Which service would you use to see CPU usage?
C
Your on-premises network has an IP address range of 11.11.0.0/16. Only IPs within this network range can be used for inter-server communication. The IP address range 11.11.253.0/24 has been allocated for the cloud.
You need to design a VPC in AWS. The servers within the VPC should be able to communicate with hosts both on the Internet and on-premises through a VPN connection.
What combination of configuration steps meets your needs? (Choose two)
AC
The VPC needs to use a CIDR block in the assigned range (and be non-overlapping with the data center). All traffic not destined for the VPC is routed to the VGW
(that route is assumed) and must then be forwarded to the Internet when it arrives on-premises. B and E are wrong because they are not in the assigned range
(you can use non-RFC 1918 addresses in a VPC). D is wrong because it directs traffic to the Internet through the Internet gateway.
You are architecting an HPC solution in AWS. The system consists of a cluster of EC2 instances that require low-latency communications between them.
Which method should you use to set up a cluster to meet these requirements?
B
Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. A is incorrect because the size of a subnet has no impact on network performance. C is incorrect because an EBS volume cannot be shared between EC2 instances. D is only half the solution because the enhanced networking affects the network behavior of an EC2 instance but not the network infrastructure between instances.
Your customer's internal security teams receive requests to allow Amazon S3 access from inside the corporate network. All external traffic must be explicitly whitelisted through your corporate firewalls.
How can your security team grant this access?
B
ip-ranges.json contains the latest list of IP addresses used by AWS. AWS no longer posts IP prefixes in Forum announcements. DNS lookups would not provide an exhaustive list of possible IP prefixes. D would require transitive routing, which is not possible.
Your application server instances reside in the private subnet of your VPC. These instances need to access a Git repository on the Internet. You create a NAT gateway in the public subnet of your VPC. The NAT gateway can reach the Git repository, but instances in the private subnet cannot. You confirm that a default route in the private subnet route table points to the NAT gateway. The security group for your application server instances permits all traffic to the NAT gateway.
What configuration change should you make to ensure that these instances can reach the patch server?
B
The traffic leaves the instance destined for the Git repository; at this point, the security group must allow it through. The route then directs that traffic (based on the
IP) to the NAT gateway. A is wrong because it removes the private aspect of the subnet and would have no effect on the blocked traffic anyway. C is wrong because the problem is that outgoing traffic is not getting to the NAT gateway. D is wrong because to allow outgoing traffic to the Git repository requires an outgoing security group rule.
Considering your knowledge of both the OSI and TCP/IP models `" select the following statement which you consider to NOT be true.
A
The OSI model is a 7 layered model. The TCP/IP model is a 4 layered model. The top layer in both models is called the Application layer. The TCP/IP Application layer maps to the top 3 OSI layers (Application, Presentation, and Session layers).
Reference:
https://en.wikipedia.org/wiki/OSI_model
From the following options, select the answer that correctly describes the implementation of the HTTP protocol
B
HTTP is a connection orientated protocol and therefore utilizes TCP
Reference:
https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol
You have just provisioned a new VPC a with a CIDR block of 172.16.12.0/24. The entire CIDR block is fully utilized by subdividing it into 6 subnets, we will refer to these as Subnet1 through to Subnet6. The first 2 subnets (Subnet1 and Subnet2) are the same size. The last 4 subnets (Subnet3, Subnet4, Subnet5, Subnet6) are also the same size. Subnet5 is half the size of Subnet2. The address space as occupied by the first two subnets is contiguous, as is the address space occupied by the last 4 subnets. Within Subnet3 AWS reserves the address 172.16.12.129 for the VPC router.
Select the correct IP address reserved by AWS for DNS in the Subnet2.
C
From the documentation above ג€" we know AWS reserves the address x.x.x.1 for the VPC router, and x.x.x.2 for DNS from within each subnet. This question states that Subnet 3 reserves 172.16.12.130 for the VPC router. Given that we now know that the Subnet 3 (the 1st of the last 4 Subnets) starts at 172.16.12.128 - then it must follow that Subnet2 ends at 172.16.12.127. From here we know we have 128 addresses that are halved evenly between Subnet1 and Subnet2 - 128/2
= 64 or /26 in CIDR form. Therefore it follows that the address reserved by AWS for DNS in the Subnet2 must be 172.16.12.66
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html
Select the VPC Peering statement below that is NOT true
A
VPC peering supports transitive peering relationships for IPv4 and IPv6 traffic
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/vpc-peering-basics.html#vpc-peering-limitations
Select the answer/s that correctly state how Jumbo Frames work
B
We know by definition that Jumbo Frames support 9000 byte MTU ג€" therefore Answer A is incorrect (the stated unit is kilobytes). Jumbo Frames is a data transmission unit configuration option - it does not change or alter anything related to security ג€" therefore Answer B is incorrect. Answer C is correct - we can get improved application performance when used within appropriate scenarios. Jumbo Frames are not supported over VPG IPsec VPN connections - therefore
Answer D is incorrect. Answer E is nonsensical ג€" Jumbo Frames is a networking construct and has nothing to do with disk storage.
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html
