{"id":93587,"date":"2024-11-28T01:40:07","date_gmt":"2024-11-28T01:40:07","guid":{"rendered":"https:\/\/www.dumpsbase.com\/freedumps\/?p=93587"},"modified":"2024-11-28T01:40:07","modified_gmt":"2024-11-28T01:40:07","slug":"amazon-ans-c01-dumps-v11-03-improve-your-expertise-by-passing-the-amazon-aws-certified-advanced-networking-specialty-exam","status":"publish","type":"post","link":"https:\/\/www.dumpsbase.com\/freedumps\/amazon-ans-c01-dumps-v11-03-improve-your-expertise-by-passing-the-amazon-aws-certified-advanced-networking-specialty-exam.html","title":{"rendered":"Amazon ANS-C01 Dumps (V11.03) &#8211; Improve Your Expertise by Passing the Amazon AWS Certified Advanced Networking &#8211; Specialty Exam"},"content":{"rendered":"<p>Improve your expertise with DumpsBase&#8217;s most updated Amazon ANS-C01 dumps. We have the ANS-C01 dumps (V11.03) with more accurate questions and answers, helping you pass the Amazon AWS Certified Advanced Networking\u2014Specialty exam successfully.<\/p>\n<h2>Key Features of Amazon ANS-C01 Dumps (V11.03)<\/h2>\n<ul>\n<li><strong>PDF Format Flexibility:<\/strong> You can access ANS-C01 exam dumps on any device &#8211; desktop, laptop, Mac, tablet, or smartphone &#8211; for convenient studying anywhere, anytime.<\/li>\n<li><strong>Online Practice Test Engine:<\/strong> Simulate the real exam with our software featuring authentic ANS-C01 exam questions.<\/li>\n<li><strong>Expert-Verified Content:<\/strong> All questions are prepared and validated by experienced experts to ensure accuracy and relevance.<\/li>\n<li><strong>12-Month Free Updates:<\/strong> Stay current with the latest exam changes through complimentary updates for three months post-purchase.<\/li>\n<li><strong>Free Demo Available:<\/strong> Try before you buy with our free demo version to assess the quality of our exam questions.<\/li>\n<\/ul>\n<p><!-- notionvc: 5389fb00-1c14-4ab3-b15f-1f607a5d8dca --><\/p>\n<h2>Read <em><span style=\"background-color: #00ffff;\">ANS-C01 Free Dumps<\/span> <\/em>Below:<\/h2>\n<script>\n\t  window.fbAsyncInit = function() {\n\t    FB.init({\n\t      appId            : '622169541470367',\n\t      autoLogAppEvents : true,\n\t      xfbml            : true,\n\t      version          : 'v3.1'\n\t    });\n\t  };\n\t\n\t  (function(d, s, id){\n\t     var js, fjs = d.getElementsByTagName(s)[0];\n\t     if (d.getElementById(id)) {return;}\n\t     js = d.createElement(s); js.id = id;\n\t     js.src = \"https:\/\/connect.facebook.net\/en_US\/sdk.js\";\n\t     fjs.parentNode.insertBefore(js, fjs);\n\t   }(document, 'script', 'facebook-jssdk'));\n\t<\/script><script type=\"text\/javascript\" >\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \nif(!window.jQuery) alert(\"The important jQuery library is not properly loaded in your site. Your WordPress theme is probably missing the essential wp_head() call. You can switch to another theme and you will see that the plugin works fine and this notice disappears. If you are still not sure what to do you can contact us for help.\");\n});\n<\/script>  \n  \n<div  id=\"watupro_quiz\" class=\"quiz-area single-page-quiz\">\n<p id=\"submittingExam9226\" style=\"display:none;text-align:center;\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\"><\/p>\n\n<div class=\"watupro-exam-description\" id=\"description-quiz-9226\"><\/div>\n\n<form action=\"\" method=\"post\" class=\"quiz-form\" id=\"quiz-9226\"  enctype=\"multipart\/form-data\" >\n<div class='watu-question ' id='question-1' style=';'><div id='questionWrap-1'  class='   watupro-question-id-365449'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>1. <\/span>A data analytics company has a 100-node high performance computing (HPC) cluster. The HPC cluster is for parallel data processing and is hosted in a VPC in the AWS Cloud. As part of the data processing workflow, the HPC cluster needs to perform several DNS queries to resolve and connect to Amazon RDS databases, Amazon S3 buckets, and on-premises data stores that are accessible through AWS Direct Connect. The HPC cluster can increase in size by five to seven times during the company\u2019s peak event at the end of the year. <br \/>\r<br>The company is using two Amazon EC2 instances as primary DNS servers for the VPC. The EC2 instances are configured to forward queries to the default VPC resolver for Amazon Route 53 hosted domains and to the on-premises DNS servers for other on-premises hosted domain names. The company notices job failures and finds that DNS queries from the HPC cluster nodes failed when the nodes tried to resolve RDS and S3 bucket endpoints. <br \/>\r<br>Which architectural change should a network engineer implement to provide the DNS service in the MOST scalable way?<\/div><input type='hidden' name='question_id[]' id='qID_1' value='365449' \/><input type='hidden' id='answerType365449' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365449[]' id='answer-id-1424202' class='answer   answerof-365449 ' value='1424202'   \/><label for='answer-id-1424202' id='answer-label-1424202' class=' answer'><span>Scale out the DNS service by adding two additional EC2 instances in the VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365449[]' id='answer-id-1424203' class='answer   answerof-365449 ' value='1424203'   \/><label for='answer-id-1424203' id='answer-label-1424203' class=' answer'><span>Reconfigure half of the HPC cluster nodes to use these new DNS servers. Plan to scale out by adding additional EC2 instance-based DNS servers in the future as the HPC cluster size grows.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365449[]' id='answer-id-1424204' class='answer   answerof-365449 ' value='1424204'   \/><label for='answer-id-1424204' id='answer-label-1424204' class=' answer'><span>Scale up the existing EC2 instances that the company is using as DNS servers. Change the instance size to the largest possible instance size to accommodate the current DNS load and the anticipated load in the future.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365449[]' id='answer-id-1424205' class='answer   answerof-365449 ' value='1424205'   \/><label for='answer-id-1424205' id='answer-label-1424205' class=' answer'><span>Create Route 53 Resolver outbound endpoints. Create Route 53 Resolver rules to forward queries to on-premises DNS servers for on premises hosted domain names. Reconfigure the HPC cluster nodes to use the default VPC resolver instead of the EC2 instance-based DNS servers. Terminate the EC2 instances.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365449[]' id='answer-id-1424206' class='answer   answerof-365449 ' value='1424206'   \/><label for='answer-id-1424206' id='answer-label-1424206' class=' answer'><span>Create Route 53 Resolver inbound endpoints. Create rules on the on-premises DNS servers to forward queries to the default VPC resolver. Reconfigure the HPC cluster nodes to forward all DNS queries to the on-premises DNS servers. Terminate the EC2 instances.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-2' style=';'><div id='questionWrap-2'  class='   watupro-question-id-365450'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>2. <\/span>A media company is implementing a news website for a global audience. The website uses Amazon CloudFront as its content delivery network. The backend runs on Amazon EC2 Windows instances behind an Application Load Balancer (ALB). The instances are part of an Auto Scaling group. The company's customers access the website by using service example com as the CloudFront custom domain name. The CloudFront origin points to an ALB that uses service-alb.example.com as the domain name. <br \/>\r<br>The company\u2019s security policy requires the traffic to be encrypted in transit at all times between the users and the backend. <br \/>\r<br>Which combination of changes must the company make to meet this security requirement? (Choose three.)<\/div><input type='hidden' name='question_id[]' id='qID_2' value='365450' \/><input type='hidden' id='answerType365450' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365450[]' id='answer-id-1424207' class='answer   answerof-365450 ' value='1424207'   \/><label for='answer-id-1424207' id='answer-label-1424207' class=' answer'><span>Create a self-signed certificate for service.example.com. Import the certificate into AWS Certificate Manager (ACM). Configure CloudFront to use this imported SSL\/TLS certificate. Change the default behavior to redirect HTTP to HTTP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365450[]' id='answer-id-1424208' class='answer   answerof-365450 ' value='1424208'   \/><label for='answer-id-1424208' id='answer-label-1424208' class=' answer'><span>Create a certificate for service.example.com by using AWS Certificate Manager (ACM). Configure CloudFront to use this custom SSL\/TLS certificate. Change the default behavior to redirect HTTP to HTTP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365450[]' id='answer-id-1424209' class='answer   answerof-365450 ' value='1424209'   \/><label for='answer-id-1424209' id='answer-label-1424209' class=' answer'><span>Create a certificate with any domain name by using AWS Certificate Manager (ACM) for the EC2 instances. Configure the backend to use this certificate for its HTTPS listener. Specify the instance target type during the creation of a new target group that uses the HTTPS protocol for its targets. Attach the existing Auto Scaling group to this new target group.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365450[]' id='answer-id-1424210' class='answer   answerof-365450 ' value='1424210'   \/><label for='answer-id-1424210' id='answer-label-1424210' class=' answer'><span>Create a public certificate from a third-party certificate provider with any domain name for the EC2 instances. Configure the backend to use this certificate for its HTTPS listener. Specify the instance target type during the creation of a new target group that uses the HTTPS protocol for its targets. Attach the existing Auto Scaling group to this new target group.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365450[]' id='answer-id-1424211' class='answer   answerof-365450 ' value='1424211'   \/><label for='answer-id-1424211' id='answer-label-1424211' class=' answer'><span>Create a certificate for service-alb.example.com by using AWS Certificate Manager (ACM). On the ALB add a new HTTPS listener that uses the new target group and the service-alb.example.com ACM certificate. Modify the CloudFront origin to use the HTTPS protocol only. Delete the HTTP listener on the AL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365450[]' id='answer-id-1424212' class='answer   answerof-365450 ' value='1424212'   \/><label for='answer-id-1424212' id='answer-label-1424212' class=' answer'><span>Create a self-signed certificate for service-alb.example.com. Import the certificate into AWS Certificate Manager (ACM). On the ALB add a new HTTPS listener that uses the new target group and the imported service-alb.example.com ACM certificate. Modify the CloudFront origin to use the HTTPS protocol only. Delete the HTTP listener on the AL<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-3' style=';'><div id='questionWrap-3'  class='   watupro-question-id-365451'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>3. <\/span>A government contractor is designing a multi-account environment with multiple VPCs for a customer. A network security policy requires all traffic between any two VPCs to be transparently inspected by a third-party appliance. <br \/>\r<br>The customer wants a solution that features AWS Transit Gateway. The setup must be highly available across multiple Availability Zones, and the solution needs to support automated failover. Furthermore, asymmetric routing is not supported by the inspection appliances. <br \/>\r<br>Which combination of steps is part of a solution that meets these requirements? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_3' value='365451' \/><input type='hidden' id='answerType365451' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365451[]' id='answer-id-1424213' class='answer   answerof-365451 ' value='1424213'   \/><label for='answer-id-1424213' id='answer-label-1424213' class=' answer'><span>Deploy two clusters that consist of multiple appliances across multiple Availability Zones in a designated inspection VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365451[]' id='answer-id-1424214' class='answer   answerof-365451 ' value='1424214'   \/><label for='answer-id-1424214' id='answer-label-1424214' class=' answer'><span>Connect the inspection VPC to the transit gateway by using a VPC attachment. Create a target group, and register the appliances with the target group. Create a Network Load Balancer (NLB), and set it up to forward to the newly created target group. Configure a default route in the inspection VPCs transit gateway subnet toward the NL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365451[]' id='answer-id-1424215' class='answer   answerof-365451 ' value='1424215'   \/><label for='answer-id-1424215' id='answer-label-1424215' class=' answer'><span>Deploy two clusters that consist of multiple appliances across multiple Availability Zones in a designated inspection VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365451[]' id='answer-id-1424216' class='answer   answerof-365451 ' value='1424216'   \/><label for='answer-id-1424216' id='answer-label-1424216' class=' answer'><span>Connect the inspection VPC to the transit gateway by using a VPC attachment. Create a target group, and register the appliances with the target group. Create a Gateway Load Balancer, and set it up to forward to the newly created target group. Configure a default route in the inspection VPC\u2019s transit gateway subnet toward the Gateway Load Balancer endpoint.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365451[]' id='answer-id-1424217' class='answer   answerof-365451 ' value='1424217'   \/><label for='answer-id-1424217' id='answer-label-1424217' class=' answer'><span>Configure two route tables on the transit gateway. Associate one route table with all the attachments of the application VPCs. Associate the other route table with the inspection VPC\u2019s attachment. Propagate all VPC attachments into the inspection route table. Define a static default route in the application route table. Enable appliance mode on the attachment that connects the inspection VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365451[]' id='answer-id-1424218' class='answer   answerof-365451 ' value='1424218'   \/><label for='answer-id-1424218' id='answer-label-1424218' class=' answer'><span>Configure two route tables on the transit gateway. Associate one route table with all the attachments of the application VPCs. Associate the other route table with the inspection VPCs attachment. Propagate all VPC attachments into the application route table. Define a static default route in the inspection route table. Enable appliance mode on the attachment that connects the inspection VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365451[]' id='answer-id-1424219' class='answer   answerof-365451 ' value='1424219'   \/><label for='answer-id-1424219' id='answer-label-1424219' class=' answer'><span>Configure one route table on the transit gateway. Associate the route table with all the VPCs. Propagate all VPC attachments into the route table. Define a static default route in the route table.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-4' style=';'><div id='questionWrap-4'  class='   watupro-question-id-365452'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>4. <\/span>A company\u2019s network engineer is designing a hybrid DNS solution for an AWS Cloud workload. Individual teams want to manage their own DNS hostnames for their applications in their development environment. The solution must integrate the application-specific hostnames with the centrally managed DNS hostnames from the on-premises network and must provide bidirectional name resolution. The solution also must minimize management overhead. <br \/>\r<br>Which combination of steps should the network engineer take to meet these requirements? (Choose three.)<\/div><input type='hidden' name='question_id[]' id='qID_4' value='365452' \/><input type='hidden' id='answerType365452' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365452[]' id='answer-id-1424220' class='answer   answerof-365452 ' value='1424220'   \/><label for='answer-id-1424220' id='answer-label-1424220' class=' answer'><span>Use an Amazon Route 53 Resolver inbound endpoint.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365452[]' id='answer-id-1424221' class='answer   answerof-365452 ' value='1424221'   \/><label for='answer-id-1424221' id='answer-label-1424221' class=' answer'><span>Modify the DHCP options set by setting a custom DNS server value.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365452[]' id='answer-id-1424222' class='answer   answerof-365452 ' value='1424222'   \/><label for='answer-id-1424222' id='answer-label-1424222' class=' answer'><span>Use an Amazon Route 53 Resolver outbound endpoint.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365452[]' id='answer-id-1424223' class='answer   answerof-365452 ' value='1424223'   \/><label for='answer-id-1424223' id='answer-label-1424223' class=' answer'><span>Create DNS proxy servers.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365452[]' id='answer-id-1424224' class='answer   answerof-365452 ' value='1424224'   \/><label for='answer-id-1424224' id='answer-label-1424224' class=' answer'><span>Create Amazon Route 53 private hosted zones.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365452[]' id='answer-id-1424225' class='answer   answerof-365452 ' value='1424225'   \/><label for='answer-id-1424225' id='answer-label-1424225' class=' answer'><span>Set up a zone transfer between Amazon Route 53 and the on-premises DN<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-5' style=';'><div id='questionWrap-5'  class='   watupro-question-id-365453'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>5. <\/span>A company has two on-premises data center locations. There is a company-managed router at each data center. Each data center has a dedicated AWS Direct Connect connection to a Direct Connect gateway through a private virtual interface. The router for the first location is advertising 110 routes to the Direct Connect gateway by using BGP, and the router for the second location is advertising 60 routes to the Direct Connect gateway by using BGP. The Direct Connect gateway is attached to a company VPC through a virtual private gateway. <br \/>\r<br>A network engineer receives reports that resources in the VPC are not reachable from various locations in either data center. The network engineer checks the VPC route table and sees that the routes from the first data center location are not being populated into the route table. The network engineer must resolve this issue in the most operationally efficient manner. <br \/>\r<br>What should the network engineer do to meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_5' value='365453' \/><input type='hidden' id='answerType365453' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365453[]' id='answer-id-1424226' class='answer   answerof-365453 ' value='1424226'   \/><label for='answer-id-1424226' id='answer-label-1424226' class=' answer'><span>Remove the Direct Connect gateway, and create a new private virtual interface from each company router to the virtual private gateway of the VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365453[]' id='answer-id-1424227' class='answer   answerof-365453 ' value='1424227'   \/><label for='answer-id-1424227' id='answer-label-1424227' class=' answer'><span>Change the router configurations to summarize the advertised routes.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365453[]' id='answer-id-1424228' class='answer   answerof-365453 ' value='1424228'   \/><label for='answer-id-1424228' id='answer-label-1424228' class=' answer'><span>Open a support ticket to increase the quota on advertised routes to the VPC route table.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365453[]' id='answer-id-1424229' class='answer   answerof-365453 ' value='1424229'   \/><label for='answer-id-1424229' id='answer-label-1424229' class=' answer'><span>Create an AWS Transit Gateway. Attach the transit gateway to the VPC, and connect the Direct Connect gateway to the transit gateway.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-6' style=';'><div id='questionWrap-6'  class='   watupro-question-id-365454'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>6. <\/span>A company is deploying a new application on AWS. The application uses dynamic multicasting. The company has five VPCs that are all attached to a transit gateway Amazon EC2 instances in each VPC need to be able to register dynamically to receive a multicast transmission. <br \/>\r<br>How should a network engineer configure the AWS resources to meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_6' value='365454' \/><input type='hidden' id='answerType365454' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365454[]' id='answer-id-1424230' class='answer   answerof-365454 ' value='1424230'   \/><label for='answer-id-1424230' id='answer-label-1424230' class=' answer'><span>Create a static source multicast domain within the transit gateway. Associate the VPCs and applicable subnets with the multicast domain. Register the multicast senders' network interface with the multicast domain. Adjust the network ACLs to allow UDP traffic from the source to all receivers and to allow UDP traffic that is sent to the multicast group address.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365454[]' id='answer-id-1424231' class='answer   answerof-365454 ' value='1424231'   \/><label for='answer-id-1424231' id='answer-label-1424231' class=' answer'><span>Create a static source multicast domain within the transit gateway. Associate the VPCs and applicable subnets with the multicast domain. Register the multicast senders' network interface with the multicast domain. Adjust the network ACLs to allow TCP traffic from the source to all receivers and to allow TCP traffic that is sent to the multicast group address.