AWS cuestionario 10 1st Grade Quiz

1.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Some Amazon EC2 instances in a VPC need to make API calls to Amazon DynamoDB. If we want to avoid using DynamoDB public endpoints (because we don’t want to use the Internet), what is the most EFFICIENT and secure method to accomplish it?

Create a new private DynamoDB table that uses the endpoint

Create a route table entry for the endpoint

Create a VPC peering connection between the VPC and DynamoDB

Create an interface endpoint for DynamoDB

Create a gateway endpoint for DynamoDB

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A user has created a VPC with two subnets: one public and one private. The user is planning to run the patch update for the instances in the private subnet. How can the instances in the private subnet connect to the internet?

Use NAT with an elastic IP

Allow outbound traffic in the security group for port 80 to allow internet updates

The private subnet can never connect to the internet

Use the internet gateway with a private IP

3.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Your organization has an existing VPC setup and has a requirement to route any traffic going from VPC to AWS S3 bucket through AWS internal network. So they have created a VPC endpoint for S3 and configured to allow traffic for S3 buckets. The application you are developing involves sending traffic to AWS S3 bucket from VPC for which you planned to use a similar approach. You have created a new route table, added route to VPC endpoint and associated route table with your new subnet. However, when you are trying to send a request from EC2 to S3 bucket using AWS CLI, the request is getting failed with 403 access denied errors. What could be causing the failure?

AWS S3 bucket is in a different region than your VPC.

S3 bucket CORS configuration does not have EC2 instances as the origin.

VPC endpoint might have a restrictive policy and does not contain the new S3 bucket.

EC2 security group outbound rules not allowing traffic to S3 prefix list.

4.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A fleet of EC2 instances running in a private subnet must connect to the Internet using the IPv6 protocol. What service should we configure to enable this connectivity?

An Egress-Only Internet Gateway

AWS Direct Connect

Connect the instances to Route 53

A NAT Instance

5.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You need to design a VPC for a web-application consisting of an ELB a fleet of web application servers, and an RDS DB. The entire infrastructure must be distributed over 2 AZ. Which VPC configuration works while assuring the DB is not available from the Internet?

One Public Subnet for ELB, two Private Subnets for the web-servers, and two private subnets for the RDS

Two Public Subnets for ELB, two Public Subnet for the web-servers, and two public subnets for the RDS

Two Public Subnets for ELB, two private Subnet for the web-servers, and two private subnet for the RDS

One Public Subnet for ELB, one Public Subnet for the web-servers, and one private subnet for the DB

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

How many VPCs can an Internet Gateway be attached to at any given time?

By default 1. But it can be attached to any VPC peered with its belonging VPC.

2

1

5

7.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

There is a requirement to get the IP addresses for resources accessed in a private subnet. Which of the following can be used to fulfill this purpose?

VPC Flow Logs

Use CloudTrail

Trusted Advisor

Use CloudWatch metrics

8.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A user has launched an EC2 instance and installed a website with the Apache webserver. The webserver is running but the user is not able to access the website from the Internet. What can be the possible reason for this failure?

Instance is not configured with an elastic IP.

The security group of the instance is not configured properly.

The Apache website cannot be accessed from the Internet.

The instance is not configured with the proper key-pairs.

9.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A user has created a VPC with public and private subnets using the VPC Wizard. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24. Which of the below mentioned entries are required in the main route table to allow the instances in VPC to communicate with each other?

Destination : 20.0.0.0/24 and Target : VPC

Destination : 20.0.0.0/16 and Target : ALL

Destination : 20.0.0.0/16 and Target : Local

Destination : 20.0.0.0/0 and Target : ALL

10.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A start-up firm has a corporate office in New York & a regional office in Washington & Chicago. These offices are interconnected over Internet links. Recently they have migrated a few application servers to EC2 instance launched in the AWS US-east-1 region. The Developer Team located at the corporate office requires secure access to these servers for initial testing & performance checks before go-live of the new application. Since the go-live date is approaching soon, the IT team is looking for quick connectivity to be established. As an AWS consultant, which link option will you suggest as a cost-effective & quick way to establish secure connectivity from on-premise to servers launched in AWS?

Use Hardware VPN over AWS Direct Connect to establish IPSEC connectivity from On-premise to VGW

Use AWS Site-to-Site VPN to establish IPSEC VPN connectivity between VPC and the on-premises network

Install a third party software VPN appliance from AWS Marketplace in the EC2 instance to create a VPN connection to the on-premises network

Use AWS Direct Connect to establish IPSEC connectivity from On-premise to VGW

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground