NEW QUESTION 1
Over which of the following Ethernet standards does AWS Direct Connect link your internal network to an AWS Direct Connect location?

• A. Copper backplane cable
• B. Twisted pair cable
• C. Single mode fiber-optic cable
• D. Shielded balanced copper cable

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

NEW QUESTION 2
An unfortunate situation has just come to your attention. A business critical application with
sensitive data running on-prem will run out of storage disk space in 24hrs. This business critical application is dependent a very large set of routes - required for integration with other system. You make a quick but well informed decision to migrate this application quickly to AWS. You are able to quickly launch a new VPC and within it equivalent infrastructure to re-home the application. In order to complete the replication of application data and ensure the application remains operational
beyond the next 24hrs, select the best implementation.

• A. Within the new VPC - establish a Direct Connect connection with max 10Gbps port speed for data replicatio
• B. Establish a 802.1Q VLAN and configure a Virtual Private Gateway and Private Virtual Interface, and ensure Jumbo Frames is enabled.
• C. Within the new VPC - deploy a Virtual Private Gateway, Customer Gateway, and establish a new IPsec VPN Connection with BGP dynamic routing
• D. Within the new VPC - deploy a Virtual Private Gateway, Customer Gateway, and establish a new IPsec VPN Connection with static routing, and ensure Jumbo Frames is enabled.
• E. Within the new VPC - deploy a software based virtual router (for example a Cisco CSR). Configure with dual ENIs (external and internal), create and attach an EIP to the external ENI, Configure and setup IPsec VPN tunnels, and ensure Jumbo Frames is enabled.

Answer: B

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/GenericConfig.html

NEW QUESTION 3
Fill in the blanks: One of the basic characteristics of security groups for your VPC is that you ______ .

• A. can specify allow rules, but not deny rules
• B. can specify deny rules, but not allow rules
• C. can specify allow rules as well as deny rules
• D. can neither specify allow rules nor deny rules

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html

NEW QUESTION 4
By default, all AWS accounts are limited to EIPs, because public (IPv4) Internet addresses are a scarce public resource.

• A. 5
• B. 8
• C. 6
• D. 2

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html

NEW QUESTION 5
The IPsec protocol suite is made up of various components covering aspects such as confidentiality, encryption, and integrity. Select the correct statement below regarding the correct configuration options for ensure IPsec confidentiality:

• A. The following protocols may be used to configure IPsec confidentiality, DES, 3DES, MD5
• B. The following protocols may be used to configure IPsec confidentiality, DES, 3DES, AES
• C. The following protocols may be used to configure IPsec confidentiality, PSK, RSA
• D. The following protocols may be used to configure IPsec confidentiality, PSK, MD5
• E. The following protocols may be used to configure IPsec confidentiality, PSK, RSA

Answer: B

Explanation:
Reference:
https://en.wikipedia.org/wiki/IPsec

NEW QUESTION 6
Which statement is NOT true about accessing remote AWS region in the US by your AWS Direct Connect which is located in the US?

• A. To connect to a VPC in a remote region, you can use a virtual private network (VPN) connection over your public virtual interface.
• B. To access public resources in a remote region, you must set up a public virtual interface and establish a border gateway protocol (BGP) session.
• C. If you have a public virtual interface and established a BGP session to it, your router learns the routes of the other AWS regions in the US.
• D. Any data transfer out of a remote region is billed at the location of your AWS Direct Connect data transfer rate.

Answer: D

Explanation:
Reference:
http://docs.aws.amazon.com/directconnect/latest/UserGuide/remote_regions.html

NEW QUESTION 7
You are the AWS cloud architect and have been tasked with designing an appropriate subnetting design for your production VPC. Your production VPC requires secure communications back to the corporate private network. Quality of Service (QoS) is very important 24x7 for this particular connection, as real-time data is passed continually backwards and forwards between your on-prem bioinformatics enterprise application, and the number crunching servers deployed in the cloud. Any potential latency incurred on this connection will have a direct impact on the company's ability to attract investors and expansion into new markets. Select the correct network configuration that best facilitates your company's continued growth plans.

• A. Provision a Direct Connect connection - between your service provider's data center and the AWS region that your cloud compute resources exist in . Configure just a Private VirtualInterfac
• B. As this is a Direct Connection, a Virtual Private Gateway is not required
• C. Configure a site-to-site layer 2 software router using OpenVPN within your VPC and ensure that QoS enabled - this is a secure and cheap option
• D. Configure a site-to-site layer 3 software router using OpenVPN within your VPC and ensure that QoS enabled - this is a secure and cheap option
• E. Provision a Direct Connect connection - between your existing service provider's data center and the AWS region that your cloud compute resources exist i
• F. Configure a Virtual Private Gateway and Private Virtual Interface

Answer: D

Explanation:
Reference:
https://aws.amazon.com/directconnect/faqs/

NEW QUESTION 8
AWS CloudTrail can be configured to _____ log files across multiple accounts and regions so that log
files are delivered to a single bucket.