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365454[]' id='answer-id-1424232' class='answer   answerof-365454 ' value='1424232'   \/><label for='answer-id-1424232' id='answer-label-1424232' class=' answer'><span>Create an Internet Group Management Protocol (IGMP) multicast domain within the transit gateway. Associate the VPCs and applicable subnets with the multicast domain. Register the multicast senders' network interface with the multicast domain. Adjust the network ACLs to allow UDP traffic from the source to all receivers and to allow UDP traffic that is sent to the multicast group address.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365454[]' id='answer-id-1424233' class='answer   answerof-365454 ' value='1424233'   \/><label for='answer-id-1424233' id='answer-label-1424233' class=' answer'><span>Create an Internet Group Management Protocol (IGMP) multicast domain within the transit gateway. Associate the VPCs and applicable subnets with the multicast domain. Register the multicast senders' network interface with the multicast domain. Adjust the network ACLs to allow TCP traffic from the source to all receivers and to allow TCP traffic that is sent to the multicast group address.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-7' style=';'><div id='questionWrap-7'  class='   watupro-question-id-365455'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>7. <\/span>A company is using an AWS Site-to-Site VPN connection from the company's on-premises data center to a virtual private gateway in the AWS Cloud Because of congestion, the company is experiencing availability and performance issues as traffic travels across the internet before the traffic reaches AWS. A network engineer must reduce these issues for <br \/>\r<br>the connection as quickly as possible with minimum administration effort. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_7' value='365455' \/><input type='hidden' id='answerType365455' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365455[]' id='answer-id-1424234' class='answer   answerof-365455 ' value='1424234'   \/><label for='answer-id-1424234' id='answer-label-1424234' class=' answer'><span>Edit the existing Site-to-Site VPN connection by enabling acceleration. Stop and start the VPN service on the customer gateway for the new setting to take effect.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365455[]' id='answer-id-1424235' class='answer   answerof-365455 ' value='1424235'   \/><label for='answer-id-1424235' id='answer-label-1424235' class=' answer'><span>Configure a transit gateway in the same AWS Region as the existing virtual private gateway. Create a new accelerated Site-to-Site VPN connection. Connect the new connection to the transit gateway by using a VPN attachment. Update the customer gateway device to use the new Site to Site VPN connection. Delete the existing Site-to-Site VPN connection<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365455[]' id='answer-id-1424236' class='answer   answerof-365455 ' value='1424236'   \/><label for='answer-id-1424236' id='answer-label-1424236' class=' answer'><span>Create a new accelerated Site-to-Site VPN connection. Connect the new Site-to-Site VPN connection to the existing virtual private gateway. Update the customer gateway device to use the new Site-to-Site VPN connection. Delete the existing Site-to-Site VPN connection.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365455[]' id='answer-id-1424237' class='answer   answerof-365455 ' value='1424237'   \/><label for='answer-id-1424237' id='answer-label-1424237' class=' answer'><span>Create a new AWS Direct Connect connection with a private VIF between the on-premises data center and the AWS Cloud. Update the customer gateway device to use the new Direct Connect connection. Delete the existing Site-to-Site VPN connection.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-8' style=';'><div id='questionWrap-8'  class='   watupro-question-id-365456'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>8. <\/span>A company has deployed a web application on AWS. The web application uses an Application Load Balancer (ALB) across multiple Availability Zones. The targets of the ALB are AWS Lambda functions. The web application also uses Amazon CloudWatch metrics for monitoring. <br \/>\r<br>Users report that parts of the web application are not loading properly. A network engineer needs to troubleshoot the problem. The network engineer enables access logging for the ALB. <br \/>\r<br>What should the network engineer do next to determine which errors the ALB is receiving?<\/div><input type='hidden' name='question_id[]' id='qID_8' value='365456' \/><input type='hidden' id='answerType365456' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365456[]' id='answer-id-1424238' class='answer   answerof-365456 ' value='1424238'   \/><label for='answer-id-1424238' id='answer-label-1424238' class=' answer'><span>Send the logs to Amazon CloudWatch Logs. Review the ALB logs in CloudWatch Insights to determine which error messages the ALB is receiving.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365456[]' id='answer-id-1424239' class='answer   answerof-365456 ' value='1424239'   \/><label for='answer-id-1424239' id='answer-label-1424239' class=' answer'><span>Configure the Amazon S3 bucket destination. Use Amazon Athena to determine which error messages the ALB is receiving.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365456[]' id='answer-id-1424240' class='answer   answerof-365456 ' value='1424240'   \/><label for='answer-id-1424240' id='answer-label-1424240' class=' answer'><span>Configure the Amazon S3 bucket destination. After Amazon CloudWatch Logs pulls the ALB logs from the S3 bucket automatically, review the logs in CloudWatch Logs to determine which error messages the ALB is receiving.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365456[]' id='answer-id-1424241' class='answer   answerof-365456 ' value='1424241'   \/><label for='answer-id-1424241' id='answer-label-1424241' class=' answer'><span>Send the logs to Amazon CloudWatch Logs. Use the Amazon Athena CloudWatch Connector to determine which error messages the ALB is receiving.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-9' style=';'><div id='questionWrap-9'  class='   watupro-question-id-365457'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>9. <\/span>A real estate company is building an internal application so that real estate agents can upload photos and videos of various properties. The application will store these photos and videos in an Amazon S3 bucket as objects and will use Amazon DynamoDB to store corresponding metadata. The S3 bucket will be configured to publish all PUT events for new object uploads to an Amazon Simple Queue Service (Amazon SQS) queue. <br \/>\r<br>A compute cluster of Amazon EC2 instances will poll the SQS queue to find out about newly uploaded objects. The cluster will retrieve new objects, perform proprietary image and video recognition and classification update metadata in DynamoDB and replace the objects with new watermarked objects. The company does not want public IP addresses on the EC2 instances. <br \/>\r<br>Which networking design solution will meet these requirements MOST cost-effectively as application usage increases?<\/div><input type='hidden' name='question_id[]' id='qID_9' value='365457' \/><input type='hidden' id='answerType365457' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365457[]' id='answer-id-1424242' class='answer   answerof-365457 ' value='1424242'   \/><label for='answer-id-1424242' id='answer-label-1424242' class=' answer'><span>Place the EC2 instances in a public subnet. Disable the Auto-assign Public IP option while launching the EC2 instances. Create an internet gateway. Attach the internet gateway to the VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365457[]' id='answer-id-1424243' class='answer   answerof-365457 ' value='1424243'   \/><label for='answer-id-1424243' id='answer-label-1424243' class=' answer'><span>In the public subnet's route table, add a default route that points to the internet gateway.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365457[]' id='answer-id-1424244' class='answer   answerof-365457 ' value='1424244'   \/><label for='answer-id-1424244' id='answer-label-1424244' class=' answer'><span>Place the EC2 instances in a private subnet. Create a NAT gateway in a public subnet in the same Availability Zone. Create an internet gateway. Attach the internet gateway to the VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365457[]' id='answer-id-1424245' class='answer   answerof-365457 ' value='1424245'   \/><label for='answer-id-1424245' id='answer-label-1424245' class=' answer'><span>In the public subnet's route table, add a default route that points to the internet gateway<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365457[]' id='answer-id-1424246' class='answer   answerof-365457 ' value='1424246'   \/><label for='answer-id-1424246' id='answer-label-1424246' class=' answer'><span>Place the EC2 instances in a private subnet. Create an interface VPC endpoint for Amazon SQ<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365457[]' id='answer-id-1424247' class='answer   answerof-365457 ' value='1424247'   \/><label for='answer-id-1424247' id='answer-label-1424247' class=' answer'><span>Create gateway VPC endpoints for Amazon S3 and DynamoD<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365457[]' id='answer-id-1424248' class='answer   answerof-365457 ' value='1424248'   \/><label for='answer-id-1424248' id='answer-label-1424248' class=' answer'><span>Place the EC2 instances in a private subnet. Create a gateway VPC endpoint for Amazon SQ<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365457[]' id='answer-id-1424249' class='answer   answerof-365457 ' value='1424249'   \/><label for='answer-id-1424249' id='answer-label-1424249' class=' answer'><span>Create interface VPC endpoints for Amazon S3 and DynamoD<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-10' style=';'><div id='questionWrap-10'  class='   watupro-question-id-365458'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>10. <\/span>A network engineer needs to set up an Amazon EC2 Auto Scaling group to run a Linux-based network appliance in a highly available architecture. The network engineer is configuring the new launch template for the Auto Scaling group. <br \/>\r<br>In addition to the primary network interface the network appliance requires a second network interface that will be used exclusively by the application to exchange traffic with hosts over the internet. The company has set up a Bring Your Own IP (BYOIP) pool that includes an Elastic IP address that should be used as the public IP address for the second network interface. <br \/>\r<br>How can the network engineer implement the required architecture?<\/div><input type='hidden' name='question_id[]' id='qID_10' value='365458' \/><input type='hidden' id='answerType365458' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365458[]' id='answer-id-1424250' class='answer   answerof-365458 ' value='1424250'   \/><label for='answer-id-1424250' id='answer-label-1424250' class=' answer'><span>Configure the two network interfaces in the launch template. Define the primary network interface to be created in one of the private subnets. For the second network interface, select one of the public subnets. Choose the BYOIP pool ID as the source of public IP addresses.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365458[]' id='answer-id-1424251' class='answer   answerof-365458 ' value='1424251'   \/><label for='answer-id-1424251' id='answer-label-1424251' class=' answer'><span>Configure the primary network interface in a private subnet in the launch template. Use the user data option to run a cloud-init script after boot to attach the second network interface from a subnet with auto-assign public IP addressing enabled.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365458[]' id='answer-id-1424252' class='answer   answerof-365458 ' value='1424252'   \/><label for='answer-id-1424252' id='answer-label-1424252' class=' answer'><span>Create an AWS Lambda function to run as a lifecycle hook of the Auto Scaling group when an instance is launching. In the Lambda function, assign a network interface to an AWS Global Accelerator endpoint.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365458[]' id='answer-id-1424253' class='answer   answerof-365458 ' value='1424253'   \/><label for='answer-id-1424253' id='answer-label-1424253' class=' answer'><span>During creation of the Auto Scaling group, select subnets for the primary network interface. Use the user data option to run a cloud-init script to allocate a second network interface and to associate an Elastic IP address from the BYOIP pool.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-11' style=';'><div id='questionWrap-11'  class='   watupro-question-id-365459'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>11. <\/span>A company is planning to deploy many software-defined WAN (SD-WAN) sites. The company is using AWS Transit Gateway and has deployed a transit gateway in the required AWS Region. A network engineer needs to deploy the SD-WAN hub virtual appliance into a VPC that is connected to the transit gateway. The solution must support at least 5 Gbps of throughput from the SD-WAN hub virtual appliance to other VPCs that are attached to the transit gateway. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_11' value='365459' \/><input type='hidden' id='answerType365459' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365459[]' id='answer-id-1424254' class='answer   answerof-365459 ' value='1424254'   \/><label for='answer-id-1424254' id='answer-label-1424254' class=' answer'><span>Create a new VPC for the SD-WAN hub virtual appliance. Create two IPsec VPN connections between the SD-WAN hub virtual appliance and the transit gateway. Configure BGP over the IPsec VPN connections<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365459[]' id='answer-id-1424255' class='answer   answerof-365459 ' value='1424255'   \/><label for='answer-id-1424255' id='answer-label-1424255' class=' answer'><span>Assign a new CIDR block to the transit gateway. Create a new VPC for the SD-WAN hub virtual appliance. Attach the new VPC to the transit gateway with a VPC attachment. Add a transit gateway Connect attachment. Create a Connect peer and specify the GRE and BGP parameters. Create a route in the appropriate VPC for the SD-WAN hub virtual appliance to route to the transit gateway.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365459[]' id='answer-id-1424256' class='answer   answerof-365459 ' value='1424256'   \/><label for='answer-id-1424256' id='answer-label-1424256' class=' answer'><span>Create a new VPC for the SD-WAN hub virtual appliance. Attach the new VPC to the transit gateway with a VPC attachment. Create two IPsec VPN connections between the SD-WAN hub virtual appliance and the transit gateway. Configure BGP over the IPsec VPN connections.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365459[]' id='answer-id-1424257' class='answer   answerof-365459 ' value='1424257'   \/><label for='answer-id-1424257' id='answer-label-1424257' class=' answer'><span>Assign a new CIDR block to the transit gateway. Create a new VPC for the SD-WAN hub virtual appliance. Attach the new VPC to the transit gateway with a VPC attachment. Add a transit gateway Connect attachment. Create a Connect peer and specify the VXLAN and BGP parameters. Create a route in the appropriate VPC for the SD-WAN hub virtual appliance to route to the transit gateway.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-12' style=';'><div id='questionWrap-12'  class='   watupro-question-id-365460'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>12. <\/span>A company hosts an application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company recently experienced a network security breach. A network engineer must collect and analyze logs that include the client IP address, target IP address, target port, and user agent of each user that accesses the application. <br \/>\r<br>What is the MOST operationally efficient solution that meets these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_12' value='365460' \/><input type='hidden' id='answerType365460' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365460[]' id='answer-id-1424258' class='answer   answerof-365460 ' value='1424258'   \/><label for='answer-id-1424258' id='answer-label-1424258' class=' answer'><span>Configure the ALB to store logs in an Amazon S3 bucket. Download the files from Amazon S3, and use a spreadsheet application to analyze the logs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365460[]' id='answer-id-1424259' class='answer   answerof-365460 ' value='1424259'   \/><label for='answer-id-1424259' id='answer-label-1424259' class=' answer'><span>Configure the ALB to push logs to Amazon Kinesis Data Streams. Use Amazon Kinesis Data Analytics to analyze the logs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365460[]' id='answer-id-1424260' class='answer   answerof-365460 ' value='1424260'   \/><label for='answer-id-1424260' id='answer-label-1424260' class=' answer'><span>Configure Amazon Kinesis Data Streams to stream data from the ALB to Amazon OpenSearch Service (Amazon Elasticsearch Service). Use search operations in Amazon OpenSearch Service (Amazon Elasticsearch Service) to analyze the data.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365460[]' id='answer-id-1424261' class='answer   answerof-365460 ' value='1424261'   \/><label for='answer-id-1424261' id='answer-label-1424261' class=' answer'><span>Configure the ALB to store logs in an Amazon S3 bucket. Use Amazon Athena to analyze the logs in Amazon S3.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-13' style=';'><div id='questionWrap-13'  class='   watupro-question-id-365461'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>13. <\/span>A company\u2019s network engineer needs to design a new solution to help troubleshoot and detect network anomalies. The network engineer has configured Traffic Mirroring. However, the mirrored traffic is overwhelming the Amazon EC2 instance that is the traffic mirror target. The EC2 instance hosts tools that the company\u2019s security team uses to analyze the traffic. The network engineer needs to design a highly available solution that can scale to meet the demand of the mirrored traffic. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_13' value='365461' \/><input type='hidden' id='answerType365461' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365461[]' id='answer-id-1424262' class='answer   answerof-365461 ' value='1424262'   \/><label for='answer-id-1424262' id='answer-label-1424262' class=' answer'><span>Deploy a Network Load Balancer (NLB) as the traffic mirror target. Behind the NL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365461[]' id='answer-id-1424263' class='answer   answerof-365461 ' value='1424263'   \/><label for='answer-id-1424263' id='answer-label-1424263' class=' answer'><span>deploy a fleet of EC2 instances in an Auto Scaling group. Use Traffic Mirroring as necessary.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365461[]' id='answer-id-1424264' class='answer   answerof-365461 ' value='1424264'   \/><label for='answer-id-1424264' id='answer-label-1424264' class=' answer'><span>Deploy an Application Load Balancer (ALB) as the traffic mirror target. Behind the ALB, deploy a fleet of EC2 instances in an Auto Scaling group. Use Traffic Mirroring only during non-business hours.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365461[]' id='answer-id-1424265' class='answer   answerof-365461 ' value='1424265'   \/><label for='answer-id-1424265' id='answer-label-1424265' class=' answer'><span>Deploy a Gateway Load Balancer (GLB) as the traffic mirror target. Behind the GL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365461[]' id='answer-id-1424266' class='answer   answerof-365461 ' value='1424266'   \/><label for='answer-id-1424266' id='answer-label-1424266' class=' answer'><span>deploy a fleet of EC2 instances in an Auto Scaling group. Use Traffic Mirroring as necessary.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365461[]' id='answer-id-1424267' class='answer   answerof-365461 ' value='1424267'   \/><label for='answer-id-1424267' id='answer-label-1424267' class=' answer'><span>Deploy an Application Load Balancer (ALB) with an HTTPS listener as the traffic mirror target. Behind the AL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365461[]' id='answer-id-1424268' class='answer   answerof-365461 ' value='1424268'   \/><label for='answer-id-1424268' id='answer-label-1424268' class=' answer'><span>deploy a fleet of EC2 instances in an Auto Scaling group. Use Traffic Mirroring only during active events or business hours.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-14' style=';'><div id='questionWrap-14'  class='   watupro-question-id-365462'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>14. <\/span>A bank built a new version of its banking application in AWS using containers that content to an on-premises database over VPN connection. This application version requires users to also update their client application. The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their on-premises version of the application to serve a small portion of the customers who haven\u2019t yet upgraded. <br \/>\r<br>What design will allow the company to serve both newer and earlier clients in the MOST efficient way?<\/div><input type='hidden' name='question_id[]' id='qID_14' value='365462' \/><input type='hidden' id='answerType365462' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365462[]' id='answer-id-1424269' class='answer   answerof-365462 ' value='1424269'   \/><label for='answer-id-1424269' id='answer-label-1424269' class=' answer'><span>Use an Amazon Route 53 multivalue answer routing policy to route older client traffic to the on-premises application version and the rest of the traffic to the new AWS based version.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365462[]' id='answer-id-1424270' class='answer   answerof-365462 ' value='1424270'   \/><label for='answer-id-1424270' id='answer-label-1424270' class=' answer'><span>Use a Classic Load Balancer for the new application. Route all traffic to the new application by using an Elastic Load Balancing (ELB) load balancer DN<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365462[]' id='answer-id-1424271' class='answer   answerof-365462 ' value='1424271'   \/><label for='answer-id-1424271' id='answer-label-1424271' class=' answer'><span>Define a user-agent-based rule on the backend servers to redirect earlier clients to the on-premises application.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365462[]' id='answer-id-1424272' class='answer   answerof-365462 ' value='1424272'   \/><label for='answer-id-1424272' id='answer-label-1424272' class=' answer'><span>Use an Application Load Balancer for the new application. Register both the new and earlier applications as separate target groups and use path-based routing to route traffic based on the application version.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365462[]' id='answer-id-1424273' class='answer   answerof-365462 ' value='1424273'   \/><label for='answer-id-1424273' id='answer-label-1424273' class=' answer'><span>Use an Application Load Balancer for the new application. Register both the new and earlier application backends as separate target groups. Use header-based routing to route traffic based on the application version.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-15' style=';'><div id='questionWrap-15'  class='   watupro-question-id-365463'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>15. <\/span>In the Connectivity account: Accept the attachment. Associate a route table with the attachment.<\/div><input type='hidden' name='question_id[]' id='qID_15' value='365463' \/><input type='hidden' id='answerType365463' value='textarea'><!-- end question-content--><\/div><div class='question-choices '><p><textarea name='answer-365463[]' id='textarea_q_365463' class='watupro-textarea-medium' rows='5' cols='80'><\/textarea>\n<\/p><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-16' style=';'><div id='questionWrap-16'  class='   watupro-question-id-365464'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>16. <\/span>All IP addresses within a 10.0.0.0\/16 VPC are fully utilized with application servers across two Availability Zones. The application servers need to send frequent UDP probes to a single central authentication server on the Internet to confirm that is running up-to-date packages. The network is designed for application servers to use a single NAT gateway for internal access. <br \/>\r<br>Testing reveals that a few of the servers are unable to communicate with the authentication server.<\/div><input type='hidden' name='question_id[]' id='qID_16' value='365464' \/><input type='hidden' id='answerType365464' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365464[]' id='answer-id-1424275' class='answer   answerof-365464 ' value='1424275'   \/><label for='answer-id-1424275' id='answer-label-1424275' class=' answer'><span>The NAT gateway does not support UDP traffic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365464[]' id='answer-id-1424276' class='answer   answerof-365464 ' value='1424276'   \/><label for='answer-id-1424276' id='answer-label-1424276' class=' answer'><span>The authentication server is not accepting traffic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365464[]' id='answer-id-1424277' class='answer   answerof-365464 ' value='1424277'   \/><label for='answer-id-1424277' id='answer-label-1424277' class=' answer'><span>The NAT gateway cannot allocate more ports.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365464[]' id='answer-id-1424278' class='answer   answerof-365464 ' value='1424278'   \/><label for='answer-id-1424278' id='answer-label-1424278' class=' answer'><span>The NAT gateway is launched in a private subnet.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-17' style=';'><div id='questionWrap-17'  class='   watupro-question-id-365465'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>17. <\/span>A company has its production VPC (VPC-A) in the eu-west-1 Region in Account 1. VPC-A is attached to a transit gateway (TGW-A) that is connected to an on-premises data center in Dublin, Ireland, by an AWS Direct Connect transit VIF that is configured for an AWS Direct Connect gateway. The company also has a staging VPC (VPC-B) that is attached to another transit gateway (TGW-B) in the eu-west-2 Region in Account 2. <br \/>\r<br>A network engineer must implement connectivity between VPC-B and the on-premises data center in Dublin. <br \/>\r<br>Which solutions will meet these requirements? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_17' value='365465' \/><input type='hidden' id='answerType365465' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365465[]' id='answer-id-1424279' class='answer   answerof-365465 ' value='1424279'   \/><label for='answer-id-1424279' id='answer-label-1424279' class=' answer'><span>Configure inter-Region VPC peering between VPC-A and VPC-<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365465[]' id='answer-id-1424280' class='answer   answerof-365465 ' value='1424280'   \/><label for='answer-id-1424280' id='answer-label-1424280' class=' answer'><span>Add the required VPC peering routes. Add the VPC-B CIDR block in the allowed prefixes on the Direct Connect gateway association.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365465[]' id='answer-id-1424281' class='answer   answerof-365465 ' value='1424281'   \/><label for='answer-id-1424281' id='answer-label-1424281' class=' answer'><span>Associate TGW-B with the Direct Connect gateway. Advertise the VPC-B CIDR block under the allowed prefixes.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365465[]' id='answer-id-1424282' class='answer   answerof-365465 ' value='1424282'   \/><label for='answer-id-1424282' id='answer-label-1424282' class=' answer'><span>Configure another transit VIF on the Direct Connect connection and associate TGW-<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365465[]' id='answer-id-1424283' class='answer   answerof-365465 ' value='1424283'   \/><label for='answer-id-1424283' id='answer-label-1424283' class=' answer'><span>Advertise the VPC-B CIDR block under the allowed prefixes.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365465[]' id='answer-id-1424284' class='answer   answerof-365465 ' value='1424284'   \/><label for='answer-id-1424284' id='answer-label-1424284' class=' answer'><span>Configure inter-Region transit gateway peering between TGW-A and TGW-<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365465[]' id='answer-id-1424285' class='answer   answerof-365465 ' value='1424285'   \/><label for='answer-id-1424285' id='answer-label-1424285' class=' answer'><span>Add the peering routes in the transit gateway route tables. Add both the VPC-A and the VPC-B CIDR block under the allowed prefix list in the Direct Connect gateway association.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365465[]' id='answer-id-1424286' class='answer   answerof-365465 ' value='1424286'   \/><label for='answer-id-1424286' id='answer-label-1424286' class=' answer'><span>Configure an AWS Site-to-Site VPN connection over the transit VIF to TGW-B as a VPN attachment.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-18' style=';'><div id='questionWrap-18'  class='   watupro-question-id-365466'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>18. <\/span>A company has deployed Amazon EC2 instances in private subnets in a VPC. The EC2 instances must initiate any requests that leave the VPC, including requests to the company's on-premises data center over an AWS Direct Connect connection. No resources outside the VPC can be allowed to open communications directly to the EC2 instances. <br \/>\r<br>The on-premises data center's customer gateway is configured with a stateful firewall device thatfilters for incoming and outgoing requests to and from multiple VPCs. In addition, the company wants to use a single IP match rule to allow all the communications from the EC2 instances to its data center from a single IP address. <br \/>\r<br>Which solution will meet these requirements with the LEAST amount of operational overhead?<\/div><input type='hidden' name='question_id[]' id='qID_18' value='365466' \/><input type='hidden' id='answerType365466' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365466[]' id='answer-id-1424287' class='answer   answerof-365466 ' value='1424287'   \/><label for='answer-id-1424287' id='answer-label-1424287' class=' answer'><span>Create a VPN connection over the Direct Connect connection by using the on-premises firewall. Use the firewall to block all traffic from on premises to AW<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365466[]' id='answer-id-1424288' class='answer   answerof-365466 ' value='1424288'   \/><label for='answer-id-1424288' id='answer-label-1424288' class=' answer'><span>Allow a stateful connection from the EC2 instances to initiate the requests.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365466[]' id='answer-id-1424289' class='answer   answerof-365466 ' value='1424289'   \/><label for='answer-id-1424289' id='answer-label-1424289' class=' answer'><span>Configure the on-premises firewall to filter all requests from the on-premises network to the EC2 instances. Allow a stateful connection if the EC2 instances in the VPC initiate the traffic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365466[]' id='answer-id-1424290' class='answer   answerof-365466 ' value='1424290'   \/><label for='answer-id-1424290' id='answer-label-1424290' class=' answer'><span>Deploy a NAT gateway into a private subnet in the VPC where the EC2 instances are deployed. Specify the NAT gateway type as private. Configure the on-premises firewall to allow connections from the IP address that is assigned to the NAT gateway.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365466[]' id='answer-id-1424291' class='answer   answerof-365466 ' value='1424291'   \/><label for='answer-id-1424291' id='answer-label-1424291' class=' answer'><span>Deploy a NAT instance into a private subnet in the VPC where the EC2 instances are deployed. Configure the on-premises firewall to allow connections from the IP address that is assigned to the NAT instance.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-19' style=';'><div id='questionWrap-19'  class='   watupro-question-id-365467'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>19. <\/span>A Network Engineer is provisioning a subnet for a load balancer that will sit in front of a fleet of application servers in a private subnet. There is limited IP space left in the VPC CIDR. The application has few users now but is expected to grow quickly to millions of users. <br \/>\r<br>What design will use the LEAST amount of IP space, while allowing for this growth?<\/div><input type='hidden' name='question_id[]' id='qID_19' value='365467' \/><input type='hidden' id='answerType365467' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365467[]' id='answer-id-1424292' class='answer   answerof-365467 ' value='1424292'   \/><label for='answer-id-1424292' id='answer-label-1424292' class=' answer'><span>Use two \/29 subnets for an Application Load Balancer in different Availability Zones.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365467[]' id='answer-id-1424293' class='answer   answerof-365467 ' value='1424293'   \/><label for='answer-id-1424293' id='answer-label-1424293' class=' answer'><span>Use one \/29 subnet for the Network Load Balancer. Add another VPC CIDR to the VPC to allow for future growth.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365467[]' id='answer-id-1424294' class='answer   answerof-365467 ' value='1424294'   \/><label for='answer-id-1424294' id='answer-label-1424294' class=' answer'><span>Use two \/28 subnets for a Network Load Balancer in different Availability Zones.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365467[]' id='answer-id-1424295' class='answer   answerof-365467 ' value='1424295'   \/><label for='answer-id-1424295' id='answer-label-1424295' class=' answer'><span>Use one \/28 subnet for an Application Load Balancer. Add another VPC CIDR to the VPC to allow for future growth.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-20' style=';'><div id='questionWrap-20'  class='   watupro-question-id-365468'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>20. <\/span>A company is deploying a non-web application on an AWS load balancer. All targets are servers located on-premises that can be accessed by using AWS Direct Connect. The company wants to ensure that the source IP addresses of clients connecting to the application are passed all the way to the end server. <br \/>\r<br>How can this requirement be achieved?<\/div><input type='hidden' name='question_id[]' id='qID_20' value='365468' \/><input type='hidden' id='answerType365468' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365468[]' id='answer-id-1424296' class='answer   answerof-365468 ' value='1424296'   \/><label for='answer-id-1424296' id='answer-label-1424296' class=' answer'><span>Use a Network Load Balancer to automatically preserve the source IP address.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365468[]' id='answer-id-1424297' class='answer   answerof-365468 ' value='1424297'   \/><label for='answer-id-1424297' id='answer-label-1424297' class=' answer'><span>Use a Network Load Balancer and enable the X-Forwarded-For attribute.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365468[]' id='answer-id-1424298' class='answer   answerof-365468 ' value='1424298'   \/><label for='answer-id-1424298' id='answer-label-1424298' class=' answer'><span>Use a Network Load Balancer and enable the ProxyProtocol v2 attribute.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365468[]' id='answer-id-1424299' class='answer   answerof-365468 ' value='1424299'   \/><label for='answer-id-1424299' id='answer-label-1424299' class=' answer'><span>Use an Application Load Balancer to automatically preserve the source IP address in the X-Forwarded-For header.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-21' style=';'><div id='questionWrap-21'  class='   watupro-question-id-365469'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>21. <\/span>An organization launched an IPv6-only web portal to support IPv6-native mobile clients. Front-end instances launch in an Amazon VPC associated with an appropriate IPv6 CIDR. The VPC IPv4 CIDR is fully utilized. A single subnet exists in each of two Availability Zones with appropriately configured IPv6 CIDR associations. Auto Scaling is properly configured, and no Elastic Load Balancing is used. <br \/>\r<br>Customers say the service is unavailable during peak load times. The network engineer attempts to launch an instance manually and receives the following message: \u201cThere are not enough free addresses in subnet \u2018subnet-12345677\u2019 to satisfy the requested number of instances.\u201d <br \/>\r<br>What action will resolve the availability problem?<\/div><input type='hidden' name='question_id[]' id='qID_21' value='365469' \/><input type='hidden' id='answerType365469' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365469[]' id='answer-id-1424300' class='answer   answerof-365469 ' value='1424300'   \/><label for='answer-id-1424300' id='answer-label-1424300' class=' answer'><span>Create a new subnet using a VPC secondary IPv6 CIDR, and associate an IPv6 CID<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365469[]' id='answer-id-1424301' class='answer   answerof-365469 ' value='1424301'   \/><label for='answer-id-1424301' id='answer-label-1424301' class=' answer'><span>Include the new subnet in the Auto Scaling group.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365469[]' id='answer-id-1424302' class='answer   answerof-365469 ' value='1424302'   \/><label for='answer-id-1424302' id='answer-label-1424302' class=' answer'><span>Create a new subnet using a VPC secondary IPv4 CIDR, and associate an IPv6 CID<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365469[]' id='answer-id-1424303' class='answer   answerof-365469 ' value='1424303'   \/><label for='answer-id-1424303' id='answer-label-1424303' class=' answer'><span>Include the new subnet in the Auto Scaling group.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365469[]' id='answer-id-1424304' class='answer   answerof-365469 ' value='1424304'   \/><label for='answer-id-1424304' id='answer-label-1424304' class=' answer'><span>Resize the IPv6 CIDR on each of the existing subnets. Modify the Auto Scaling group maximum number of instances.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365469[]' id='answer-id-1424305' class='answer   answerof-365469 ' value='1424305'   \/><label for='answer-id-1424305' id='answer-label-1424305' class=' answer'><span>Add a secondary IPv4 CIDR to the Amazon VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365469[]' id='answer-id-1424306' class='answer   answerof-365469 ' value='1424306'   \/><label for='answer-id-1424306' id='answer-label-1424306' class=' answer'><span>Assign secondary IPv4 address space to each of the existing subnets.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-22' style=';'><div id='questionWrap-22'  class='   watupro-question-id-365470'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>22. <\/span>A network engineer must provide additional safeguards to protect encrypted data at Application Load Balancers (ALBs) through the use of a unique random session key. <br \/>\r<br>What should the network engineer do to meet this requirement?<\/div><input type='hidden' name='question_id[]' id='qID_22' value='365470' \/><input type='hidden' id='answerType365470' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365470[]' id='answer-id-1424307' class='answer   answerof-365470 ' value='1424307'   \/><label for='answer-id-1424307' id='answer-label-1424307' class=' answer'><span>Change the ALB security policy to a policy that supports TLS 1.2 protocol only<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365470[]' id='answer-id-1424308' class='answer   answerof-365470 ' value='1424308'   \/><label for='answer-id-1424308' id='answer-label-1424308' class=' answer'><span>Use AWS Key Management Service (AWS KMS) to encrypt session keys<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365470[]' id='answer-id-1424309' class='answer   answerof-365470 ' value='1424309'   \/><label for='answer-id-1424309' id='answer-label-1424309' class=' answer'><span>Associate an AWS WAF web ACL with the ALBs. and create a security rule to enforce forward secrecy (FS)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365470[]' id='answer-id-1424310' class='answer   answerof-365470 ' value='1424310'   \/><label for='answer-id-1424310' id='answer-label-1424310' class=' answer'><span>Change the ALB security policy to a policy that supports forward secrecy (FS)<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-23' style=';'><div id='questionWrap-23'  class='   watupro-question-id-365471'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>23. <\/span>A company is deploying a new application in the AWS Cloud. The company wants a highly available web server that will sit behind an Elastic Load Balancer. The load balancer will route requests to multiple target groups based on the URL in the request. All traffic must use HTTPS. TLS processing must be offloaded to the load balancer. The web server must know the user\u2019s IP address so that the company can keep accurate logs for security purposes. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_23' value='365471' \/><input type='hidden' id='answerType365471' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365471[]' id='answer-id-1424311' class='answer   answerof-365471 ' value='1424311'   \/><label for='answer-id-1424311' id='answer-label-1424311' class=' answer'><span>Deploy an Application Load Balancer with an HTTPS listener. Use path-based routing rules to forward the traffic to the correct target group. Include the X-Forwarded-For request header with traffic to the targets.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365471[]' id='answer-id-1424312' class='answer   answerof-365471 ' value='1424312'   \/><label for='answer-id-1424312' id='answer-label-1424312' class=' answer'><span>Deploy an Application Load Balancer with an HTTPS listener for each domain. Use host-based routing rules to forward the traffic to the correct target group for each domain. Include the X-Forwarded-For request header with traffic to the targets.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365471[]' id='answer-id-1424313' class='answer   answerof-365471 ' value='1424313'   \/><label for='answer-id-1424313' id='answer-label-1424313' class=' answer'><span>Deploy a Network Load Balancer with a TLS listener. Use path-based routing rules to forward the traffic to the correct target group. Configure client IP address preservation for traffic to the targets.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365471[]' id='answer-id-1424314' class='answer   answerof-365471 ' value='1424314'   \/><label for='answer-id-1424314' id='answer-label-1424314' class=' answer'><span>Deploy a Network Load Balancer with a TLS listener for each domain. Use host-based routing rules to forward the traffic to the correct target group for each domain. Configure client IP address preservation for traffic to the targets.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-24' style=';'><div id='questionWrap-24'  class='   watupro-question-id-365472'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>24. <\/span>A company uses a 4 Gbps AWS Direct Connect dedicated connection with a link aggregation group (LAG) bundle to connect to five VPCs that are deployed in the us-east-1 Region. Each VPC serves a different business unit and uses its own private VIF for connectivity to the on-premises environment. Users are reporting slowness when they access resources that are hosted on AWS. <br \/>\r<br>A network engineer finds that there are sudden increases in throughput and that the Direct Connect connection becomes saturated at the same time for about an hour each business day. The company wants to know which business unit is causing the sudden increase in throughput. The network engineer must find out this information and implement a solution to resolve the problem. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_24' value='365472' \/><input type='hidden' id='answerType365472' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365472[]' id='answer-id-1424315' class='answer   answerof-365472 ' value='1424315'   \/><label for='answer-id-1424315' id='answer-label-1424315' class=' answer'><span>Review the Amazon CloudWatch metrics for VirtualInterfaceBpsEgress and VirtualInterfaceBpsIngress to determine which VIF is sending the highest throughput during the period in which slowness is observed. Create a new 10 Gbps dedicated connection. Shift traffic from the existing dedicated connection to the new dedicated connection.