A company is migrating an application from on premises to AWS. The company will host the application on Amazon EC2 instances that aredeployed in a single VPC. During the migration period, DNS queries from the EC2 instances must be able to resolve names of on-premisesservers. The migration is expected to take 3 months After the 3-month migration period, the resolution of on-premises servers will no longerbe needed.What should a network engineer do to meet these requirements with the LEAST amount of configuration?
A. Set up an AWS Site-to-Site VPN connection between on premises and AWS. Deploy an Amazon Route 53 Resolver outbound endpoint inthe Region that is hosting the VPC.
B. Set up an AWS Direct Connect connection with a private VIF. Deploy an Amazon Route 53 Resolver inbound endpoint and a Route 53Resolver outbound endpoint in the Region that is hosting the VPC.
C. Set up an AWS Client VPN connection between on premises and AWS. Deploy an Amazon Route 53 Resolver inbound endpoint in theVPC.
D. Set up an AWS Direct Connect connection with a public VIF. Deploy an Amazon Route 53 Resolver inbound endpoint in the Region that ishosting the VPC. Use the IP address that is assigned to the endpoint for connectivity to the on-premises DNS servers.
A company has a hybrid cloud environment. The company's data center is connected to the AWS Cloud by an AWS Direct Connect connection.The AWS environment includes VPCs that are connected together in a hub-and-spoke model by a transit gateway. The AWS environment has atransit VIF with a Direct Connect gateway for on-premises connectivity.The company has a hybrid DNS model. The company has configured Amazon Route 53 Resolver endpoints in the hub VPC to allowbidirectional DNS traffic flow. The company is running a backend application in one of the VPCs.The company uses a message-oriented architecture and employs Amazon Simple Queue Service (Amazon SQS) to receive messages fromother applications over a private network. A network engineer wants to use an interface VPC endpoint for Amazon SQS for this architecture.Client services must be able to access the endpoint service from on premises and from multiple VPCs within the company's AWSinfrastructure.Which combination of steps should the network engineer take to ensure that the client applications can resolve DNS for the interfaceendpoint? (Choose three.)
A. Create the interface endpoint for Amazon SQS with the option for private DNS names turned on.
B. Create the interface endpoint for Amazon SQS with the option for private DNS names turned off.
C. Manually create a private hosted zone for sqs.us-east-1.amazonaws.com. Add necessary records that point to the interface endpoint.Associate the private hosted zones with other VPCs.
D. Use the automatically created private hosted zone for sqs.us-east-1.amazonaws.com with previously created necessary records thatpoint to the interface endpoint. Associate the private hosted zones with other VPCs.
E. Access the SQS endpoint by using the public DNS name sqs.us-east-1 amazonaws.com in VPCs and on premises.
F. Access the SQS endpoint by using the private DNS name of the interface endpoint .sqs.us-east-1.vpce.amazonaws.com in VPCs and onpremises.
A global company runs business applications in the us-east-1 Region inside a VPC. One of the company's regional offices in London uses avirtual private gateway for an AWS Site-to-Site VPN connection tom the VPC. The company has configured a transit gateway and has set uppeering between the VPC and other VPCs that various departments in the company use.Employees at the London office are experiencing latency issues when they connect to the business applications.What should a network engineer do to reduce this latency?
A. Create a new Site-to-Site VPN connection. Set the transit gateway as the target gateway. Enable acceleration on the new Site-to-SiteVPN connection. Update the VPN device in the London office with the new connection details.
B. Modify the existing Site-to-Site VPN connection by setting the transit gateway as the target gateway. Enable acceleration on theexisting Site-to-Site VPN connection.
C. Create a new transit gateway in the eu-west-2 (London) Region. Peer the new transit gateway with the existing transit gateway. Modifythe existing Site-to-Site VPN connection by setting the new transit gateway as the target gateway.
D. Create a new AWS Global Accelerator standard accelerator that has an endpoint of the Site-to-Site VPN connection. Update the VPNdevice in the London office with the new connection details.
An insurance company is planning the migration of workloads from its on-premises data center to the AWS Cloud. The company requires end-to-end domain name resolution. Bi-directional DNS resolution between AWS and the existing on-premises environments must be established.The workloads will be migrated into multiple VPCs. The workloads also have dependencies on each other, and not all the workloads will bemigrated at the same time.Which solution meets these requirements?
A. Configure a private hosted zone for each application VPC, and create the requisite records. Create a set of Amazon Route 53 Resolverinbound and outbound endpoints in an egress VPC. Define Route 53 Resolver rules to forward requests for the on-premises domains to theon-premises DNS resolver. Associate the application VPC private hosted zones with the egress VPC, and share the Route 53 Resolver ruleswith the application accounts by using AWS Resource Access Manager. Configure the on-premises DNS servers to forward the clouddomains to the Route 53 inbound endpoints.
