An application team for a startup company is deploying a new multi-tier application into the AWS Cloud. The application will be hosted on afleet of Amazon EC2 instances that run in an Auto Scaling group behind a publicly accessible Network Load Balancer (NLB). The applicationrequires the clients to work with UDP traffic and TCP traffic.In the near term, the application will serve only users within the same geographic location. The application team plans to extend theapplication to a global audience and will move the deployment to multiple AWS Regions around the world to bring the application closer tothe end users. The application team wants to use the new Regions to deploy new versions of the application and wants to be able to controlthe amount of traffic that each Region receives during these rollouts. In addition, the application team must minimize first-byte latency andjitter (randomized delay) for the end users.How should the application team design the network architecture for the application to meet these requirements?
A. Create an Amazon CloudFront distribution to align to each Regional deployment. Set the NLB for each Region as the origin for eachCloudFront distribution. Use an Amazon Route 53 weighted routing policy to control traffic to the newer Regional deployments.
B. Create an AWS Global Accelerator accelerator and listeners for the required ports. Configure endpoint groups for each Region.Configure a traffic dial for the endpoint groups to control traffic to the newer Regional deployments. Register the NLBs with the endpointgroups.
C. Use Amazon S3 Transfer Acceleration for the application in each Region. Adjust the amount of traffic that each Region receives fromthe Transfer Acceleration endpoints to the Regional NLBs.
D. Create an Amazon CloudFront distribution that includes an origin group. Set the NLB for each Region as the origins for the origin group.Use an Amazon Route 53 latency routing policy to control traffic to the new Regional deployments.
A company has a single VPC in the us-east-1 Region. The company is planning to set up a new VPC in the us-east-2 Region. The existing VPChas an AWS Site-to-Site VPN connection to the company's on-premises environment and uses a virtual private gateway.A network engineer needs to implement a solution to establish connectivity between the existing VPC and the new VPC. The solution alsomust implement support for IPv6 for the new VPC. The company has new on-premises resources that need to connect to VPC resources byusing IPv6 addresses.Which solution will meet these requirements?
A. Create a new virtual private gateway in us-east-1. Attach the new virtual private gateway to the new VPC. Create two new Site-to-SiteVPN connections to the new virtual private gateway with IPv4 and IPv6 support. Configure routing between the VPCs by using VPCpeering.
B. Create a transit gateway in us-east-1 and in us-east-2. Attach the existing VPC and the new VPC to each transit gateway. Create a newSite-to-Site VPN connection to each transit gateway with IPv4 and IPv6 support. Configure transit gateway peering. Configure routingbetween the VPCs and the on-premises environment.
C. Create a new virtual private gateway in us-east-2. Attach the new virtual private gateway to the new VPCreate two new Site-to-Site VPNconnections to the new virtual private gateway with IPv4 and IPv6 support. Configure routing between the VPCs by using VPC peering.
D. Create a transit gateway in us-east-1. Attach the existing VPC and the new VPC to the transit gateway. Create two new Site-to-Site VPNconnections to the transit gateway with IPv4 and IPv6 support. Configure transit gateway peering. Configure routing between the VPCsand the on-premises environment.
A network engineer is working on a private DNS design to integrate AWS workloads and on-premises resources. The AWS deployment consistsof five VPCs in the eu-west-1 Region that connect to the on-premises network over AWS Direct Connect. The VPCs communicate with eachother by using a transit gateway. Each VPC is associated with a private hosted zone that uses the aws.example.internal domain. The networkengineer creates an Amazon Route 53 Resolver outbound endpoint in a shared services VPC and attaches the shared services VPC to thetransit gateway.The network engineer is implementing a solution for DNS resolution. Queries for hostnames that end with aws.example.internal must use theprivate hosted zone. Queries for hostnames that end with all other domains must be forwarded to a private on-premises DNS resolver.Which solution will meet these requirements?
A. Add a forwarding rule for "*" that targets the on-premises server's DNS IP address. Add a system rule for aws.example.internal thattargets Route 53 Resolver.
B. Add a forwarding rule for aws.example.internal that targets Route 53 Resolver. Add a system rule for "." that targets the Route 53Resolver outbound endpoint.
C. Add a forwarding rule for "*" that targets the Route 53 Resolver outbound endpoint.
D. Add a forwarding rule for "." that targets the Route 53 Resolver outbound endpoint.
Two companies are merging. The companies have a large AWS presence with multiple VPCs and are designing connectivity between their AWSnetworks. Both companies are using AWS Direct Connect with a Direct Connect gateway. Each company also has a transit gateway andmultiple AWS Site-to-Site VPN connections from its transit gateway to on-premises resources. The new solution must optimize networkvisibility, throughput, logging, and monitoring.Which solution will meet these requirements?
A. Configure a Site-to-Site VPN connection between each company's transit gateway to establish reachability between the respectivenetworks. Configure VPC Flow Logs for all VPCs. Publish the flow logs to Amazon CloudWatch. Use VPC Reachability Analyzer to monitorconnectivity.
B. Configure a Site-to-Site VPN connection between each company's transit gateway to establish reachability between the respectivenetworks. Configure VPC Flow Logs for all VPCs. Publish the flow logs to Amazon CloudWatch. Use AWS Transit Gateway Network Managerto monitor the transit gateways and their respective connections.
C. Configure transit gateway peering between each company's transit gateway. Configure VPC Flow Logs for all VPCs. Publish the flowlogs to Amazon CloudWatch. Use VPC Reachability Analyzer to monitor connectivity.
D. Configure transit gateway peering between each company's transit gateway. Configure VPC Flow Logs for all VPCs. Publish the flow logsto Amazon CloudWatch. Use AWS Transit Gateway Network Manager to monitor the transit gateways, their respective connections, and thetransit gateway peering link.
A network engineer is designing hybrid connectivity with AWS Direct Connect and AWS Transit Gateway. A transit gateway is attached to aDirect Connect gateway and 19 VPCs across different AWS accounts. Two new VPCs are being attached to the transit gateway. The IP addressadministrator has assigned 10.0.32.0/21 to the first VPC and 10.0.40.0/21 to the second VPC. The prefix list has one CIDR block remainingbefore the prefix list reaches the quota for the maximum number of entries.What should the network engineer do to advertise the routes from AWS to on premises to meet these requirements?
A. Add 10.0.32.0/21 and 10.0.40.0/21 to both AWS managed prefix lists.
B. Add 10.0.32.0/21 and 10.0.40.0/21 to the allowed prefix list.
C. Add 10.0.32.0/20 to both AWS managed prefix lists.
D. Add 10.0.32.0/20 to the allowed prefix list.
A company is moving its record-keeping application to the AWS Cloud. All traffic between the company's on-premises data center and AWSmust be encrypted at all times and at every transit device during the migration.The application will reside across multiple Availability Zones in a single AWS Region. The application will use existing 10 Gbps AWS DirectConnect dedicated connections with a MACsec capable port. A network engineer must ensure that the Direct Connect connection is securedaccordingly at every transit device.The network engineer creates a Connection Key Name and Connectivity Association Key (CKN/CAK) pair for the MACsec secret key.Which combination of additional steps should the network engineer take to meet the requirements? (Choose two.)
A. Configure the on-premises router with the MACsec secret key.
B. Update the connection's MACsec encryption mode to must_encrypt. Then associate the CKN/CAK pair with the connection.
C. Update the connection's MACsec encryption mode to should encrypt. Then associate the CKN/CAK pair with the connection.
D. Associate the CKN/CAK pair with the connection. Then update the connection's MACsec encryption mode to must_encrypt.
E. Associate the CKN/CAK pair with the connection. Then update the connection's MACsec encryption mode to should_encrypt.
A company is in the early stage of AWS Cloud adoption. The company has an application that is running in an on-premises data center in Asia.The company needs to deploy new applications in the us-east-1 Region. The applications in the cloud need connectivity to the on-premisesdata center.The company needs to set up a communication channel between AWS and the data center. The solution must improve latency, minimize thepossibility of performance impact from transcontinental routing over the public internet, and encrypt data in transit.Which solution will meet these requirements in the LEAST amount of time?
A. Create an AWS Site-to-Site VPN connection with acceleration turned on. Create a virtual private gateway. Attach the Site-to-Site VPNconnection to the virtual private gateway. Attach the virtual private gateway to the VPC where the applications will be deployed.
B. Create an AWS Site-to-Site VPN connection with acceleration turned on. Create a transit gateway. Attach the Site-to-Site VPNconnection to the transit gateway. Create a transit gateway attachment to the VPC where the applications will be deployed.
C. Create an AWS Direct Connect connection. Create a virtual private gateway. Create a public VIF and a private VIF that use the virtualprivate gateway. Create an AWS Site-to-Site VPN connection over the public VIF.
D. Create an AWS Site-to-Site VPN connection with acceleration turned off. Create a transit gateway. Attach the Site-to-Site VPNconnection to the transit gateway. Create a transit gateway attachment to the VPC where the applications will be deployed.