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365472[]' id='answer-id-1424316' class='answer   answerof-365472 ' value='1424316'   \/><label for='answer-id-1424316' id='answer-label-1424316' class=' answer'><span>Review the Amazon CloudWatch metrics for VirtualInterfaceBpsEgress and VirtualInterfaceBpsIngress to determine which VIF is sending the highest throughput during the period in which slowness is observed. Upgrade the bandwidth of the existing dedicated connection to 10 Gbps.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365472[]' id='answer-id-1424317' class='answer   answerof-365472 ' value='1424317'   \/><label for='answer-id-1424317' id='answer-label-1424317' class=' answer'><span>Review the Amazon CloudWatch metrics for ConnectionBpsIngress and ConnectionPpsEgress to determine which VIF is sending the highest throughput during the period in which slowness is observed. Upgrade the existing dedicated connection to a 5 Gbps hosted connection.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365472[]' id='answer-id-1424318' class='answer   answerof-365472 ' value='1424318'   \/><label for='answer-id-1424318' id='answer-label-1424318' class=' answer'><span>Review the Amazon CloudWatch metrics for ConnectionBpsIngress and ConnectionPpsEgress to determine which VIF is sending the highest throughput during the period in which slowness is observed. Create a new 10 Gbps dedicated connection. Shift traffic from the existing dedicated connection to the new dedicated connection.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-25' style=';'><div id='questionWrap-25'  class='   watupro-question-id-365473'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>25. <\/span>You deploy an Amazon EC2 instance that runs a web server into a subnet in a VPC. An Internet gateway is attached, and the main route table has a default route (0.0.0.0\/0) configured with a target of the Internet gateway. <br \/>\r<br>The instance has a security group configured to allow as follows: <br \/>\r<br>&#10001; Protocol: TCP <br \/>\r<br>&#10001; Port: 80 inbound, nothing outbound <br \/>\r<br>The Network ACL for the subnet is configured to allow as follows: <br \/>\r<br>&#10001; Protocol: TCP <br \/>\r<br>&#10001; Port: 80 inbound, nothing outbound <br \/>\r<br>When you try to browse to the web server, you receive no response. <br \/>\r<br>Which additional step should you take to receive a successful response?<\/div><input type='hidden' name='question_id[]' id='qID_25' value='365473' \/><input type='hidden' id='answerType365473' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365473[]' id='answer-id-1424319' class='answer   answerof-365473 ' value='1424319'   \/><label for='answer-id-1424319' id='answer-label-1424319' class=' answer'><span>Add an entry to the security group outbound rules for Protocol: TCP, Port Range: 80<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365473[]' id='answer-id-1424320' class='answer   answerof-365473 ' value='1424320'   \/><label for='answer-id-1424320' id='answer-label-1424320' class=' answer'><span>Add an entry to the security group outbound rules for Protocol: TCP, Port Range: 1024-65535<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365473[]' id='answer-id-1424321' class='answer   answerof-365473 ' value='1424321'   \/><label for='answer-id-1424321' id='answer-label-1424321' class=' answer'><span>Add an entry to the Network ACL outbound rules for Protocol: TCP, Port Range: 80<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365473[]' id='answer-id-1424322' class='answer   answerof-365473 ' value='1424322'   \/><label for='answer-id-1424322' id='answer-label-1424322' class=' answer'><span>Add an entry to the Network ACL outbound rules for Protocol: TCP, Port Range: 1024-65535<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-26' style=';'><div id='questionWrap-26'  class='   watupro-question-id-365474'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>26. <\/span>A company's development team has created a new product recommendation web service. The web service is hosted in a VPC with a CIDR block of 192.168.224.0\/19. The company has deployed the web service on Amazon EC2 instances and has configured an Auto Scaling group as the target of a Network Load Balancer (NLB). <br \/>\r<br>The company wants to perform testing to determine whether users who receive product recommendations spend more money than users who do not receive product recommendations. The company has a big sales event in 5 days and needs to integrate its existing production environment with the recommendation engine by then. The existing production environment is hosted in a VPC with a CIDR block of 192.168.128 0\/17. <br \/>\r<br>A network engineer must integrate the systems by designing a solution that results in the least possible disruption to the existing environments. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_26' value='365474' \/><input type='hidden' id='answerType365474' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365474[]' id='answer-id-1424323' class='answer   answerof-365474 ' value='1424323'   \/><label for='answer-id-1424323' id='answer-label-1424323' class=' answer'><span>Create a VPC peering connection between the web service VPC and the existing production VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365474[]' id='answer-id-1424324' class='answer   answerof-365474 ' value='1424324'   \/><label for='answer-id-1424324' id='answer-label-1424324' class=' answer'><span>Add a routing rule to the appropriate route table to allow data to flow to 192.168.224.0\/19 from the existing production environment and to flow to 192.168.128.0\/17 from the web service environment. Configure the relevant security groups and ACLs to allow the systems tocommunicate.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365474[]' id='answer-id-1424325' class='answer   answerof-365474 ' value='1424325'   \/><label for='answer-id-1424325' id='answer-label-1424325' class=' answer'><span>Ask the development team of the web service to redeploy the web service into the production VPC and integrate the systems there.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365474[]' id='answer-id-1424326' class='answer   answerof-365474 ' value='1424326'   \/><label for='answer-id-1424326' id='answer-label-1424326' class=' answer'><span>Create a VPC endpoint service. Associate the VPC endpoint service with the NLB for the web service. Create an interface VPC endpoint for the web service in the existing production VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365474[]' id='answer-id-1424327' class='answer   answerof-365474 ' value='1424327'   \/><label for='answer-id-1424327' id='answer-label-1424327' class=' answer'><span>Create a transit gateway in the existing production environment. Create attachments to the production VPC and the web service VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365474[]' id='answer-id-1424328' class='answer   answerof-365474 ' value='1424328'   \/><label for='answer-id-1424328' id='answer-label-1424328' class=' answer'><span>Configure appropriate routing rules in the transit gateway and VPC route tables for 192.168.224.0\/19 and 192.168.128.0\/17. Configure the relevant security groups and ACLs to allow the systems to communicate.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-27' style=';'><div id='questionWrap-27'  class='   watupro-question-id-365475'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>27. <\/span>A company uses a hybrid architecture and has an AWS Direct Connect connection between its on-premises data center and AWS. The company has production applications that run in the on-premises data center. The company also has production applications that run in a VPC. The applications that run in the on-premises data center need to communicate with the applications that run in the VPC. The company is using corp.example.com as the domain name for the on-premises resources and is using an Amazon Route 53 private hosted zone for aws.example.com to host the VPC resources. <br \/>\r<br>The company is using an open-source recursive DNS resolver in a VPC subnet and is using a DNS resolver in the on-premises data center. The company's on-premises DNS resolver has a forwarder that directs requests for the aws.example.com domain name to the DNS resolver in the VPC. The DNS resolver in the VPC has a forwarder that directs requests for the corp.example.com domain name to the DNS resolver in the on-premises data center. The company has deckled to replace the open-source recursive DNS resolver with Amazon Route 53 Resolver endpoints. <br \/>\r<br>Which combination of steps should a network engineer take to make this replacement? (Choose three.)<\/div><input type='hidden' name='question_id[]' id='qID_27' value='365475' \/><input type='hidden' id='answerType365475' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365475[]' id='answer-id-1424329' class='answer   answerof-365475 ' value='1424329'   \/><label for='answer-id-1424329' id='answer-label-1424329' class=' answer'><span>Create a Route 53 Resolver rule to forward aws.example.com domain queries to the IP addresses of the outbound endpoint.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365475[]' id='answer-id-1424330' class='answer   answerof-365475 ' value='1424330'   \/><label for='answer-id-1424330' id='answer-label-1424330' class=' answer'><span>Configure the on-premises DNS resolver to forward aws.example.com domain queries to the IP addresses of the inbound endpoint.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365475[]' id='answer-id-1424331' class='answer   answerof-365475 ' value='1424331'   \/><label for='answer-id-1424331' id='answer-label-1424331' class=' answer'><span>Create a Route 53 Resolver inbound endpoint and a Route 53 Resolver outbound endpoint.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365475[]' id='answer-id-1424332' class='answer   answerof-365475 ' value='1424332'   \/><label for='answer-id-1424332' id='answer-label-1424332' class=' answer'><span>Create a Route 53 Resolver rule to forward aws.example.com domain queries to the IP addresses of the inbound endpoint.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365475[]' id='answer-id-1424333' class='answer   answerof-365475 ' value='1424333'   \/><label for='answer-id-1424333' id='answer-label-1424333' class=' answer'><span>Create a Route 53 Resolver rule to forward corp.example.com domain queries to the IP address of the on-premises DNS resolver.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365475[]' id='answer-id-1424334' class='answer   answerof-365475 ' value='1424334'   \/><label for='answer-id-1424334' id='answer-label-1424334' class=' answer'><span>Configure the on-premises DNS resolver to forward aws.example.com queries to the IP addresses of the outbound endpoint.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-28' style=';'><div id='questionWrap-28'  class='   watupro-question-id-365476'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>28. <\/span>A network engineer has deployed an Amazon EC2 instance in a private subnet in a VPC. The VPC has no public subnet. The EC2 instance hosts application code that sends messages to an Amazon Simple Queue Service (Amazon SQS) queue. The subnet has the default network ACL with no modification applied. The EC2 instance has the default security group with no modification applied. <br \/>\r<br>The SQS queue is not receiving messages. <br \/>\r<br>Which of the following are possible causes of this problem? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_28' value='365476' \/><input type='hidden' id='answerType365476' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365476[]' id='answer-id-1424335' class='answer   answerof-365476 ' value='1424335'   \/><label for='answer-id-1424335' id='answer-label-1424335' class=' answer'><span>The EC2 instance is not attached to an IAM role that allows write operations to Amazon SQ<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365476[]' id='answer-id-1424336' class='answer   answerof-365476 ' value='1424336'   \/><label for='answer-id-1424336' id='answer-label-1424336' class=' answer'><span>The security group is blocking traffic to the IP address range used by Amazon SQS<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365476[]' id='answer-id-1424337' class='answer   answerof-365476 ' value='1424337'   \/><label for='answer-id-1424337' id='answer-label-1424337' class=' answer'><span>There is no interface VPC endpoint configured for Amazon SQS<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365476[]' id='answer-id-1424338' class='answer   answerof-365476 ' value='1424338'   \/><label for='answer-id-1424338' id='answer-label-1424338' class=' answer'><span>The network ACL is blocking return traffic from Amazon SQS<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365476[]' id='answer-id-1424339' class='answer   answerof-365476 ' value='1424339'   \/><label for='answer-id-1424339' id='answer-label-1424339' class=' answer'><span>There is no route configured in the subnet route table for the IP address range used by Amazon SQS<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-29' style=';'><div id='questionWrap-29'  class='   watupro-question-id-365477'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>29. <\/span>A company has multiple AWS accounts. Each account contains one or more VPCs. A new security guideline requires the inspection of all traffic between VPCs. <br \/>\r<br>The company has deployed a transit gateway that provides connectivity between all VPCs. The company also has deployed a shared services VPC with Amazon EC2 instances that include IDS services for stateful inspection. The EC2 instances are deployed across three Availability Zones. The company has set up VPC associations and routing on the transit gateway. The company has migrated a few test VPCs to the new solution for traffic inspection. <br \/>\r<br>Soon after the configuration of routing, the company receives reports of intermittent connections for traffic that crosses Availability Zones. <br \/>\r<br>What should a network engineer do to resolve this issue?<\/div><input type='hidden' name='question_id[]' id='qID_29' value='365477' \/><input type='hidden' id='answerType365477' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365477[]' id='answer-id-1424340' class='answer   answerof-365477 ' value='1424340'   \/><label for='answer-id-1424340' id='answer-label-1424340' class=' answer'><span>Modify the transit gateway VPC attachment on the shared services VPC by enabling cross-Availability Zone load balancing.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365477[]' id='answer-id-1424341' class='answer   answerof-365477 ' value='1424341'   \/><label for='answer-id-1424341' id='answer-label-1424341' class=' answer'><span>Modify the transit gateway VPC attachment on the shared services VPC by enabling appliance mode support.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365477[]' id='answer-id-1424342' class='answer   answerof-365477 ' value='1424342'   \/><label for='answer-id-1424342' id='answer-label-1424342' class=' answer'><span>Modify the transit gateway by selecting VPN equal-cost multi-path (ECMP) routing support.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365477[]' id='answer-id-1424343' class='answer   answerof-365477 ' value='1424343'   \/><label for='answer-id-1424343' id='answer-label-1424343' class=' answer'><span>Modify the transit gateway by selecting multicast support.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-30' style=';'><div id='questionWrap-30'  class='   watupro-question-id-365478'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>30. <\/span>An international company provides early warning about tsunamis. The company plans to use IoT devices to monitor sea waves around the world. The data that is collected by the IoT devices must reach the company\u2019s infrastructure on AWS as quickly as possible. The company is using three operation centers around the world. Each operation center is connected to AWS through Its own AWS Direct Connect connection. Each operation center is connected to the internet through at least two upstream internet service providers. <br \/>\r<br>The company has its own provider-independent (PI) address space. The IoT devices use TCP protocols for reliable transmission of the data they collect. The IoT devices have both landline and mobile internet connectivity. The infrastructure and the solution will be deployed in multiple AWS Regions. The company will use Amazon Route 53 for DNS services. <br \/>\r<br>A network engineer needs to design connectivity between the IoT devices and the services that run in the AWS Cloud. <br \/>\r<br>Which solution will meet these requirements with the HIGHEST availability?<\/div><input type='hidden' name='question_id[]' id='qID_30' value='365478' \/><input type='hidden' id='answerType365478' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365478[]' id='answer-id-1424344' class='answer   answerof-365478 ' value='1424344'   \/><label for='answer-id-1424344' id='answer-label-1424344' class=' answer'><span>Set up an Amazon CloudFront distribution with origin failover. Create an origin group for each Region where the solution is deployed.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365478[]' id='answer-id-1424345' class='answer   answerof-365478 ' value='1424345'   \/><label for='answer-id-1424345' id='answer-label-1424345' class=' answer'><span>Set up Route 53 latency-based routing. Add latency alias records. For the latency alias records, set the value of Evaluate Target Health to Yes.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365478[]' id='answer-id-1424346' class='answer   answerof-365478 ' value='1424346'   \/><label for='answer-id-1424346' id='answer-label-1424346' class=' answer'><span>Set up an accelerator in AWS Global Accelerator. Configure Regional endpoint groups andhealth checks.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365478[]' id='answer-id-1424347' class='answer   answerof-365478 ' value='1424347'   \/><label for='answer-id-1424347' id='answer-label-1424347' class=' answer'><span>Set up Bring Your Own IP (BYOIP) addresses. Use the same PI addresses for each Region where the solution is deployed.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-31' style=';'><div id='questionWrap-31'  class='   watupro-question-id-365479'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>31. <\/span>A company is using a NAT gateway to allow internet connectivity for private subnets in a VPC in the us-west-2 Region. After a security audit, the company needs to remove the NAT gateway. <br \/>\r<br>In the private subnets, the company has resources that use the unified Amazon CloudWatch agent. A network engineer must create a solution to ensure that the unified CloudWatch agent continues to work after the removal of the NAT gateway. <br \/>\r<br>Which combination of steps should the network engineer take to meet these requirements? (Choose three.)<\/div><input type='hidden' name='question_id[]' id='qID_31' value='365479' \/><input type='hidden' id='answerType365479' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365479[]' id='answer-id-1424348' class='answer   answerof-365479 ' value='1424348'   \/><label for='answer-id-1424348' id='answer-label-1424348' class=' answer'><span>Validate that private DNS is enabled on the VPC by setting the enableDnsHostnames VPC attribute and the enableDnsSupport VPC attribute to true.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365479[]' id='answer-id-1424349' class='answer   answerof-365479 ' value='1424349'   \/><label for='answer-id-1424349' id='answer-label-1424349' class=' answer'><span>Create a new security group with an entry to allow outbound traffic that uses the TCP protocol on port 443 to destination 0.0.0.0\/0<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365479[]' id='answer-id-1424350' class='answer   answerof-365479 ' value='1424350'   \/><label for='answer-id-1424350' id='answer-label-1424350' class=' answer'><span>Create a new security group with entries to allow inbound traffic that uses the TCP protocol on port 443 from the IP prefixes of the private subnets.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365479[]' id='answer-id-1424351' class='answer   answerof-365479 ' value='1424351'   \/><label for='answer-id-1424351' id='answer-label-1424351' class=' answer'><span>Create the following interface VPC endpoints in the VPC: com.amazonaws.us-west-2.logs and com.amazonaws.us-west-2.monitoring. Associate the new security group with the endpoint network interfaces.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365479[]' id='answer-id-1424352' class='answer   answerof-365479 ' value='1424352'   \/><label for='answer-id-1424352' id='answer-label-1424352' class=' answer'><span>Create the following interface VPC endpoint in the VPC: com.amazonaws.us-west-2.cloudwatch. Associate the new security group with the endpoint network interfaces.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365479[]' id='answer-id-1424353' class='answer   answerof-365479 ' value='1424353'   \/><label for='answer-id-1424353' id='answer-label-1424353' class=' answer'><span>Associate the VPC endpoint or endpoints with route tables that the private subnets use.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-32' style=';'><div id='questionWrap-32'  class='   watupro-question-id-365480'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>32. <\/span>Your organization has a newly installed 1-Gbps AWS Direct Connect connection. You order the cross-connect from the Direct Connect location provider to the port on your router in the same facility. To enable the use of your first virtual interface, your router must be configured appropriately. <br \/>\r<br>What are the minimum requirements for your router?<\/div><input type='hidden' name='question_id[]' id='qID_32' value='365480' \/><input type='hidden' id='answerType365480' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365480[]' id='answer-id-1424354' class='answer   answerof-365480 ' value='1424354'   \/><label for='answer-id-1424354' id='answer-label-1424354' class=' answer'><span>1-Gbps Multi Mode Fiber Interface, 802.1Q VLAN, Peer IP Address, BGP Session with MD5.