B. Configure a public hosted zone for each application VPC, and create the requisite records. Create a set of Amazon Route 53 Resolverinbound and outbound endpoints in an egress VPC. Define Route 53 Resolver rules to forward requests for the on-premises domains to theon-premises DNS resolver. Associate the application VPC private hosted zones with the egress VPC. and share the Route 53 Resolver ruleswith the application accounts by using AWS Resource Access Manager. Configure the on-premises DNS servers to forward the clouddomains to the Route 53 inbound endpoints.
C. Configure a private hosted zone for each application VPC, and create the requisite records. Create a set of Amazon Route 53 Resolverinbound and outbound endpoints in an egress VPDefine Route 53 Resolver rules to forward requests for the on-premises domains to theon-premises DNS resolver. Associate the application VPC private hosted zones with the egress VPand share the Route 53 Resolver ruleswith the application accounts by using AWS Resource Access Manager. Configure the on-premises DNS servers to forward the clouddomains to the Route 53 outbound endpoints.
D. Configure a private hosted zone for each application VPC, and create the requisite records. Create a set of Amazon Route 53 Resolverinbound and outbound endpoints in an egress VPC. Define Route 53 Resolver rules to forward requests for the on-premises domains to theon-premises DNS resolver. Associate the Route 53 outbound rules with the application VPCs, and share the private hosted zones with theapplication accounts by using AWS Resource Access Manager. Configure the on-premises DNS servers to forward the cloud domains to theRoute 53 inbound endpoints.
A company manages resources across VPCs in multiple AWS Regions. The company needs to connect to the resources by using its internaldomain name. A network engineer needs to apply the aws.example.com DNS suffix to all resources.What must the network engineer do to meet this requirement?
A. Create an Amazon Route 53 private hosted zone for aws.example.com in each Region that has resources. Associate the private hostedzone with that Region's VPC. In the appropriate private hosted zone, create DNS records for the resources in each Region.
B. Create one Amazon Route 53 private hosted zone for aws.example.com. Configure the private hosted zone to allow zone transfers withevery VPC.
C. Create one Amazon Route 53 private hosted zone for example.com. Create a single resource record for aws.example.com in the privatehosted zone. Apply a multivalue answer routing policy to the record. Add all VPC resources as separate values in the routing policy.
D. Create one Amazon Route 53 private hosted zone for aws.example.com. Associate the private hosted zone with every VPC that hasresources. In the private hosted zone, create DNS records for all resources.
A company has hundreds of VPCs on AWS. All the VPCs access the public endpoints of Amazon S3 and AWS Systems Manager through NATgateways. All the traffic from the VPCs to Amazon S3 and Systems Manager travels through the NAT gateways. The company's networkengineer must centralize access to these services and must eliminate the need to use public endpoints.Which solution will meet these requirements with the LEAST operational overhead?
A. Create a central egress VPC that has private NAT gateways. Connect all the VPCs to the central egress VPC by using AWS TransitGateway. Use the private NAT gateways to connect to Amazon S3 and Systems Manager by using private IP addresses.
B. Create a central shared services VPC. In the central shared services VPC, create interface VPC endpoints for Amazon S3 and SystemsManager to access. Ensure that private DNS is turned off. Connect all the VPCs to the central shared services VPC by using AWS TransitGateway. Create an Amazon Route 53 forwarding rule for each interface VPC endpoint. Associate the forwarding rules with all the VPCs.Forward DNS queries to the interface VPC endpoints in the shared services VPC.
C. Create a central shared services VPIn the central shared services VPC, create interface VPC endpoints for Amazon S3 and SystemsManager to access. Ensure that private DNS is turned off. Connect all the VPCs to the central shared services VPC by using AWS TransitGateway. Create an Amazon Route 53 private hosted zone with a full service endpoint name for Amazon S3 and Systems Manager.Associate the private hosted zones with all the VPCs. Create an alias record in each private hosted zone with the full AWS serviceendpoint pointing to the interface VPC endpoint in the shared services VPC.
D. Create a central shared services VPC. In the central shared services VPC, create interface VPC endpoints for Amazon S3 and SystemsManager to access. Connect all the VPCs to the central shared services VPC by using AWS Transit Gateway. Ensure that private DNS isturned on for the interface VPC endpoints and that the transit gateway is created with DNS support turned on.