A company recently started using AWS Client VPN to give its remote users the ability to access resources in multiple peered VPCs andresources in the company's on-premises data center. The Client VPN endpoint route table has a single entry of 0.0.0.0/0. The Client VPNendpoint is using a new security group that has no inbound rules and a single outbound rule that allows all traffic to 0.0.0.0/0.Multiple remote users report that web search results are showing incorrect geographic location information for the users.Which combination of steps should a network engineer take to resolve this issue with the LEAST amount of service interruption? (Choosethree.)
A. Switch users to AWS Site-to-Site VPNs.
B. Enable the split-tunnel option on the Client VPN endpoint.
C. Add routes for the peered VPCs and for the on-premises data center to the Client VPN route table.
D. Remove the 0.0.0.0/0 outbound rule from the security group that the Client VPN endpoint uses.
E. Delete and recreate the Client VPN endpoint in a different VPC.
F. Remove the 0.0.0.0/0 entry from the Client VPN endpoint route table.
A company has set up hybrid connectivity between its VPCs and its on-premises data center. The company has the on-premises.example.comsubdomain configured at its DNS server in the on-premises data center. The company is using the aws.example.com subdomain for workloadsthat run on AWS across different VPCs and accounts. Resources in both environments can access each other by using IP addresses. Thecompany wants workloads in the VPCs to be able to access resources on premises by using the on-premises.example.com DNS names.Which solution will meet these requirements with MINIMUM management of resources?
A. Create an Amazon Route 53 Resolver outbound endpoint. Configure a Resolver rule that conditionally forwards DNS queries for on-premises.example.com to the on-premises DNS server. Associate the rule with the VPCs.
B. Create an Amazon Route 53 Resolver inbound endpoint and a Resolver outbound endpoint. Configure a Resolver rule that conditionallyforwards DNS queries for on-premises.example.com to the on-premises DNS server. Associate the rule with the VPCs.
C. Launch an Amazon EC2 instance. Install and configure BIND software to conditionally forward DNS queries for on-premises.example.com to the on-premises DNS server. Configure the EC2 instance's IP address as a custom DNS server in each VPC.
D. Launch an Amazon EC2 instance in each VPC. Install and configure BIND software to conditionally forward DNS queries for on-premises.example.com to the on-premises DNS server. Configure the EC2 instance's IP address as a custom DNS server in each VPC.
A network engineer needs to provide dual-stack connectivity between a company's office location and an AWS account. The company's on-premises router supports dual-stack connectivity, and the VPC has been configured with dual-stack support. The company has set up two AWSDirect Connect connections to the office location. This connectivity must be highly available and must be reliable for latency-sensitive traffic.Which solutions will meet these requirements? (Choose two.)
A. Configure a single private VIF on each Direct Connect connection. Add both IPv4 and IPv6 peering to each private VIF. Configure the on-premises equipment with the AWS provided BGP neighbors to advertise IPv4 routes on the IPv4 peering and IPv6 routes on the IPv6peering. Enable Bidirectional Forwarding Detection (BFD) on all peering sessions.
B. Configure two private VIFs on each Direct Connect connection: one private VIF with the IPv4 address family and one private VIF with theIPv6 address family. Configure the on-premises equipment with the AWS provided BGP neighbors to advertise IPv4 routes on the IPv4peering and IPv6 routes on the IPv6 peering. Enable Bidirectional Forwarding Detection (BFD) on all peering sessions.
C. Configure a single private VIF and IPv4 peering on each Direct Connect connection. Configure the on-premises equipment with thispeering to advertise the IPv6 routes in the same BGP neighbor configuration. Enable Bidirectional Forwarding Detection (BFD) on allpeering sessions.
D. Configure two private VIFs on each Direct Connect connection: one private VIF with the IPv4 address family and one private VIF with theIPv6 address family. Configure the on-premises equipment with the AWS provided BGP neighbors to advertise all IPv4 routes and IPv6routes on all peering sessions. Keep the Bidirectional Forwarding Detection (BFD) configuration unchanged.
E. Configure two private VIFs on each Direct Connect connection: one private VIF with the IPv4 address family and one private VIF with theIPv6 address family. Configure the on-premises equipment with the AWS provided BGP neighbors to advertise IPv4 routes on the IPv4peering and IPv6 routes on the IPv6 peering. Reduce the BGP hello timer to 5 seconds on both the on-premises equipment and the DirectConnect configuration.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ANS-C01 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.