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365480[]' id='answer-id-1424355' class='answer   answerof-365480 ' value='1424355'   \/><label for='answer-id-1424355' id='answer-label-1424355' class=' answer'><span>1-Gbps Single Mode Fiber Interface, 802.1Q VLAN, Peer IP Address, BGP Session with MD5.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365480[]' id='answer-id-1424356' class='answer   answerof-365480 ' value='1424356'   \/><label for='answer-id-1424356' id='answer-label-1424356' class=' answer'><span>IPsec Parameters, Pre-Shared key, Peer IP Address, BGP Session with MD5<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365480[]' id='answer-id-1424357' class='answer   answerof-365480 ' value='1424357'   \/><label for='answer-id-1424357' id='answer-label-1424357' class=' answer'><span>BGP Session with MD5, 802.1Q VLAN, Route-Map, Prefix List, IPsec encrypted GRE Tunnel<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-33' style=';'><div id='questionWrap-33'  class='   watupro-question-id-365481'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>33. <\/span>A company is using Amazon Route 53 Resolver DNS Firewall in a VPC to block all domains except domains that are on an approved list. The company is concerned that if DNS Firewall is unresponsive, resources in the VPC might be affected if the network cannot resolve any DNS queries. To maintain application service level agreements, the company needs DNS queries to continue to resolve even if Route 53 Resolver does not receive a response from DNS Firewall. <br \/>\r<br>Which change should a network engineer implement to meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_33' value='365481' \/><input type='hidden' id='answerType365481' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365481[]' id='answer-id-1424358' class='answer   answerof-365481 ' value='1424358'   \/><label for='answer-id-1424358' id='answer-label-1424358' class=' answer'><span>Update the DNS Firewall VPC configuration to disable fail open for the VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365481[]' id='answer-id-1424359' class='answer   answerof-365481 ' value='1424359'   \/><label for='answer-id-1424359' id='answer-label-1424359' class=' answer'><span>Update the DNS Firewall VPC configuration to enable fail open for the VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365481[]' id='answer-id-1424360' class='answer   answerof-365481 ' value='1424360'   \/><label for='answer-id-1424360' id='answer-label-1424360' class=' answer'><span>Create a new DHCP options set with parameter dns_firewall_fail_open=false. Associate the new DHCP options set with the VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365481[]' id='answer-id-1424361' class='answer   answerof-365481 ' value='1424361'   \/><label for='answer-id-1424361' id='answer-label-1424361' class=' answer'><span>Create a new DHCP options set with parameter dns_firewall_fail_open=true. Associate the new DHCP options set with the VP<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-34' style=';'><div id='questionWrap-34'  class='   watupro-question-id-365482'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>34. <\/span>A company is planning to use Amazon S3 to archive financial data. The data is currently stored in an on-premises data center. The company uses AWS Direct Connect with a Direct Connect gateway and a transit gateway to connect to the on-premises data center. The data cannot be transported over the public internet and must be encrypted in transit. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_34' value='365482' \/><input type='hidden' id='answerType365482' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365482[]' id='answer-id-1424362' class='answer   answerof-365482 ' value='1424362'   \/><label for='answer-id-1424362' id='answer-label-1424362' class=' answer'><span>Create a Direct Connect public VI<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365482[]' id='answer-id-1424363' class='answer   answerof-365482 ' value='1424363'   \/><label for='answer-id-1424363' id='answer-label-1424363' class=' answer'><span>Set up an IPsec VPN connection over the public VIF to access Amazon S3. Use HTTPS for communication.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365482[]' id='answer-id-1424364' class='answer   answerof-365482 ' value='1424364'   \/><label for='answer-id-1424364' id='answer-label-1424364' class=' answer'><span>Create an IPsec VPN connection over the transit VI<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365482[]' id='answer-id-1424365' class='answer   answerof-365482 ' value='1424365'   \/><label for='answer-id-1424365' id='answer-label-1424365' class=' answer'><span>Create a VPC and attach the VPC to the transit gateway. In the VPC, provision an interface VPC endpoint for Amazon S3. Use HTTPS for communication.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365482[]' id='answer-id-1424366' class='answer   answerof-365482 ' value='1424366'   \/><label for='answer-id-1424366' id='answer-label-1424366' class=' answer'><span>Create a VPC and attach the VPC to the transit gateway. In the VPC, provision an interface VPC endpoint for Amazon S3. Use HTTPS for communication.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365482[]' id='answer-id-1424367' class='answer   answerof-365482 ' value='1424367'   \/><label for='answer-id-1424367' id='answer-label-1424367' class=' answer'><span>Create a Direct Connect public VI<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365482[]' id='answer-id-1424368' class='answer   answerof-365482 ' value='1424368'   \/><label for='answer-id-1424368' id='answer-label-1424368' class=' answer'><span>Set up an IPsec VPN connection over the public VIF to the transit gateway. Create an attachment for Amazon S3. Use HTTPS for communication.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-35' style=';'><div id='questionWrap-35'  class='   watupro-question-id-365483'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>35. <\/span>A company has expanded its network to the AWS Cloud by using a hybrid architecture with multiple AWS accounts. The company has set up a shared AWS account for the connection to its on-premises data centers and the company offices. The workloads consist of private web-based services for internal use. These services run in different AWS accounts. Office-based employees consume these services by using a DNS name in an on-premises DNS zone that is named example.internal. <br \/>\r<br>The process to register a new service that runs on AWS requires a manual and complicated change request to the internal DNS. The process involves many teams. <br \/>\r<br>The company wants to update the DNS registration process by giving the service creators access that will allow them to register their DNS records. A network engineer must design a solution that will achieve this goal. The solution must maximize cost-effectiveness and must require the least possible number of configuration changes. <br \/>\r<br>Which combination of steps should the network engineer take to meet these requirements? (Choose three.)<\/div><input type='hidden' name='question_id[]' id='qID_35' value='365483' \/><input type='hidden' id='answerType365483' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365483[]' id='answer-id-1424369' class='answer   answerof-365483 ' value='1424369'   \/><label for='answer-id-1424369' id='answer-label-1424369' class=' answer'><span>Create a record for each service in its local private hosted zone (service<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365483[]' id='answer-id-1424370' class='answer   answerof-365483 ' value='1424370'   \/><label for='answer-id-1424370' id='answer-label-1424370' class=' answer'><span>account1.aws.example.internal). Provide this DNS record to the employees who need access.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365483[]' id='answer-id-1424371' class='answer   answerof-365483 ' value='1424371'   \/><label for='answer-id-1424371' id='answer-label-1424371' class=' answer'><span>Create an Amazon Route 53 Resolver inbound endpoint in the shared account VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365483[]' id='answer-id-1424372' class='answer   answerof-365483 ' value='1424372'   \/><label for='answer-id-1424372' id='answer-label-1424372' class=' answer'><span>Create a conditional forwarder for a domain named aws.example.internal on the on-premises DNS servers. Set the forwarding IP addresses to the inbound endpoint's IP addresses that were created.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365483[]' id='answer-id-1424373' class='answer   answerof-365483 ' value='1424373'   \/><label for='answer-id-1424373' id='answer-label-1424373' class=' answer'><span>Create an Amazon Route 53 Resolver rule to forward any queries made to onprem.example.internal to the on-premises DNS servers.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365483[]' id='answer-id-1424374' class='answer   answerof-365483 ' value='1424374'   \/><label for='answer-id-1424374' id='answer-label-1424374' class=' answer'><span>Create an Amazon Route 53 private hosted zone named aws.example.internal in the shared AWSaccount to resolve queries for this domain.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365483[]' id='answer-id-1424375' class='answer   answerof-365483 ' value='1424375'   \/><label for='answer-id-1424375' id='answer-label-1424375' class=' answer'><span>Launch two Amazon EC2 instances in the shared AWS account. Install BIND on each instance. Create a DNS conditional forwarder on each BIND server to forward queries for each subdomain under aws.example.internal to the appropriate private hosted zone in each AWS account. Create a conditional forwarder for a domain named aws.example.internal on the on-premises DNS servers. Set the forwarding IP addresses to the IP addresses of the BIND servers.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365483[]' id='answer-id-1424376' class='answer   answerof-365483 ' value='1424376'   \/><label for='answer-id-1424376' id='answer-label-1424376' class=' answer'><span>Create a private hosted zone in the shared AWS account for each account that runs the service. Configure the private hosted zone to contain aws.example.internal in the domain (account1.aws.example.internal). Associate the private hosted zone with the VPC that runs the service and the shared account VP<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-36' style=';'><div id='questionWrap-36'  class='   watupro-question-id-365484'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>36. <\/span>An AWS CloudFormation template is being used to create a VPC peering connection between two existing operational VPCs, each belonging to a different AWS account. All necessary components in the \u2018Remote\u2019 (receiving) account are already in place. <br \/>\r<br>The template below creates the VPC peering connection in the Originating account. It contains these components: <br \/>\r<br>AWSTemplateFormation Version: 2010-09-09 <br \/>\r<br>Parameters: <br \/>\r<br>Originating VCId: <br \/>\r<br>Type: String <br \/>\r<br>RemoteVPCId: <br \/>\r<br>Type: String <br \/>\r<br>RemoteVPCAccountId: <br \/>\r<br>Type: String <br \/>\r<br>Resources: <br \/>\r<br>newVPCPeeringConnection: <br \/>\r<br>Type: \u2018AWS::EC2::VPCPeeringConnection\u2019 <br \/>\r<br>Properties: <br \/>\r<br>VpcdId: !Ref OriginatingVPCId <br \/>\r<br>PeerVpcId: !Ref RemoteVPCId <br \/>\r<br>PeerOwnerId: !Ref RemoteVPCAccountId <br \/>\r<br>Which additional AWS CloudFormation components are necessary in the Originating account to create an operational cross-account VPC peering connection with AWS CloudFormation? (Select two.)<\/div><input type='hidden' name='question_id[]' id='qID_36' value='365484' \/><input type='hidden' id='answerType365484' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365484[]' id='answer-id-1424377' class='answer   answerof-365484 ' value='1424377'   \/><label for='answer-id-1424377' id='answer-label-1424377' class=' answer'><span>Resources:NewEC2SecurityGroup:Type: AWS::EC2::SecurityGroup<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365484[]' id='answer-id-1424378' class='answer   answerof-365484 ' value='1424378'   \/><label for='answer-id-1424378' id='answer-label-1424378' class=' answer'><span>Resources:NetworkInterfaceToRemoteVPC:Type: \u201cAWS::EC2NetworkInterface\u201d<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365484[]' id='answer-id-1424379' class='answer   answerof-365484 ' value='1424379'   \/><label for='answer-id-1424379' id='answer-label-1424379' class=' answer'><span>Resources:newEC2Route:Type: AWS::EC2::Route<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365484[]' id='answer-id-1424380' class='answer   answerof-365484 ' value='1424380'   \/><label for='answer-id-1424380' id='answer-label-1424380' class=' answer'><span>Resources:VPCGatewayToRemoteVPC:Type: \u201cAWS::EC2::VPCGatewayAttachment\u201d<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365484[]' id='answer-id-1424381' class='answer   answerof-365484 ' value='1424381'   \/><label for='answer-id-1424381' id='answer-label-1424381' class=' answer'><span>Resources:newVPCPeeringConnection:Type: \u2018AWS::EC2VPCPeeringConnection\u2019PeerRoleArn: !Ref PeerRoleArn<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-37' style=';'><div id='questionWrap-37'  class='   watupro-question-id-365485'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>37. <\/span>A company is hosting an application on Amazon EC2 instances behind a Network Load Balancer (NLB). A solutions architect added EC2 instances in a second Availability Zone to improve the availability of the application. The solutions architect added the instances to the NLB target group. <br \/>\r<br>The company's operations team notices that traffic is being routed only to the instances in the first Availability Zone. <br \/>\r<br>What is the MOST operationally efficient solution to resolve this issue?<\/div><input type='hidden' name='question_id[]' id='qID_37' value='365485' \/><input type='hidden' id='answerType365485' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365485[]' id='answer-id-1424382' class='answer   answerof-365485 ' value='1424382'   \/><label for='answer-id-1424382' id='answer-label-1424382' class=' answer'><span>Enable the new Availability Zone on the NLB<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365485[]' id='answer-id-1424383' class='answer   answerof-365485 ' value='1424383'   \/><label for='answer-id-1424383' id='answer-label-1424383' class=' answer'><span>Create a new NLB for the instances in the second Availability Zone<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365485[]' id='answer-id-1424384' class='answer   answerof-365485 ' value='1424384'   \/><label for='answer-id-1424384' id='answer-label-1424384' class=' answer'><span>Enable proxy protocol on the NLB<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365485[]' id='answer-id-1424385' class='answer   answerof-365485 ' value='1424385'   \/><label for='answer-id-1424385' id='answer-label-1424385' class=' answer'><span>Create a new target group with the instances in both Availability Zones<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-38' style=';'><div id='questionWrap-38'  class='   watupro-question-id-365486'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>38. <\/span>A software-as-a-service (SaaS) provider hosts its solution on Amazon EC2 instances within a VPC in the AWS Cloud. All of the provider's customers also have their environments in the AWS Cloud. <br \/>\r<br>A recent design meeting revealed that the customers have IP address overlap with the provider's AWS deployment. The customers have stated that they will not share their internal IP addresses and that they do not want to connect to the provider's SaaS service over the internet. <br \/>\r<br>Which combination of steps is part of a solution that meets these requirements? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_38' value='365486' \/><input type='hidden' id='answerType365486' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365486[]' id='answer-id-1424386' class='answer   answerof-365486 ' value='1424386'   \/><label for='answer-id-1424386' id='answer-label-1424386' class=' answer'><span>Deploy the SaaS service endpoint behind a Network Load Balancer.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365486[]' id='answer-id-1424387' class='answer   answerof-365486 ' value='1424387'   \/><label for='answer-id-1424387' id='answer-label-1424387' class=' answer'><span>Configure an endpoint service, and grant the customers permission to create a connection to the endpoint service.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365486[]' id='answer-id-1424388' class='answer   answerof-365486 ' value='1424388'   \/><label for='answer-id-1424388' id='answer-label-1424388' class=' answer'><span>Deploy the SaaS service endpoint behind an Application Load Balancer.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365486[]' id='answer-id-1424389' class='answer   answerof-365486 ' value='1424389'   \/><label for='answer-id-1424389' id='answer-label-1424389' class=' answer'><span>Configure a VPC peering connection to the customer VPCs. Route traffic through NAT gateways.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365486[]' id='answer-id-1424390' class='answer   answerof-365486 ' value='1424390'   \/><label for='answer-id-1424390' id='answer-label-1424390' class=' answer'><span>Deploy an AWS Transit Gateway, and connect the SaaS VPC to it. Share the transit gateway with the customers. Configure routing on the transit gateway.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-39' style=';'><div id='questionWrap-39'  class='   watupro-question-id-365487'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>39. <\/span>A network engineer must develop an AWS CloudFormation template that can create a virtual private gateway, a customer gateway, a VPN connection, and static routes in a route table. During testing of the template, the network engineer notes that the CloudFormation template has encountered an error and is rolling back. <br \/>\r<br>What should the network engineer do to resolve the error?<\/div><input type='hidden' name='question_id[]' id='qID_39' value='365487' \/><input type='hidden' id='answerType365487' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365487[]' id='answer-id-1424391' class='answer   answerof-365487 ' value='1424391'   \/><label for='answer-id-1424391' id='answer-label-1424391' class=' answer'><span>Change the order of resource creation in the CloudFormation template.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365487[]' id='answer-id-1424392' class='answer   answerof-365487 ' value='1424392'   \/><label for='answer-id-1424392' id='answer-label-1424392' class=' answer'><span>Add the DependsOn attribute to the resource declaration for the virtual private gateway. Specify the route table entry resource.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365487[]' id='answer-id-1424393' class='answer   answerof-365487 ' value='1424393'   \/><label for='answer-id-1424393' id='answer-label-1424393' class=' answer'><span>Add a wait condition in the template to wait for the creation of the virtual private gateway.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365487[]' id='answer-id-1424394' class='answer   answerof-365487 ' value='1424394'   \/><label for='answer-id-1424394' id='answer-label-1424394' class=' answer'><span>Add the DependsOn attribute to the resource declaration for the route table entry. Specify the virtual private gateway resource.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-40' style=';'><div id='questionWrap-40'  class='   watupro-question-id-365488'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>40. <\/span>A company has deployed an application in a VPC that uses a NAT gateway for outbound traffic to the internet. A network engineer notices a large quantity of suspicious network traffic that is traveling from the VPC over the internet to IP addresses that are included on a deny list. The network engineer must implement a solution to determine which AWS resources are generating the suspicious traffic. The solution must minimize cost and administrative overhead. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_40' value='365488' \/><input type='hidden' id='answerType365488' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365488[]' id='answer-id-1424395' class='answer   answerof-365488 ' value='1424395'   \/><label for='answer-id-1424395' id='answer-label-1424395' class=' answer'><span>Launch an Amazon EC2 instance in the VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365488[]' id='answer-id-1424396' class='answer   answerof-365488 ' value='1424396'   \/><label for='answer-id-1424396' id='answer-label-1424396' class=' answer'><span>Use Traffic Mirroring by specifying the NAT gateway as the source and the EC2 instance as the destination. Analyze the captured traffic by using open-source tools to identify the AWS resources that are generating the suspicious traffic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365488[]' id='answer-id-1424397' class='answer   answerof-365488 ' value='1424397'   \/><label for='answer-id-1424397' id='answer-label-1424397' class=' answer'><span>Use VPC flow logs. Launch a security information and event management (SIEM) solution in the VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365488[]' id='answer-id-1424398' class='answer   answerof-365488 ' value='1424398'   \/><label for='answer-id-1424398' id='answer-label-1424398' class=' answer'><span>Configure the SIEM solution to ingest the VPC flow logs. Run queries on the SIEM solution to identify the AWS resources that are generating the suspicious traffic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365488[]' id='answer-id-1424399' class='answer   answerof-365488 ' value='1424399'   \/><label for='answer-id-1424399' id='answer-label-1424399' class=' answer'><span>Use VPC flow logs. Publish the flow logs to a log group in Amazon CloudWatch Logs. Use CloudWatch Logs Insights to query the flow logs to identify the AWS resources that are generating the suspicious traffic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365488[]' id='answer-id-1424400' class='answer   answerof-365488 ' value='1424400'   \/><label for='answer-id-1424400' id='answer-label-1424400' class=' answer'><span>Configure the VPC to stream the network traffic directly to an Amazon Kinesis data stream. Send the data from the Kinesis data stream to an Amazon Kinesis Data Firehose delivery stream to store the data in Amazon S3. Use Amazon Athena to query the data to identify the AWS resources that are generating the suspicious traffic.