A company is developing an application in which IoT devices will report measurements to the AWS Cloud. The application will have millions ofend users. The company observes that the IoT devices cannot support DNS resolution. The company needs to implement an Amazon EC2 AutoScaling solution so that the IoT devices can connect to an application endpoint without using DNS.Which solution will meet these requirements MOST cost-effectively?
A. Use an Application Load Balancer (ALB)-type target group for a Network Load Balancer (NLB). Create an EC2 Auto Scaling group. Attachthe Auto Scaling group to the ALB. Set up the IoT devices to connect to the IP addresses of the NLB.
B. Use an AWS Global Accelerator accelerator with an Application Load Balancer (ALB) endpoint. Create an EC2 Auto Scaling group. Attachthe Auto Scaling group to the ALSet up the IoT devices to connect to the IP addresses of the accelerator.
C. Use a Network Load Balancer (NLB). Create an EC2 Auto Scaling group. Attach the Auto Scaling group to the NLB. Set up the IoTdevices to connect to the IP addresses of the NLB.
D. Use an AWS Global Accelerator accelerator with a Network Load Balancer (NLB) endpoint. Create an EC2 Auto Scaling group. Attach theAuto Scaling group to the NLB. Set up the IoT devices to connect to the IP addresses of the accelerator.
A company has deployed a new web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are inan Amazon EC2 Auto Scaling group. Enterprise customers from around the world will use the application. Employees of these enterprisecustomers will connect to the application over HTTPS from office locations.The company must configure firewalls to allow outbound traffic to only approved IP addresses. The employees of the enterprise customersmust be able to access the application with the least amount of latency.Which change should a network engineer make in the infrastructure to meet these requirements?
A. Create a new Network Load Balancer (NLB). Add the ALB as a target of the NLB.
B. Create a new Amazon CloudFront distribution. Set the ALB as the distribution's origin.
C. Create a new accelerator in AWS Global Accelerator. Add the ALB as an accelerator endpoint.
D. Create a new Amazon Route 53 hosted zone. Create a new record to route traffic to the ALB.
A company is migrating an existing application to a new AWS account. The company will deploy the application in a single AWS Region byusing one VPC and multiple Availability Zones. The application will run on Amazon EC2 instances. Each Availability Zone will have several EC2instances. The EC2 instances will be deployed in private subnets.The company's clients will connect to the application by using a web browser with the HTTPS protocol. Inbound connections must bedistributed across the Availability Zones and EC2 instances. All connections from the same client session must be connected to the same EC2instance. The company must provide end-to-end encryption for all connections between the clients and the application by using theapplication SSL certificate.Which solution will meet these requirements?
A. Create a Network Load Balancer. Create a target group. Set the protocol to TCP and the port to 443 for the target group. Turn onsession affinity (sticky sessions). Register the EC2 instances as targets. Create a listener. Set the protocol to TCP and the port to 443 forthe listener. Deploy SSL certificates to the EC2 instances.
B. Create an Application Load Balancer. Create a target group. Set the protocol to HTTP and the port to 80 for the target group. Turn onsession affinity (sticky sessions) with an application-based cookie policy. Register the EC2 instances as targets. Create an HTTPS listener.Set the default action to forward to the target group. Use AWS Certificate Manager (ACM) to create a certificate for the listener.
C. Create a Network Load Balancer. Create a target group. Set the protocol to TLS and the port to 443 for the target group. Turn on sessionaffinity (sticky sessions). Register the EC2 instances as targets. Create a listener. Set the protocol to
TLS and the port to 443 for thelistener. Use AWS Certificate Manager (ACM) to create a certificate for the application.
D. Create an Application Load Balancer. Create a target group. Set the protocol to HTTPS and the port to 443 for the target group. Turn onsession affinity (sticky sessions) with an application-based cookie policy. Register the EC2 instances as targets. Create an HTTP listener.Set the port to 443 for the listener. Set the default action to forward to the target group.
A company is using Amazon Route 53 Resolver DNS Firewall in a VPC to block all domains except domains that are on an approved list. Thecompany is concerned that if DNS Firewall is unresponsive, resources in the VPC might be affected if the network cannot resolve any DNSqueries. To maintain application service level agreements, the company needs DNS queries to continue to resolve even if Route 53 Resolverdoes not receive a response from DNS Firewall.Which change should a network engineer implement to meet these requirements?
A. Update the DNS Firewall VPC configuration to disable fail open for the VPC.
B. Update the DNS Firewall VPC configuration to enable fail open for the VPC.
C. Create a new DHCP options set with parameter dns_firewall_fail_open=false. Associate the new DHCP options set with the VPC.
D. Create a new DHCP options set with parameter dns_firewall_fail_open=true. Associate the new DHCP options set with the VPC.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ANS-C01 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.