Your company is connecting one data center with one router to several VPCs and needs to access them transitively. What should you do?
C
VPCs are not transitive, so you will need a "transit VPN" in order to route between the VPCs.
Your AWS WorkSpaces users are unable to authenticate. What could be one reason for this?
C
AD requires port 389.
You have just deployed a website that utilizes CloudFront, ELB, and S3 to serve content. When users access your site, they are seeing broken image links. You know you configured CloudFront to use cdn.yourdomain.com. What is the most likely reason why your users not seeing the images?
C
You must have a Route 53 record. You never want to give public access to your content bucket.
You are responsible for several EC2 instances deployed from Amazon AMIs that are required to upload information to an S3 bucket. This information must not traverse the public internet. You must also be able to update the instances. Which option is your best solution?
B
A NAT is not required as an S3 endpoint will allow an instance to update. C and D are not possible.
Your company is building a new data center. You currently have an on-premises data center that accesses your single VPC via VPN. You need to provide access to your single VPC to your new data center. Since your new data center build is already over budget, you need to keep costs low.
How should you accomplish this?
B
Create a new Customer Gateway. A Private VIF would work, but you want to keep costs low. A Public VIF is only for AWS specific resources, such as S3. A
Virtual Gateway would be created if you were creating a new VPN connection in a new VPC. A Customer Gateway would allow you to add the new datacenter to your VPN.
You have a website hosted on EC2 that is not serving web pages. You have ensured that the server is running and the site is configured properly. What could be the problem?
B
The ephemeral ports 1024 גˆ’ 65535 are required outbound for return traffic. For the server to access websites, those same ports need to be allowed inbound.
You are auditing an AWS infrastructure after you noticed some abnormal charges on the bill. You use AWS Config to monitor your changes. What else is required to find out who made the change?
C
CloudTrail is for finding "who" performed an action.
Your organization has placed a project on hold and has stopped 30 public EC2 instances. These instances use instance store volumes and do not have custom
AMIs associated. You are still being charged every month.
What is the charge probably for?
B
You have Elastic IPs associated with those instances. AWS charges for any unused Elastic IPs in your account.
You need to quickly view inbound traffic to an instance to determine why it isn't reaching the instance properly. What is the best tool for this?
D
CloudWatch only shows the amount of data in. Wireshark cannot see anything inside AWS infrastructure. You can only use it to view instance traffic.
Your company has just completed a transition to IPv6 and has deployed a website on a server. You were able to download software on the instance without an issue. This website is deployed using IPv6, but the public is not able to access it. What should you do to fix this problem?
C
Your instance can reach the internet if it was able to download sofftware, so an IGW is not needed. 0.0.0.0/0 is for IPv4.