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-41' style=';'><div id='questionWrap-41'  class='   watupro-question-id-365489'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>41. <\/span>A banking company is successfully operating its public mobile banking stack on AWS. The mobile banking stack is deployed in a VPC that includes private subnets and public subnets. The company is using IPv4 networking and has not deployed or supported IPv6 in the environment. The company has decided to adopt a third-party service provider's API and must integrate the API with the existing environment. The service provider\u2019s API requires the use of IPv6. <br \/>\r<br>A network engineer must turn on IPv6 connectivity for the existing workload that is deployed in a private subnet. The company does not want to permit IPv6 traffic from the public internet and mandates that the company's servers must initiate all IPv6 connectivity. The network engineer turns on IPv6 in the VPC and in the private subnets. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_41' value='365489' \/><input type='hidden' id='answerType365489' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365489[]' id='answer-id-1424401' class='answer   answerof-365489 ' value='1424401'   \/><label for='answer-id-1424401' id='answer-label-1424401' class=' answer'><span>Create an internet gateway and a NAT gateway in the VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365489[]' id='answer-id-1424402' class='answer   answerof-365489 ' value='1424402'   \/><label for='answer-id-1424402' id='answer-label-1424402' class=' answer'><span>Add a route to the existing subnet route tables to point IPv6 traffic to the NAT gateway.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365489[]' id='answer-id-1424403' class='answer   answerof-365489 ' value='1424403'   \/><label for='answer-id-1424403' id='answer-label-1424403' class=' answer'><span>Create an internet gateway and a NAT instance in the VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365489[]' id='answer-id-1424404' class='answer   answerof-365489 ' value='1424404'   \/><label for='answer-id-1424404' id='answer-label-1424404' class=' answer'><span>Add a route to the existing subnet route tables to point IPv6 traffic to the NAT instance.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365489[]' id='answer-id-1424405' class='answer   answerof-365489 ' value='1424405'   \/><label for='answer-id-1424405' id='answer-label-1424405' class=' answer'><span>Create an egress-only Internet gateway in the VPAdd a route to the existing subnet route tables topoint IPv6 traffic to the egress-only internet gateway.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365489[]' id='answer-id-1424406' class='answer   answerof-365489 ' value='1424406'   \/><label for='answer-id-1424406' id='answer-label-1424406' class=' answer'><span>Create an egress-only internet gateway in the VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365489[]' id='answer-id-1424407' class='answer   answerof-365489 ' value='1424407'   \/><label for='answer-id-1424407' id='answer-label-1424407' class=' answer'><span>Configure a security group that denies all inbound traffic. Associate the security group with the egress-only internet gateway.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-42' style=';'><div id='questionWrap-42'  class='   watupro-question-id-365490'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>42. <\/span>A network engineer needs to update a company's hybrid network to support IPv6 for the upcoming release of a new application. The application is hosted in a VPC in the AWS Cloud. The company's current AWS infrastructure includes VPCs that are connected by a transit gateway. The transit gateway is connected to the on-premises network by AWS Direct Connect and AWS Site-to-Site VPN. The company's on-premises devices have been updated to support the new IPv6 requirements. <br \/>\r<br>The company has enabled IPv6 for the existing VPC by assigning a new IPv6 CIDR block to the VPC and by assigning IPv6 to the subnets for dual-stack support. The company has launched new Amazon EC2 instances for the new application in the updated subnets. <br \/>\r<br>When updating the hybrid network to support IPv6 the network engineer must avoid making any changes to the current infrastructure. The network engineer also must block direct <br \/>\r<br>access to the instances' new IPv6 addresses from the internet. However, the network engineer must allow outbound internet access from the instances. <br \/>\r<br>What is the MOST operationally efficient solution that meets these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_42' value='365490' \/><input type='hidden' id='answerType365490' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365490[]' id='answer-id-1424408' class='answer   answerof-365490 ' value='1424408'   \/><label for='answer-id-1424408' id='answer-label-1424408' class=' answer'><span>Update the Direct Connect transit VIF and configure BGP peering with the AWS assigned IPv6 peering address. Create a new VPN connection that supports IPv6 connectivity. Add an egress-only internet gateway. Update any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365490[]' id='answer-id-1424409' class='answer   answerof-365490 ' value='1424409'   \/><label for='answer-id-1424409' id='answer-label-1424409' class=' answer'><span>Update the Direct Connect transit VIF and configure BGP peering with the AWS assigned IPv6 peering address. Update the existing VPN connection to support IPv6 connectivity. Add an egress-only internet gateway. Update any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365490[]' id='answer-id-1424410' class='answer   answerof-365490 ' value='1424410'   \/><label for='answer-id-1424410' id='answer-label-1424410' class=' answer'><span>Create a Direct Connect transit VIF and configure BGP peering with the AWS assigned IPv6 peering address. Create a new VPN connection that supports IPv6 connectivity. Add an egress-only internet gateway. Update any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365490[]' id='answer-id-1424411' class='answer   answerof-365490 ' value='1424411'   \/><label for='answer-id-1424411' id='answer-label-1424411' class=' answer'><span>Create a Direct Connect transit VIF and configure BGP peering with the AWS assigned IPv6 peering address. Create a new VPN connection that supports IPv6 connectivity. Add a NAT gateway. Update any affected VPC security groups and route tables to provide connectivity within the VPC and between the VPC and the on-premises devices.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-43' style=';'><div id='questionWrap-43'  class='   watupro-question-id-365491'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>43. <\/span>Your company runs an application for the US market in the us-east-1 AWS region. This application uses proprietary TCP and UDP protocols on Amazon Elastic Compute Cloud (EC2) instances. End users run a real-time, front-end application on their local PCs. This front-end application knows the DNS hostname of the service. <br \/>\r<br>You must prepare the system for global expansion. The end users must access the application with lowest latency. <br \/>\r<br>How should you use AWS services to meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_43' value='365491' \/><input type='hidden' id='answerType365491' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365491[]' id='answer-id-1424412' class='answer   answerof-365491 ' value='1424412'   \/><label for='answer-id-1424412' id='answer-label-1424412' class=' answer'><span>Register the IP addresses of the service hosts as \u201cA\u201d records with latency-based routing policy in Amazon Route 53, and set a Route 53 health check for these hosts.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365491[]' id='answer-id-1424413' class='answer   answerof-365491 ' value='1424413'   \/><label for='answer-id-1424413' id='answer-label-1424413' class=' answer'><span>Set the Elastic Load Balancing (ELB) load balancer in front of the hosts of the service, and register the ELB name of the main service host as an ALIAS record with a latency-based routing policy in Route 53.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365491[]' id='answer-id-1424414' class='answer   answerof-365491 ' value='1424414'   \/><label for='answer-id-1424414' id='answer-label-1424414' class=' answer'><span>Set Amazon CloudFront in front of the host of the service, and register the CloudFront name of the main service as an ALIAS record in Route 53.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365491[]' id='answer-id-1424415' class='answer   answerof-365491 ' value='1424415'   \/><label for='answer-id-1424415' id='answer-label-1424415' class=' answer'><span>Set the Amazon API gateway in front of the service, and register the API gateway name of the main service as an ALIAS record in Route 53.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-44' style=';'><div id='questionWrap-44'  class='   watupro-question-id-365492'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>44. <\/span>A company is planning to create a service that requires encryption in transit. The traffic must not be decrypted between the client and the backend of the service. The company will implement the service by using the gRPC protocol over TCP port 443. The service will scale up to thousands of simultaneous connections. The backend of the service will be hosted on an Amazon Elastic Kubernetes Service (Amazon EKS) duster with the Kubernetes Cluster Autoscaler and the Horizontal Pod Autoscaler configured. The company needs to use mutual TLS for two-way authentication between the client and the backend. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_44' value='365492' \/><input type='hidden' id='answerType365492' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365492[]' id='answer-id-1424416' class='answer   answerof-365492 ' value='1424416'   \/><label for='answer-id-1424416' id='answer-label-1424416' class=' answer'><span>Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure a Network Load Balancer with a TCP listener on port 443 to forward traffic to the IP addresses of the backend service Pods.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365492[]' id='answer-id-1424417' class='answer   answerof-365492 ' value='1424417'   \/><label for='answer-id-1424417' id='answer-label-1424417' class=' answer'><span>Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure an Application Load Balancer with an HTTPS listener on port 443 to forward traffic to the IP addresses of the backend service Pods.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365492[]' id='answer-id-1424418' class='answer   answerof-365492 ' value='1424418'   \/><label for='answer-id-1424418' id='answer-label-1424418' class=' answer'><span>Create a target group. Add the EKS managed node group's Auto Scaling group as a target Create an Application Load Balancer with an HTTPS listener on port 443 to forward traffic to the target group.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365492[]' id='answer-id-1424419' class='answer   answerof-365492 ' value='1424419'   \/><label for='answer-id-1424419' id='answer-label-1424419' class=' answer'><span>Create a target group. Add the EKS managed node group\u2019s Auto Scaling group as a target. Create a Network Load Balancer with a TLS listener on port 443 to forward traffic to the target group.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-45' style=';'><div id='questionWrap-45'  class='   watupro-question-id-365493'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>45. <\/span>A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The ALB is the origin in an Amazon CloudFront distribution. The company wants to implement a custom authentication system that will provide a token for its authenticated customers. <br \/>\r<br>The web application must ensure that the GET\/POST requests come from authenticated customers before it delivers the content. A network engineer must design a solution that gives the web application the ability to identify authorized customers. <br \/>\r<br>What is the MOST operationally efficient solution that meets these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_45' value='365493' \/><input type='hidden' id='answerType365493' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365493[]' id='answer-id-1424420' class='answer   answerof-365493 ' value='1424420'   \/><label for='answer-id-1424420' id='answer-label-1424420' class=' answer'><span>Use the ALB to inspect the authorized token inside the GET\/POST request payload. Use an AWS Lambda function to insert a customized header to inform the web application of an authenticated customer request.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365493[]' id='answer-id-1424421' class='answer   answerof-365493 ' value='1424421'   \/><label for='answer-id-1424421' id='answer-label-1424421' class=' answer'><span>Integrate AWS WAF with the ALB to inspect the authorized token inside the GET\/POST request payload. Configure the ALB listener to insert a customized header to inform the web application of an authenticated customer request.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365493[]' id='answer-id-1424422' class='answer   answerof-365493 ' value='1424422'   \/><label for='answer-id-1424422' id='answer-label-1424422' class=' answer'><span>Use an AWS Lambda@Edge function to inspect the authorized token inside the GET\/POST request payload. Use the Lambda@Edge function also to insert a customized header to inform the web application of an authenticated customer request.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365493[]' id='answer-id-1424423' class='answer   answerof-365493 ' value='1424423'   \/><label for='answer-id-1424423' id='answer-label-1424423' class=' answer'><span>Set up an EC2 instance that has a third-party packet inspection tool to inspect the authorized token inside the GET\/POST request payload. Configure the tool to insert a customized header to inform the web application of an authenticated customer request.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-46' style=';'><div id='questionWrap-46'  class='   watupro-question-id-365494'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>46. <\/span>A software company offers a software-as-a-service (SaaS) accounting application that is hosted in the AWS Cloud The application requires connectivity to the company's on-premises network. The company has two redundant 10 GB AWS Direct Connect connections between AWS and its on-premises network to accommodate the growing demand for the application. <br \/>\r<br>The company already has encryption between its on-premises network and the colocation. The company needs to encrypt traffic between AWS and the edge routers in the colocation within the next few months. The company must maintain its current bandwidth. <br \/>\r<br>What should a network engineer do to meet these requirements with the LEAST operational overhead?<\/div><input type='hidden' name='question_id[]' id='qID_46' value='365494' \/><input type='hidden' id='answerType365494' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365494[]' id='answer-id-1424424' class='answer   answerof-365494 ' value='1424424'   \/><label for='answer-id-1424424' id='answer-label-1424424' class=' answer'><span>Deploy a new public VIF with encryption on the existing Direct Connect connections. Reroute traffic through the new public VI<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365494[]' id='answer-id-1424425' class='answer   answerof-365494 ' value='1424425'   \/><label for='answer-id-1424425' id='answer-label-1424425' class=' answer'><span>Create a virtual private gateway Deploy new AWS Site-to-Site VPN connections from on premises to the virtual private gateway Reroute traffic from the Direct Connect private VIF to the new VPNs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365494[]' id='answer-id-1424426' class='answer   answerof-365494 ' value='1424426'   \/><label for='answer-id-1424426' id='answer-label-1424426' class=' answer'><span>Deploy a new pair of 10 GB Direct Connect connections with MACsec. Configure MACsec on the edge routers. Reroute traffic to the new Direct Connect connections. Decommission the original Direct Connect connections<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365494[]' id='answer-id-1424427' class='answer   answerof-365494 ' value='1424427'   \/><label for='answer-id-1424427' id='answer-label-1424427' class=' answer'><span>Deploy a new pair of 10 GB Direct Connect connections with MACsec. Deploy a new public VIF on the new Direct Connect connections. Deploy two AWS Site-to-Site VPN connections on top of the new public VI<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365494[]' id='answer-id-1424428' class='answer   answerof-365494 ' value='1424428'   \/><label for='answer-id-1424428' id='answer-label-1424428' class=' answer'><span>Reroute traffic from the existing private VIF to the new Site-to-Site connections. Decommission the original Direct Connect connections.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-47' style=';'><div id='questionWrap-47'  class='   watupro-question-id-365495'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>47. <\/span>A network engineer is designing a hybrid architecture that uses a 1 Gbps AWS Direct Connect connection between the company's data center and two AWS Regions: us-east-1 and eu-west-1. The VPCs in us-east-1 are connected by a transit gateway and need to access several on-premises databases. According to company policy, only one VPC in eu-west-1 can be connected to one on-premises server. The on-premises network segments the traffic between the databases and the server. <br \/>\r<br>How should the network engineer set up the Direct Connect connection to meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_47' value='365495' \/><input type='hidden' id='answerType365495' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365495[]' id='answer-id-1424429' class='answer   answerof-365495 ' value='1424429'   \/><label for='answer-id-1424429' id='answer-label-1424429' class=' answer'><span>Create one hosted connection. Use a transit VIF to connect to the transit gateway in us-east-1. Use a private VIF to connect to the VPC in eu-west-1. Use one Direct. Connect gateway for both VIFs to route from the Direct Connect locations to the corresponding AWS Region along the path that has the lowest latency.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365495[]' id='answer-id-1424430' class='answer   answerof-365495 ' value='1424430'   \/><label for='answer-id-1424430' id='answer-label-1424430' class=' answer'><span>Create one hosted connection. Use a transit VIF to connect to the transit gateway in us-east-1. Use a private VIF to connect to the VPC in eu-west-1. Use two Direct Connect gateways, one for each VIF, to route from the Direct Connect locations to the corresponding AWS Region along the path that has the lowest latency.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365495[]' id='answer-id-1424431' class='answer   answerof-365495 ' value='1424431'   \/><label for='answer-id-1424431' id='answer-label-1424431' class=' answer'><span>Create one dedicated connection. Use a transit VIF to connect to the transit gateway in us-east-1. Use a private VIF to connect to the VPC in eu-west-1. Use one Direct Connect gateway for both VIFs to route from the Direct Connect locations to the corresponding AWS Region along the path that has the lowest latency.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365495[]' id='answer-id-1424432' class='answer   answerof-365495 ' value='1424432'   \/><label for='answer-id-1424432' id='answer-label-1424432' class=' answer'><span>Create one dedicated connection. Use a transit VIF to connect to the transit gateway in us-east-1. Use a private VIF to connect to the VPC in eu-west-1. Use two Direct Connect gateways, one for each VIF, to route from the Direct Connect locations to the corresponding AWS Region along the path that has the lowest latency.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-48' style=';'><div id='questionWrap-48'  class='   watupro-question-id-365496'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>48. <\/span>A company has deployed an AWS Network Firewall firewall into a VPC. A network engineer needs to implement a solution to deliver Network Firewall flow logs to the company\u2019s Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster in the shortest possible time. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_48' value='365496' \/><input type='hidden' id='answerType365496' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365496[]' id='answer-id-1424433' class='answer   answerof-365496 ' value='1424433'   \/><label for='answer-id-1424433' id='answer-label-1424433' class=' answer'><span>Create an Amazon S3 bucket. Create an AWS Lambda function to load logs into the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster. Enable Amazon Simple Notification Service (Amazon SNS) notifications on the S3 bucket to invoke the Lambda function. Configure flow logs for the firewall. Set the S3 bucket as the destination.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365496[]' id='answer-id-1424434' class='answer   answerof-365496 ' value='1424434'   \/><label for='answer-id-1424434' id='answer-label-1424434' class=' answer'><span>Create an Amazon Kinesis Data Firehose delivery stream that includes the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster as the destination. Configure flow logs for the firewall Set the Kinesis Data Firehose delivery stream as the destination for the Network Firewall flow logs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365496[]' id='answer-id-1424435' class='answer   answerof-365496 ' value='1424435'   \/><label for='answer-id-1424435' id='answer-label-1424435' class=' answer'><span>Configure flow logs for the firewall. Set the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster as the destination for the Network Firewall flow logs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365496[]' id='answer-id-1424436' class='answer   answerof-365496 ' value='1424436'   \/><label for='answer-id-1424436' id='answer-label-1424436' class=' answer'><span>Create an Amazon Kinesis data stream that includes the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster as the destination. Configure flow logs for the firewall. Set the Kinesis data stream as the destination for the Network Firewall flow logs.