Your company has two DX locations. You need to configure one link as passive. What should you configure in your router to set that link as the passive link.
B
You should configure AS_PATH prepending on the link. A higher CIDR is the same as a more specific prefix, which will make the link more preferred. A higher
MED will make the path less preferred, but this is not the preferred method to accomplish this. Changing your ASN will not help. Configuring AS_PATH
Prepending is the preferred method of AWS to configure an Active-Passive configuration with Direct Connect.
You have just configured an Elastic Load Balancer. Assuming all settings are configured properly, about how long will it take an instance to become healthy with a
6 second HealthCheck Interval, an unhealthy threshold of 5 and a healthy threshold of 10?
D
60 seconds. 10 healthcheck successes with 6 second intervals.
Your company needs to directly update an S3 bucket that serves as a CloudFront origin with the most reliability possible. Your company also has a set of private
EC2 servers that it needs to access with the same reliability. Which combination will provide the best solution?
D
The Public VIF will allow access to the S3 bucket, and the Private VIF will allow access to the EC2 instances.
You wish to have a sub-1G connection to AWS to save on costs. How can you achieve this?
D
Sub-1G service is only available through AWS partners.
You have just peered two VPCs, and you need to improve performance for instances you plan on deploying. What are two steps you would take to do this?
(Choose two.)
AD
A placement group can only be deployed in the same AZ and is only useful with enhanced networking instances.
You have just deployed a website that utilizes CloudFront, ELB, and S3 to serve content. When users access your site, they are seeing broken image links. What is most likely the problem?
B
You must have an OAI if the bucket policy does not allow public access, which is bad practice.
You have a static VPN connecting your data center and your VPC. You currently have 50 routes added to your route table. You want to add more; how should you do this?
D
A dynamic routing table can support 100 routes. A static can only support 50 per IPv4 and 50 per IPv6. Direct Connect will work, but it would be more than you needed.
Your company needs an inexpensive solution to host their AD data in the cloud. They do not need all of the features of AD but do need to be able to use it with
WorkSpaces. What is the best solution?
C
Simple AD is the best choice here. If authentication is all you need, it is the most inexpensive option for in-cloud directory.
You need to find the MTU used by another instance, but tracepath is not working. You know the instance you are trying to tracepath has open security group and
NACL rules. Which protocol do you need to allow to access your instance to remedy this?
D
You need to allow Protocol 1, ICMP, to access your instance. tracepath specifically needs the "destination unreachable" feature of ICMP.
You are under a DDoS attack and you have added a deny all TCP rule to your NACL, but traffic is still coming. What did you do wrong?
C
The DDoS isn't a TCP attack (this time.) A DDoS can use several different protocols. NACLs are stateless. The lower the rule number, the higher the priority.
