Your company just deployed a WAF to protect its resources. You need to create a baseline before you start blocking traffic. How will you achieve this?
A
Monitor mode is the only good choice.
Your website utilizes EC2, S3, ELB-Classic, and CloudFront. Your manager has shifted focus to security and wants you to ensure the site is as secure as possible. What two items could you recommend? (Choose two.)
BD
A WAF on CloudFront and a restricted bucket policy to ensure the only access is from CloudFront. You cannot apply a WAF to a classic load balancer and an
NACL that blocks all ports would block access to the load balancer.
You have two public applications on different domains that use two front-end servers and two back-end servers each. You wish to achieve high availability for both applications. What two options should you configure? (Choose two.)
AD
Route 53: 2 public zones and 2 private zones and 4 load balancers: 2 public and 2 internal. This will allow one domain to be balanced over two application servers which will then have traffic balanced to the two backend servers.
Your company was recently acquired and a Direct Connection connection was extended from your new parent corporation to your AWS VPC using a hosted VIF.
What data charges are billed to your account for that connection?
C
You are only responsible for the data transfer out. The port hours are the responsibility of the owner of the connection.
The IPsec protocol suite is made up of various components covering aspects such as confidentiality, encryption, and integrity.
Select the correct statement below regarding the correct configuration options for ensure IPsec confidentiality:
B
Answer A is incorrect - as MD5 is a hashing protocol (data integrity) Answer C is incorrect - as PSK is short for Pre-Shared Keys (key exchange) - and again MD5 is a hashing protocol (data integrity)
Answer D is incorrect - as both MD5 and SHA are hashing protocols (data integrity) Answer E is incorrect - as both PSK and RSA are used for key exchanges
This leaves Answer B is the only correct IPsec configuration covering confidentiality. DES, 3DES, and AES are all encryption protocols.
Reference:
https://en.wikipedia.org/wiki/IPsec
Which of the following statements does not describe Jumbo Frames in an AWS VPC environment?
D
All answers except for Answer D are correct. Answer D is incorrect in that AWS does indeed support Jumbo Frames on all instance types within the T2 family class - including the T2.micro instance type.
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html
Within the TCP/IP model what is the name of the Packet Data Unit (PDU) used between Transport Layers for communication between sender and receiver
D
Segments is the PDU used between transport layers.
Reference:
https://en.wikipedia.org/wiki/Transmission_Control_Protocol
Considering the rules of IPv4 subnetting, how many subnets and hosts per subnet are possible given the following network 192.168.130.130/28? (in this question ignore the fact that AWS reserves 5 IP addresses)
B
16 subnets and 14 hosts per subnet are possible in the CIDR.
Reference:
https://en.wikipedia.org/wiki/IPv4_subnetting_reference
An unfortunate situation has just come to your attention. A business critical application with sensitive data running on-prem will run out of storage disk space in
24hrs. This business critical application is dependent a very large set of routes `" required for integration with other system. You make a quick but well informed decision to migrate this application quickly to AWS. You are able to quickly launch a new VPC and within it equivalent infrastructure to re`"home the application. In order to complete the replication of application data and ensure the application remains operational beyond the next 24hrs, select the best implementation.
B
Answer A ג€" Let's start by stating that all possible options are actually workable solutions. The key criteria of the question is to complete the data migration aspects as *quickly* as possible. With this in mind we can immediately rule out Answer A ג€" due to the time it takes to provision and activate a fully functional Direct
Connect connection, 72+ hrs. Answer C is the same as Answer D but lacks BGP ג€" therefore we would need to setup the routes manually ג€" more time and effort.
Additionally Answer D uses Jumbo Frames ג€" but AWS does not support Jumbo frames over the Virtual Private Gateway ג€" therefore Answer D's use of Jumbo
Frames is negated. Overall Answer B is considered the quickest option.
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/GenericConfig.html
Convert the following IPv4 address in presented in binary form, into dotted decimal form 10101100.01111011.00001101.10011101.
A
An IPv4 address in dotted decimal format is constructed using binary arithmetic. In binary arithmetic, each bit within a group represents a power of two.
Specifically, the first bit in a group represents 2 to the power of 0, the second bit represents 2 to the power of 1, the third bit represents 2 to the power of 2, and so on. Binary format is simple because each successive bit in a group is exactly twice the value of the previous bit.
The first octet is 128 + 32 + 8 + 4 = 172
The second octet 64 + 32 + 16 + 8 + 2 + 1 = 123
The third octet 8 + 4 + 1 = 13 -
The fourth octet is 128 + 16 + 8 + 4 + 1 = 157
Reference:
https://en.wikipedia.org/wiki/IPv4