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-49' style=';'><div id='questionWrap-49'  class='   watupro-question-id-365497'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>49. <\/span>A retail company is running its service on AWS. The company\u2019s architecture includes Application Load Balancers (ALBs) in public subnets. The ALB target groups are configured to send traffic to backend Amazon EC2 instances in private subnets. These backend EC2 instances can call externally hosted services over the internet by using a NAT gateway. <br \/>\r<br>The company has noticed in its billing that NAT gateway usage has increased significantly. <br \/>\r<br>A network engineer needs to find out the source of this increased usage. <br \/>\r<br>Which options can the network engineer use to investigate the traffic through the NAT gateway? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_49' value='365497' \/><input type='hidden' id='answerType365497' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365497[]' id='answer-id-1424437' class='answer   answerof-365497 ' value='1424437'   \/><label for='answer-id-1424437' id='answer-label-1424437' class=' answer'><span>Enable VPC flow logs on the NAT gateway's elastic network interface. Publish the logs to a log group in Amazon CloudWatch Logs. Use CloudWatch Logs Insights to query and analyze the logs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365497[]' id='answer-id-1424438' class='answer   answerof-365497 ' value='1424438'   \/><label for='answer-id-1424438' id='answer-label-1424438' class=' answer'><span>Enable NAT gateway access logs. Publish the logs to a log group in Amazon CloudWatch Logs. Use CloudWatch Logs Insights to query and analyze the logs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365497[]' id='answer-id-1424439' class='answer   answerof-365497 ' value='1424439'   \/><label for='answer-id-1424439' id='answer-label-1424439' class=' answer'><span>Configure Traffic Mirroring on the NAT gateway's elastic network interface. Send the traffic to an additional EC2 instance. Use tools such as tcpdump and Wireshark to query and analyze the mirrored traffic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365497[]' id='answer-id-1424440' class='answer   answerof-365497 ' value='1424440'   \/><label for='answer-id-1424440' id='answer-label-1424440' class=' answer'><span>Enable VPC flow logs on the NAT gateway's elastic network interface. Publish the logs to an Amazon S3 bucket. Create a custom table for the S3 bucket in Amazon Athena to describe the log structure. Use Athena to query and analyze the logs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365497[]' id='answer-id-1424441' class='answer   answerof-365497 ' value='1424441'   \/><label for='answer-id-1424441' id='answer-label-1424441' class=' answer'><span>Enable NAT gateway access logs. Publish the logs to an Amazon S3 bucket. Create a custom table for the S3 bucket in Amazon Athena to describe the log structure. Use Athena to query and analyze the logs.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-50' style=';'><div id='questionWrap-50'  class='   watupro-question-id-365498'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>50. <\/span>A company deploys a new web application on Amazon EC2 instances. The application runs in private subnets in three Availability Zones behind an Application Load Balancer (ALB). Security auditors require encryption of all connections. The company uses Amazon Route 53 for DNS and uses AWS Certificate Manager (ACM) to automate SSL\/TLS certificate provisioning. SSL\/TLS connections are terminated on the ALB. <br \/>\r<br>The company tests the application with a single EC2 instance and does not observe any problems. However, after production deployment, users report that they can log in but that they cannot use the application. Every new web request restarts the login process. <br \/>\r<br>What should a network engineer do to resolve this issue?<\/div><input type='hidden' name='question_id[]' id='qID_50' value='365498' \/><input type='hidden' id='answerType365498' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365498[]' id='answer-id-1424442' class='answer   answerof-365498 ' value='1424442'   \/><label for='answer-id-1424442' id='answer-label-1424442' class=' answer'><span>Modify the ALB listener configuration. Edit the rule that forwards traffic to the target group. Change the rule to enable group-level stickiness. Set the duration to the maximum application session length.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365498[]' id='answer-id-1424443' class='answer   answerof-365498 ' value='1424443'   \/><label for='answer-id-1424443' id='answer-label-1424443' class=' answer'><span>Replace the ALB with a Network Load Balancer. Create a TLS listener. Create a new target group with the protocol type set to TLS Register the EC2 instances. Modify the target group configuration by enabling the stickiness attribute.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365498[]' id='answer-id-1424444' class='answer   answerof-365498 ' value='1424444'   \/><label for='answer-id-1424444' id='answer-label-1424444' class=' answer'><span>Modify the ALB target group configuration by enabling the stickiness attribute. Use an application-based cookie. Set the duration to the maximum application session length.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365498[]' id='answer-id-1424445' class='answer   answerof-365498 ' value='1424445'   \/><label for='answer-id-1424445' id='answer-label-1424445' class=' answer'><span>Remove the AL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365498[]' id='answer-id-1424446' class='answer   answerof-365498 ' value='1424446'   \/><label for='answer-id-1424446' id='answer-label-1424446' class=' answer'><span>Create an Amazon Route 53 rule with a failover routing policy for the application name. Configure ACM to issue certificates for each EC2 instance.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-51' style=';'><div id='questionWrap-51'  class='   watupro-question-id-365499'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>51. <\/span>A company is running multiple workloads on Amazon EC2 instances in public subnets. In a recent incident, an attacker exploited an application vulnerability on one of the EC2 instances to gain access to the instance. The company fixed the application and launched a replacement EC2 instance that contains the updated application. <br \/>\r<br>The attacker used the compromised application to spread malware over the internet. The company became aware of the compromise through a notification from AWS. The company needs the ability to identify when an application that is deployed on an EC2 instance is spreading malware. <br \/>\r<br>Which solution will meet this requirement with the LEAST operational effort?<\/div><input type='hidden' name='question_id[]' id='qID_51' value='365499' \/><input type='hidden' id='answerType365499' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365499[]' id='answer-id-1424447' class='answer   answerof-365499 ' value='1424447'   \/><label for='answer-id-1424447' id='answer-label-1424447' class=' answer'><span>Use Amazon GuardDuty to analyze traffic patterns by inspecting DNS requests and VPC flow logs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365499[]' id='answer-id-1424448' class='answer   answerof-365499 ' value='1424448'   \/><label for='answer-id-1424448' id='answer-label-1424448' class=' answer'><span>Use Amazon GuardDuty to deploy AWS managed decoy systems that are equipped with the most recent malware signatures.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365499[]' id='answer-id-1424449' class='answer   answerof-365499 ' value='1424449'   \/><label for='answer-id-1424449' id='answer-label-1424449' class=' answer'><span>Set up a Gateway Load Balancer. Run an intrusion detection system (IDS) appliance from AWS Marketplace on Amazon EC2 for traffic inspection.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365499[]' id='answer-id-1424450' class='answer   answerof-365499 ' value='1424450'   \/><label for='answer-id-1424450' id='answer-label-1424450' class=' answer'><span>Configure Amazon Inspector to perform deep packet inspection of outgoing traffic.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-52' style=';'><div id='questionWrap-52'  class='   watupro-question-id-365500'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>52. <\/span>A customer has set up multiple VPCs for Dev, Test, Prod, and Management. You need to set up AWS Direct Connect to enable data flow from on-premises to each VPC. The customer has monitoring software running in the Management VPC that collects metrics from the instances in all the other VPCs. Due to budget requirements, data transfer charges should be kept at minimum. <br \/>\r<br>Which design should be recommended?<\/div><input type='hidden' name='question_id[]' id='qID_52' value='365500' \/><input type='hidden' id='answerType365500' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365500[]' id='answer-id-1424451' class='answer   answerof-365500 ' value='1424451'   \/><label for='answer-id-1424451' id='answer-label-1424451' class=' answer'><span>Create a total of four private VIFs, one for each VPC owned by the customer, and route traffic between VPCs using the Direct Connect link.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365500[]' id='answer-id-1424452' class='answer   answerof-365500 ' value='1424452'   \/><label for='answer-id-1424452' id='answer-label-1424452' class=' answer'><span>Create a private VIF to the Management VPC, and peer this VPC to all other VPCs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365500[]' id='answer-id-1424453' class='answer   answerof-365500 ' value='1424453'   \/><label for='answer-id-1424453' id='answer-label-1424453' class=' answer'><span>Create a private VIF to the Management VPC, and peer this VPC to all other VPCs, enable source\/destination NAT in the Management VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365500[]' id='answer-id-1424454' class='answer   answerof-365500 ' value='1424454'   \/><label for='answer-id-1424454' id='answer-label-1424454' class=' answer'><span>Create a total of four private VIFs, and enable VPC peering between all VPCs.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-53' style=';'><div id='questionWrap-53'  class='   watupro-question-id-365501'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>53. <\/span>A company has developed an application on AWS that will track inventory levels of vending machines and initiate the restocking process automatically. The company plans to integrate this application with vending machines and deploy the vending machines in several markets around the world. The application resides in a VPC in the us-east-1 Region. The application consists of an Amazon Elastic Container Service (Amazon ECS) cluster behind an Application Load Balancer (ALB). The communication from the vending machines to the application happens over HTTPS. <br \/>\r<br>The company is planning to use an AWS Global Accelerator accelerator and configure static IP addresses of the accelerator in the vending machines for application endpoint access. The application must be accessible only through the accelerator and not through a direct connection over the internet to the ALB endpoint. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_53' value='365501' \/><input type='hidden' id='answerType365501' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365501[]' id='answer-id-1424455' class='answer   answerof-365501 ' value='1424455'   \/><label for='answer-id-1424455' id='answer-label-1424455' class=' answer'><span>Configure the ALB in a private subnet of the VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365501[]' id='answer-id-1424456' class='answer   answerof-365501 ' value='1424456'   \/><label for='answer-id-1424456' id='answer-label-1424456' class=' answer'><span>Attach an internet gateway without adding routes in the subnet route tables to point to the internet gateway. Configure the accelerator with endpoint groups that include the ALB endpoint. Configure the ALB\u2019s security group to only allow inbound traffic from the internet on the ALB listener port.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365501[]' id='answer-id-1424457' class='answer   answerof-365501 ' value='1424457'   \/><label for='answer-id-1424457' id='answer-label-1424457' class=' answer'><span>Configure the ALB in a private subnet of the VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365501[]' id='answer-id-1424458' class='answer   answerof-365501 ' value='1424458'   \/><label for='answer-id-1424458' id='answer-label-1424458' class=' answer'><span>Configure the accelerator with endpoint groups that include the ALB endpoint. Configure the ALB's security group to only allow inbound traffic from the internet on the ALB listener port.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365501[]' id='answer-id-1424459' class='answer   answerof-365501 ' value='1424459'   \/><label for='answer-id-1424459' id='answer-label-1424459' class=' answer'><span>Configure the ALB in a public subnet of the VPAttach an internet gateway. Add routes in the subnet route tables to point to the internet gateway. Configure the accelerator with endpoint groups that include the ALB endpoint. Configure the ALB's security group to only allow inbound traffic from the accelerator's IP addresses on the ALB listener port.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365501[]' id='answer-id-1424460' class='answer   answerof-365501 ' value='1424460'   \/><label for='answer-id-1424460' id='answer-label-1424460' class=' answer'><span>Configure the ALB in a private subnet of the VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365501[]' id='answer-id-1424461' class='answer   answerof-365501 ' value='1424461'   \/><label for='answer-id-1424461' id='answer-label-1424461' class=' answer'><span>Attach an internet gateway. Add routes in the subnet route tables to point to the internet gateway. Configure the accelerator with endpoint groups that include the ALB endpoint. Configure the ALB's security group to only allow inbound trafficfrom the accelerator's IP addresses on the ALB listener port.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-54' style=';'><div id='questionWrap-54'  class='   watupro-question-id-365502'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>54. <\/span>A network engineer needs to standardize a company's approach to centralizing and managing interface VPC endpoints for private communication with AWS services. The company uses AWS Transit Gateway for inter-VPC connectivity between AWS accounts through a hub-and-spoke model. The company's network services team must manage all Amazon Route 53 zones and interface endpoints within a shared services AWS account. The company wants to use thiscentralized model to provide AWS resources with access to AWS Key Management Service (AWS KMS) without sending traffic over the public internet. <br \/>\r<br>What should the network engineer do to meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_54' value='365502' \/><input type='hidden' id='answerType365502' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365502[]' id='answer-id-1424462' class='answer   answerof-365502 ' value='1424462'   \/><label for='answer-id-1424462' id='answer-label-1424462' class=' answer'><span>In the shared services account, create an interface endpoint for AWS KM<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365502[]' id='answer-id-1424463' class='answer   answerof-365502 ' value='1424463'   \/><label for='answer-id-1424463' id='answer-label-1424463' class=' answer'><span>Modify the interface endpoint by disabling the private DNS name. Create a private hosted zone in the shared services account with an alias record that points to the interface endpoint. Associate the private hosted zone with the spoke VPCs in each AWS account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365502[]' id='answer-id-1424464' class='answer   answerof-365502 ' value='1424464'   \/><label for='answer-id-1424464' id='answer-label-1424464' class=' answer'><span>In the shared services account, create an interface endpoint for AWS KM<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365502[]' id='answer-id-1424465' class='answer   answerof-365502 ' value='1424465'   \/><label for='answer-id-1424465' id='answer-label-1424465' class=' answer'><span>Modify the interface endpoint by disabling the private DNS name. Create a private hosted zone in each spoke AWS account with an alias record that points to the interface endpoint. Associate each private hosted zone with the shared services AWS account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365502[]' id='answer-id-1424466' class='answer   answerof-365502 ' value='1424466'   \/><label for='answer-id-1424466' id='answer-label-1424466' class=' answer'><span>In each spoke AWS account, create an interface endpoint for AWS KM<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365502[]' id='answer-id-1424467' class='answer   answerof-365502 ' value='1424467'   \/><label for='answer-id-1424467' id='answer-label-1424467' class=' answer'><span>Modify each interface endpoint by disabling the private DNS name. Create a private hosted zone in each spoke AWS account with an alias record that points to each interface endpoint. Associate each private hosted zone with the shared services AWS account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365502[]' id='answer-id-1424468' class='answer   answerof-365502 ' value='1424468'   \/><label for='answer-id-1424468' id='answer-label-1424468' class=' answer'><span>In each spoke AWS account, create an interface endpoint for AWS KM<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365502[]' id='answer-id-1424469' class='answer   answerof-365502 ' value='1424469'   \/><label for='answer-id-1424469' id='answer-label-1424469' class=' answer'><span>Modify each interface endpoint by disabling the private DNS name. Create a private hosted zone in the shared services account with an alias record that points to each interface endpoint. Associate the private hosted zone with the spoke VPCs in each AWS account.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-55' style=';'><div id='questionWrap-55'  class='   watupro-question-id-365503'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>55. <\/span>A company has deployed a critical application on a fleet of Amazon EC2 instances behind an Application Load Balancer. The application must always be reachable on port 443 from the public internet. The application recently had an outage that resulted from an incorrect change to the EC2 security group. <br \/>\r<br>A network engineer needs to automate a way to verify the network connectivity between the public internet and the EC2 instances whenever a change is made to the security group. The solution also must notify the network engineer when the change affects the connection. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_55' value='365503' \/><input type='hidden' id='answerType365503' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365503[]' id='answer-id-1424470' class='answer   answerof-365503 ' value='1424470'   \/><label for='answer-id-1424470' id='answer-label-1424470' class=' answer'><span>Enable VPC Flow Logs on the elastic network interface of each EC2 instance to capture REJECT traffic on port 443. Publish the flow log records to a log group in Amazon CloudWatch Logs. Create a CloudWatch Logs metric filter for the log group for rejected traffic. Create an alarm to notify the network engineer.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365503[]' id='answer-id-1424471' class='answer   answerof-365503 ' value='1424471'   \/><label for='answer-id-1424471' id='answer-label-1424471' class=' answer'><span>Enable VPC Flow Logs on the elastic network interface of each EC2 instance to capture all traffic on port 443. Publish the flow log records to a log group in Amazon CloudWatch Logs. Create a CloudWatch Logs metric filter for the log group for all traffic. Create an alarm to notify the network engineer<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365503[]' id='answer-id-1424472' class='answer   answerof-365503 ' value='1424472'   \/><label for='answer-id-1424472' id='answer-label-1424472' class=' answer'><span>Create a VPC Reachability Analyzer path on port 443. Specify the security group as the source. Specify the EC2 instances as the destination. Create an Amazon Simple \r\nNotification Service (Amazon SNS) topic to notify the network engineer when a change to the security group affects the connection. Create an AWS Lambda function to start Reachability Analyzer and to publish a message to the SNS topic in case the analyses fail Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the Lambda function when a change to the security groupoccurs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365503[]' id='answer-id-1424473' class='answer   answerof-365503 ' value='1424473'   \/><label for='answer-id-1424473' id='answer-label-1424473' class=' answer'><span>Create a VPC Reachability Analyzer path on port 443. Specify the internet gateway of the VPC as the source. Specify the EC2 instances as the destination. Create an Amazon Simple Notification Service (Amazon SNS) topic to notify the network engineer when a change to the security group affects the connection. Create an AWS Lambda function to start Reachability Analyzer and to publish a message to the SNS topic in case the analyses fail. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the Lambda function when a change to the security group occurs.