• A. aggregate
• B. disperse
• C. replicate
• D. encrypt

Answer: A

Explanation:
Reference:
https://aws.amazon.com/cloudtrail/

NEW QUESTION 9
Which of the following does not configure Amazon CloudFront cache behaviors to forward cookies to an origin for web distributions?

• A. Origin server
• B. AWS CLI
• C. Amazon EMR
• D. Amazon S3

Answer: D

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html

NEW QUESTION 10
To determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it, you can use ______.

• A. trusted signers
• B. optimistic locking
• C. integrity validation
• D. root credentialing

Answer: C

Explanation:
Reference:
https://aws.amazon.com/cloudtrail/

NEW QUESTION 11
You can use the _____ command of the AWS Config service CLI to see the compliance state of each resource that AWS Config evaluates for a specific rule.

• A. describe-compliance-by-resource
• B. describe-compliance-by-config-rule
• C. get-compliance-details-by-config-rule
• D. get-compliance-details-by-config-rule

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_view-compliance.html

NEW QUESTION 12
When using AWS Config, which two items are stored on S3 as a part of its operation?

• A. Configuration Items and Configuration History
• B. Configuration Recorder and Configuration Snapshots
• C. Configuration History and Configuration Snapshots
• D. Configuration Snapshots and Configuration Streams

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#config-items

NEW QUESTION 13
You have several Amazon Glacier vaults you would like to monitor. How might you monitor those vaults?

• A. Create a custom AWS Config rule.
• B. Use an AWS master Config rule.
• C. Use an AWS managed Config rule.
• D. Create a KMS policy and attach it to your Amazon Glacier vaul

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_developrules_ nodejs.html#creating-custom-rules-for-additional-resource-types

NEW QUESTION 14
An AWS Config rule can be set to be evaluated if a certain set of resources undergoes a configuration change. The set of resources to which the rule applies can be restricted by the rule's ______ , which can include a combination of a resource type and a resource ID, for example.

• A. trigger
• B. domain
• C. manifest
• D. scope

Answer: D

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config-rules.html

NEW QUESTION 15
A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned services does not provide detailed monitoring with CloudWatch?

• A. AWS Route53
• B. AWS EMR
• C. AWS ELB
• D. AWS RDS

Answer: B

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/supported_services.html

NEW QUESTION 16
When an AWS Config rule is triggered a JSON object known as an AWS Config Event is created. This object contains a(n) ______ attribute, which is a JSON-formatted set of key/value pairs the receiving AWS Lambda function processes as part of its evaluation logic.

• A. inputParameters
• B. invokingEvent
• C. ruleConfiguration
• D. mappingTemplate

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_developrules_ example-events.html

NEW QUESTION 17
You can use the ______ command of the AWS Config service CLI to see the compliance state for each AWS resource of a specific type.

• A. describe-compliance-by-resource
• B. get-compliance-details-by-config-rule
• C. describe-compliance-by-config-rule
• D. get-compliance-details-by-config-rule

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_view-compliance.html

NEW QUESTION 18
Within the TCP/IP model what is the name of the Packet Data Unit (PDU) used between Transport Layers for communication between sender and receiver

• A. Frames
• B. Packets
• C. Data
• D. Segments

Answer: D

Explanation:
Reference:
https://en.wikipedia.org/wiki/Transmission_Control_Protocol

NEW QUESTION 19
A user has enabled detailed CloudWatch monitoring with the AWS Simple Notification Service. Which of the below mentioned statements helps the user understand detailed monitoring better?

• A. SNS cannot provide data every minute
• B. There is no need to enable since SNS provides data every minute
• C. SNS will send data every minute after configuration
• D. AWS CloudWatch does not support monitoring for SNS

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/supported_services.html

NEW QUESTION 20
Does Amazon VPC support multicast or broadcast?

• A. Yes, both.
• B. It doesn't support any of them.
• C. Multicast yes, Broadcast no.
• D. Both, but only outside Amazon VP

Answer: B

Explanation:
Reference:
https://aws.amazon.com/vpc/faqs/

NEW QUESTION 21
When an AWS Config rule is triggered a JSON object known as an AWS Config Event is created. This object contains a(n) _____ attribute, which is a JSON-formatted set of key/value pairs the receiving AWS Lambda function processes as part of its evaluation logic.

• A. invokingEvent
• B. mappingTemplate
• C. ruleConfiguration
• D. inputParameters

Answer: D

Explanation:
Reference:
http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_developrules_ example-events.html

NEW QUESTION 22
In Amazon CloudFront, which of the following is true of Smooth Streaming?

• A. It is a Microsoft format for streaming of media files.
• B. It is a CloudFront format for streaming of media files in RTMP distribution.
• C. It is the Adobe format for streaming of media files.
• D. It is a CloudFront format for streaming of media files in web distributio

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/on-demand-streamingsmooth. html

NEW QUESTION 23
......