cloud. The application has a three-tier design. The front end is delivered through Amazon EC2 instances that are deployed in public subnets with Elastic IP addresses assigned. The backend components are deployed in private subnets from RFC1918.

Components of the application need to be able to access other components of the application within the application's VPC by using the same host names as the host names that are used over the public internet. The network engineer also needs to accommodate future DNS changes, such as the introduction of new host names or the retirement of DNS entries.

Which combination of steps will meet these requirements? (Choose three.)

A.

Add a geoproximity routing policy in Route 53.

B.

Create a Route 53 private hosted zone for the same domain name Associate the application’s VPC with the new private hosted zone.

C.

Enable DNS hostnames for the application's VPC.

D.

Create entries in the private hosted zone for each name in the public hosted zone by using the corresponding private IP addresses.

E.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule that runs when AWSCloudTrail logs a Route 53 API call to the public hosted zone. Create an AWS Lambda function as the target of the rule. Configure the function to use the event information to update the private hosted zone.

F.

Add the private IP addresses in the existing Route 53 public hosted zone.