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-56' style=';'><div id='questionWrap-56'  class='   watupro-question-id-365504'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>56. <\/span>A company operates its IT services through a multi-site hybrid infrastructure. The company deploys resources on AWS in the us-east-1 Region and in the eu-west-2 Region. The company also deploys resources in its own data centers that are located in the United States (US) and in the United Kingdom (UK). In both AWS Regions, the company uses a transit gateway to connect 15 VPCs to each other. The company has created a transit gateway peering connection between the two transit gateways. The VPC CIDR blocks do not overlap with each other or with IP addresses used within the data centers. The VPC CIDR prefixes can also be aggregated either on a Regional level or for the company's entire AWS environment. <br \/>\r<br>The data centers are connected to each other by a private WAN connection. IP routing information is exchanged dynamically through Interior BGP (iBGP) sessions. The data centers maintain connectivity to AWS through one AWS Direct Connect connection in the US and one Direct Connect connection in the UK. Each Direct Connect connection is terminated on a Direct Connect gateway and is associated with a local transit gateway through a transit VIF. <br \/>\r<br>Traffic follows the shortest geographical path from source to destination. For example, packets from the UK data center that are targeted to resources in eu-west-2 travel across the local Direct Connect connection. In cases of cross-Region data transfers, such as from the UK data center to VPCs in us-east-1, the private WAN connection must be used to minimize costs on AWS. A network engineer has configured each transit gateway association on the Direct Connect gateway to advertise VPC-specific CIDR IP prefixes only from the local Region. The routes toward the other Region must be learned through BGP from the routers in the other data center in the original, non-aggregated form. <br \/>\r<br>The company recently experienced a problem with cross-Region data transfers because of issues with its private WAN connection. The network engineer needs to modify the routing setup to prevent similar interruptions in the future. The solution cannot modify the original traffic routing goal when the network is operating normally. <br \/>\r<br>Which modifications will meet these requirements? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_56' value='365504' \/><input type='hidden' id='answerType365504' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365504[]' id='answer-id-1424474' class='answer   answerof-365504 ' value='1424474'   \/><label for='answer-id-1424474' id='answer-label-1424474' class=' answer'><span>Remove all the VPC CIDR prefixes from the list of subnets advertised through the local Direct Connect connection. Add the company's entire AWS environment aggregate route to the list of subnets advertised through the local Direct Connect connection.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365504[]' id='answer-id-1424475' class='answer   answerof-365504 ' value='1424475'   \/><label for='answer-id-1424475' id='answer-label-1424475' class=' answer'><span>Add the CIDR prefixes from the other Region VPCs and the local VPC CIDR blocks to the list of subnets advertised through the local Direct Connect connection. Configure data center routers to make routing decisions based on the BGP communities received.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365504[]' id='answer-id-1424476' class='answer   answerof-365504 ' value='1424476'   \/><label for='answer-id-1424476' id='answer-label-1424476' class=' answer'><span>Add the aggregate IP prefix for the other Region and the local VPC CIDR blocks to the list of subnets advertised through the local Direct Connect connection.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365504[]' id='answer-id-1424477' class='answer   answerof-365504 ' value='1424477'   \/><label for='answer-id-1424477' id='answer-label-1424477' class=' answer'><span>Add the aggregate IP prefix for the company's entire AWS environment and the local VPC CIDR blocks to the list of subnets advertised through the local Direct Connect connection.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365504[]' id='answer-id-1424478' class='answer   answerof-365504 ' value='1424478'   \/><label for='answer-id-1424478' id='answer-label-1424478' class=' answer'><span>Remove all the VPC CIDR prefixes from the list of subnets advertised through the local Direct Connect connection. Add both Regional aggregate IP prefixes to the list of subnets advertised through the Direct Connect connection on both sides of the network. Configure data center routers to make routing decisions based on the BGP communities received.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-57' style=';'><div id='questionWrap-57'  class='   watupro-question-id-365505'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>57. <\/span>A company is building its website on AWS in a single VPC. The VPC has public subnets and private subnets in two Availability Zones. The website has static content such as images. The company is using Amazon S3 to store the content. <br \/>\r<br>The company has deployed a fleet of Amazon EC2 instances as web servers in a private subnet. The EC2 instances are in an Auto Scaling group behind an Application Load Balancer. The EC2 instances will serve traffic, and they must pull content from an S3 bucket to render the webpages. The company is using AWS Direct Connect with a public VIF for on-premises connectivity to the S3 bucket. <br \/>\r<br>A network engineer notices that traffic between the EC2 instances and Amazon S3 is routing through a NAT gateway. As traffic increases, the company's costs are increasing. The network engineer needs to change the connectivity to reduce the NAT gateway costs that result from the traffic between the EC2 instances and Amazon S3. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_57' value='365505' \/><input type='hidden' id='answerType365505' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365505[]' id='answer-id-1424479' class='answer   answerof-365505 ' value='1424479'   \/><label for='answer-id-1424479' id='answer-label-1424479' class=' answer'><span>Create a Direct Connect private VI<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365505[]' id='answer-id-1424480' class='answer   answerof-365505 ' value='1424480'   \/><label for='answer-id-1424480' id='answer-label-1424480' class=' answer'><span>Migrate the traffic from the public VIF to the private VI<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365505[]' id='answer-id-1424481' class='answer   answerof-365505 ' value='1424481'   \/><label for='answer-id-1424481' id='answer-label-1424481' class=' answer'><span>Create an AWS Site-to-Site VPN tunnel over the existing public VI<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365505[]' id='answer-id-1424482' class='answer   answerof-365505 ' value='1424482'   \/><label for='answer-id-1424482' id='answer-label-1424482' class=' answer'><span>Implement interface VPC endpoints for Amazon S3. Update the VPC route table.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365505[]' id='answer-id-1424483' class='answer   answerof-365505 ' value='1424483'   \/><label for='answer-id-1424483' id='answer-label-1424483' class=' answer'><span>Implement gateway VPC endpoints for Amazon S3. Update the VPC route table.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-58' style=';'><div id='questionWrap-58'  class='   watupro-question-id-365506'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>58. <\/span>An organization is replacing a tape backup system with a storage gateway. there is currently no connectivity to AWS. Initial testing is needed. <br \/>\r<br>What connection option should the organization use to get up and running at minimal cost?<\/div><input type='hidden' name='question_id[]' id='qID_58' value='365506' \/><input type='hidden' id='answerType365506' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365506[]' id='answer-id-1424484' class='answer   answerof-365506 ' value='1424484'   \/><label for='answer-id-1424484' id='answer-label-1424484' class=' answer'><span>Use an internet connection.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365506[]' id='answer-id-1424485' class='answer   answerof-365506 ' value='1424485'   \/><label for='answer-id-1424485' id='answer-label-1424485' class=' answer'><span>Set up an AWS VPN connection.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365506[]' id='answer-id-1424486' class='answer   answerof-365506 ' value='1424486'   \/><label for='answer-id-1424486' id='answer-label-1424486' class=' answer'><span>Provision an AWS Direct Connection private virtual interface.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-365506[]' id='answer-id-1424487' class='answer   answerof-365506 ' value='1424487'   \/><label for='answer-id-1424487' id='answer-label-1424487' class=' answer'><span>Provision a Direct Connect public virtual interface.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-59' style=';'><div id='questionWrap-59'  class='   watupro-question-id-365507'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>59. <\/span>A company delivers applications over the internet. An Amazon Route 53 public hosted zone is the authoritative DNS service for the company and its internet applications, all of which are offered from the same domain name. <br \/>\r<br>A network engineer is working on a new version of one of the applications. All the application's components are hosted in the AWS Cloud. The application has a three-tier design. The front end is delivered through Amazon EC2 instances that are deployed in public subnets with Elastic IP addresses assigned. The backend components are deployed in private subnets from RFC1918. <br \/>\r<br>Components of the application need to be able to access other components of the application within the application's VPC by using the same host names as the host names that are used over the public internet. The network engineer also needs to accommodate future DNS changes, such as the introduction of new host names or the retirement of DNS entries. <br \/>\r<br>Which combination of steps will meet these requirements? (Choose three.)<\/div><input type='hidden' name='question_id[]' id='qID_59' value='365507' \/><input type='hidden' id='answerType365507' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365507[]' id='answer-id-1424488' class='answer   answerof-365507 ' value='1424488'   \/><label for='answer-id-1424488' id='answer-label-1424488' class=' answer'><span>Add a geoproximity routing policy in Route 53.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365507[]' id='answer-id-1424489' class='answer   answerof-365507 ' value='1424489'   \/><label for='answer-id-1424489' id='answer-label-1424489' class=' answer'><span>Create a Route 53 private hosted zone for the same domain name Associate the application\u2019s VPC with the new private hosted zone.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365507[]' id='answer-id-1424490' class='answer   answerof-365507 ' value='1424490'   \/><label for='answer-id-1424490' id='answer-label-1424490' class=' answer'><span>Enable DNS hostnames for the application's VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365507[]' id='answer-id-1424491' class='answer   answerof-365507 ' value='1424491'   \/><label for='answer-id-1424491' id='answer-label-1424491' class=' answer'><span>Create entries in the private hosted zone for each name in the public hosted zone by using the corresponding private IP addresses.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365507[]' id='answer-id-1424492' class='answer   answerof-365507 ' value='1424492'   \/><label for='answer-id-1424492' id='answer-label-1424492' class=' answer'><span>Create an Amazon EventBridge (Amazon CloudWatch Events) rule that runs when AWS CloudTrail logs a Route 53 API call to the public hosted zone. Create an AWS Lambda function as the target of the rule. Configure the function to use the event information to update the privatehosted zone.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365507[]' id='answer-id-1424493' class='answer   answerof-365507 ' value='1424493'   \/><label for='answer-id-1424493' id='answer-label-1424493' class=' answer'><span>Add the private IP addresses in the existing Route 53 public hosted zone.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-60' style=';'><div id='questionWrap-60'  class='   watupro-question-id-365508'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>60. <\/span>A company is using custom DNS servers that run BIND for name resolution in its VPCs. The VPCs are deployed across multiple AWS accounts that are part of the same organization in AWS Organizations. All the VPCs are connected to a transit gateway. The BIND servers are running in a central VPC and are configured to forward all queries for an on-premises DNS domain to DNS servers that are hosted in an on-premises data center. To ensure that all the VPCs use the custom DNS servers, a network engineer has configured a VPC DHCP options set in all the VPCs that specifies the custom DNS servers to be used as domain name servers. <br \/>\r<br>Multiple development teams in the company want to use Amazon Elastic File System (Amazon EFS). A development team has created a new EFS file system but cannot mount the file system to one of its Amazon EC2 instances. The network engineer discovers that the EC2 instance cannot resolve the IP address for the EFS mount point fs-33444567d.efs.us-east-1.amazonaws.com. The network engineer needs to implement a solution so that development teams throughout the organization can mount EFS file systems. <br \/>\r<br>Which combination of steps will meet these requirements? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_60' value='365508' \/><input type='hidden' id='answerType365508' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365508[]' id='answer-id-1424494' class='answer   answerof-365508 ' value='1424494'   \/><label for='answer-id-1424494' id='answer-label-1424494' class=' answer'><span>Configure the BIND DNS servers in the central VPC to forward queries for efs.us-east-1.amazonaws.com to the Amazon provided DNS server (169.254.169.253).<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365508[]' id='answer-id-1424495' class='answer   answerof-365508 ' value='1424495'   \/><label for='answer-id-1424495' id='answer-label-1424495' class=' answer'><span>Create an Amazon Route 53 Resolver outbound endpoint in the central VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365508[]' id='answer-id-1424496' class='answer   answerof-365508 ' value='1424496'   \/><label for='answer-id-1424496' id='answer-label-1424496' class=' answer'><span>Update all the VPC DHCP options sets to use AmazonProvidedDNS for name resolution.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365508[]' id='answer-id-1424497' class='answer   answerof-365508 ' value='1424497'   \/><label for='answer-id-1424497' id='answer-label-1424497' class=' answer'><span>Create an Amazon Route 53 Resolver inbound endpoint in the central VPUpdate all the VPC DHCP options sets to use the Route 53 Resolver inbound endpoint in the central VPC for name resolution.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365508[]' id='answer-id-1424498' class='answer   answerof-365508 ' value='1424498'   \/><label for='answer-id-1424498' id='answer-label-1424498' class=' answer'><span>Create an Amazon Route 53 Resolver rule to forward queries for the on-premises domain to the on-premises DNS servers. Share the rule with the organization by using AWS Resource Access Manager (AWS RAM). Associate the rule with all the VPCs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-365508[]' id='answer-id-1424499' class='answer   answerof-365508 ' value='1424499'   \/><label for='answer-id-1424499' id='answer-label-1424499' class=' answer'><span>Create an Amazon Route 53 private hosted zone for the efs.us-east-1.amazonaws.com domain. Associate the private hosted zone with the VPC where the EC2 instance is deployed. Create an A record for fs-33444567d.efs.us-east-1.amazonaws.com in the private hosted zone. Configure the A record to return the mount target of the EFS mount point.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div style='display:none' id='question-61'>\n\t<div class='question-content'>\n\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\" alt=\"Loading...\" title=\"Loading...\" \/>&nbsp;Loading...\t<\/div>\n<\/div>\n\n<br \/>\n\t\n\t\t\t<div class=\"watupro_buttons flex \" id=\"watuPROButtons9226\" >\n\t\t  <div id=\"prev-question\" style=\"display:none;\"><input type=\"button\" value=\"&lt; Previous\" onclick=\"WatuPRO.nextQuestion(event, 'previous');\"\/><\/div>\t\t  \t\t  \t\t   \n\t\t   \t  \t\t<div><input type=\"button\" name=\"action\" class=\"watupro-submit-button\" onclick=\"WatuPRO.submitResult(event)\" id=\"action-button\" value=\"View Results\"  \/>\n\t\t<\/div>\n\t\t<\/div>\n\t\t\n\t<input type=\"hidden\" name=\"quiz_id\" value=\"9226\" id=\"watuPROExamID\"\/>\n\t<input type=\"hidden\" name=\"start_time\" id=\"startTime\" value=\"2026-05-11 15:06:18\" \/>\n\t<input type=\"hidden\" name=\"start_timestamp\" id=\"startTimeStamp\" value=\"1778511978\" \/>\n\t<input type=\"hidden\" name=\"question_ids\" value=\"\" \/>\n\t<input type=\"hidden\" name=\"watupro_questions\" value=\"365449:1424202,1424203,1424204,1424205,1424206 | 365450:1424207,1424208,1424209,1424210,1424211,1424212 | 365451:1424213,1424214,1424215,1424216,1424217,1424218,1424219 | 365452:1424220,1424221,1424222,1424223,1424224,1424225 | 365453:1424226,1424227,1424228,1424229 | 365454:1424230,1424231,1424232,1424233 | 365455:1424234,1424235,1424236,1424237 | 365456:1424238,1424239,1424240,1424241 | 365457:1424242,1424243,1424244,1424245,1424246,1424247,1424248,1424249 | 365458:1424250,1424251,1424252,1424253 | 365459:1424254,1424255,1424256,1424257 | 365460:1424258,1424259,1424260,1424261 | 365461:1424262,1424263,1424264,1424265,1424266,1424267,1424268 | 365462:1424269,1424270,1424271,1424272,1424273 | 365463:1424274 | 365464:1424275,1424276,1424277,1424278 | 365465:1424279,1424280,1424281,1424282,1424283,1424284,1424285,1424286 | 365466:1424287,1424288,1424289,1424290,1424291 | 365467:1424292,1424293,1424294,1424295 | 365468:1424296,1424297,1424298,1424299 | 365469:1424300,1424301,1424302,1424303,1424304,1424305,1424306 | 365470:1424307,1424308,1424309,1424310 | 365471:1424311,1424312,1424313,1424314 | 365472:1424315,1424316,1424317,1424318 | 365473:1424319,1424320,1424321,1424322 | 365474:1424323,1424324,1424325,1424326,1424327,1424328 | 365475:1424329,1424330,1424331,1424332,1424333,1424334 | 365476:1424335,1424336,1424337,1424338,1424339 | 365477:1424340,1424341,1424342,1424343 | 365478:1424344,1424345,1424346,1424347 | 365479:1424348,1424349,1424350,1424351,1424352,1424353 | 365480:1424354,1424355,1424356,1424357 | 365481:1424358,1424359,1424360,1424361 | 365482:1424362,1424363,1424364,1424365,1424366,1424367,1424368 | 365483:1424369,1424370,1424371,1424372,1424373,1424374,1424375,1424376 | 365484:1424377,1424378,1424379,1424380,1424381 | 365485:1424382,1424383,1424384,1424385 | 365486:1424386,1424387,1424388,1424389,1424390 | 365487:1424391,1424392,1424393,1424394 | 365488:1424395,1424396,1424397,1424398,1424399,1424400 | 365489:1424401,1424402,1424403,1424404,1424405,1424406,1424407 | 365490:1424408,1424409,1424410,1424411 | 365491:1424412,1424413,1424414,1424415 | 365492:1424416,1424417,1424418,1424419 | 365493:1424420,1424421,1424422,1424423 | 365494:1424424,1424425,1424426,1424427,1424428 | 365495:1424429,1424430,1424431,1424432 | 365496:1424433,1424434,1424435,1424436 | 365497:1424437,1424438,1424439,1424440,1424441 | 365498:1424442,1424443,1424444,1424445,1424446 | 365499:1424447,1424448,1424449,1424450 | 365500:1424451,1424452,1424453,1424454 | 365501:1424455,1424456,1424457,1424458,1424459,1424460,1424461 | 365502:1424462,1424463,1424464,1424465,1424466,1424467,1424468,1424469 | 365503:1424470,1424471,1424472,1424473 | 365504:1424474,1424475,1424476,1424477,1424478 | 365505:1424479,1424480,1424481,1424482,1424483 | 365506:1424484,1424485,1424486,1424487 | 365507:1424488,1424489,1424490,1424491,1424492,1424493 | 365508:1424494,1424495,1424496,1424497,1424498,1424499\" \/>\n\t<input type=\"hidden\" name=\"no_ajax\" value=\"0\">\t\t\t<\/form>\n\t<p>&nbsp;<\/p>\n<\/div>\n\n<script type=\"text\/javascript\">\n\/\/jQuery(document).ready(function(){\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \t\nvar question_ids = \"365449,365450,365451,365452,365453,365454,365455,365456,365457,365458,365459,365460,365461,365462,365463,365464,365465,365466,365467,365468,365469,365470,365471,365472,365473,365474,365475,365476,365477,365478,365479,365480,365481,365482,365483,365484,365485,365486,365487,365488,365489,365490,365491,365492,365493,365494,365495,365496,365497,365498,365499,365500,365501,365502,365503,365504,365505,365506,365507,365508\";\nWatuPROSettings[9226] = {};\nWatuPRO.qArr = question_ids.split(',');\nWatuPRO.exam_id = 9226;\t    \nWatuPRO.post_id = 93587;\nWatuPRO.store_progress = 0;\nWatuPRO.curCatPage = 1;\nWatuPRO.requiredIDs=\"0\".split(\",\");\nWatuPRO.hAppID = \"0.60241600 1778511978\";\nvar url = \"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/show_exam.php\";\nWatuPRO.examMode = 1;\nWatuPRO.siteURL=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-admin\/admin-ajax.php\";\nWatuPRO.emailIsNotRequired = 0;\nWatuPROIntel.init(9226);\nWatuPRO.inCategoryPages=1;});    \t \n<\/script>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Improve your expertise with DumpsBase&#8217;s most updated Amazon ANS-C01 dumps. We have the ANS-C01 dumps (V11.03) with more accurate questions and answers, helping you pass the Amazon AWS Certified Advanced Networking\u2014Specialty exam successfully. Key Features of Amazon ANS-C01 Dumps (V11.03) PDF Format Flexibility: You can access ANS-C01 exam dumps on any device &#8211; desktop, laptop, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[175,15758],"tags":[17976,15756],"class_list":["post-93587","post","type-post","status-publish","format-standard","hentry","category-amazon","category-aws-certified-specialty","tag-amazon-aws-certified-advanced-networking-specialty","tag-ans-c01-exam-dumps"],"_links":{"self":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/93587","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/comments?post=93587"}],"version-history":[{"count":1,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/93587\/revisions"}],"predecessor-version":[{"id":93588,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/93587\/revisions\/93588"}],"wp:attachment":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/media?parent=93587"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/categories?post=93587"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/tags?post=93587"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}