A company operates its IT services through a multi-site hybrid infrastructure. The company deploys resources on AWS in the us-east-1 Regionand in the eu-west-2 Region. The company also deploys resources in its own data centers that are located in the United States (US) and in theUnited Kingdom (UK). In both AWS Regions, the company uses a transit gateway to connect 15 VPCs to each other. The company has createda transit gateway peering connection between the two transit gateways. The VPC CIDR blocks do not overlap with each other or with IPaddresses used within the data centers. The VPC CIDR prefixes can also be aggregated either on a Regional level or for the company's entireAWS environment.The data centers are connected to each other by a private WAN connection. IP routing information is exchanged dynamically through InteriorBGP (iBGP) sessions. The data centers maintain connectivity to AWS through one AWS Direct Connect connection in the US and one DirectConnect connection in the UK. Each Direct Connect connection is terminated on a Direct Connect gateway and is associated with a localtransit gateway through a transit VIF.Traffic follows the shortest geographical path from source to destination. For example, packets from the UK data center that are targeted toresources in eu-west-2 travel across the local Direct Connect connection. In cases of cross-Region data transfers, such as from the UK datacenter to VPCs in us-east-1, the private WAN connection must be used to minimize costs on AWS. A network engineer has configured eachtransit gateway association on the Direct Connect gateway to advertise VPC-specific CIDR IP prefixes only from the local Region. The routestoward the other Region must be learned through BGP from the routers in the other data center in the original, non-aggregated form.The company recently experienced a problem with cross-Region data transfers because of issues with its private WAN connection. Thenetwork engineer needs to modify the routing setup to prevent similar interruptions in the future. The solution cannot modify the originaltraffic routing goal when the network is operating normally.Which modifications will meet these requirements? (Choose two.)
A. Remove all the VPC CIDR prefixes from the list of subnets advertised through the local Direct Connect connection. Add the company'sentire AWS environment aggregate route to the list of subnets advertised through the local Direct Connect connection.
B. Add the CIDR prefixes from the other Region VPCs and the local VPC CIDR blocks to the list of subnets advertised through the localDirect Connect connection. Configure data center routers to make routing decisions based on the BGP communities received.
C. Add the aggregate IP prefix for the other Region and the local VPC CIDR blocks to the list of subnets advertised through the local DirectConnect connection.
D. Add the aggregate IP prefix for the company's entire AWS environment and the local VPC CIDR blocks to the list of subnets advertisedthrough the local Direct Connect connection.
E. Remove all the VPC CIDR prefixes from the list of subnets advertised through the local Direct Connect connection. Add both Regionalaggregate IP prefixes to the list of subnets advertised through the Direct Connect connection on both sides of the network. Configure datacenter routers to make routing decisions based on the BGP communities received.
A network engineer must develop an AWS CloudFormation template that can create a virtual private gateway, a customer gateway, a VPNconnection, and static routes in a route table. During testing of the template, the network engineer notes that the CloudFormation templatehas encountered an error and is rolling back.What should the network engineer do to resolve the error?
A. Change the order of resource creation in the CloudFormation template.
B. Add the DependsOn attribute to the resource declaration for the virtual private gateway. Specify the route table entry resource.
C. Add a wait condition in the template to wait for the creation of the virtual private gateway.
D. Add the DependsOn attribute to the resource declaration for the route table entry. Specify the virtual private gateway resource.
A company is planning a migration of its critical workloads from an on-premises data center to Amazon EC2 instances. The plan includes anew 10 Gbps AWS Direct Connect dedicated connection from the on-premises data center to a VPC that is attached to a transit gateway. Themigration must occur over encrypted paths between the on-premises data center and the AWS Cloud.Which solution will meet these requirements while providing the HIGHEST throughput?
A. Configure a public VIF on the Direct Connect connection. Configure an AWS Site-to-Site VPN connection to the transit gateway as a VPNattachment.
B. Configure a transit VIF on the Direct Connect connection. Configure an IPsec VPN connection to an EC2 instance that is running third-party VPN software.
C. Configure MACsec for the Direct Connect connection. Configure a transit VIF to a Direct Connect gateway that is associated with thetransit gateway.
D. Configure a public VIF on the Direct Connect connection. Configure two AWS Site-to-Site VPN connections to the transit gateway. Enableequal-cost multi-path (ECMP) routing.
An international company provides early warning about tsunamis. The company plans to use IoT devices to monitor sea waves around theworld. The data that is collected by the IoT devices must reach the company's infrastructure on AWS as quickly as possible. The company isusing three operation centers around the world. Each operation center is connected to AWS through Its own AWS Direct Connect connection.Each operation center is connected to the internet through at least two upstream internet service providers.The company has its own provider-independent (PI) address space. The IoT devices use TCP protocols for reliable transmission of the datathey collect. The IoT devices have both landline and mobile internet connectivity. The infrastructure and the solution will be deployed inmultiple AWS Regions. The company will use Amazon Route 53 for DNS services.A network engineer needs to design connectivity between the IoT devices and the services that run in the AWS Cloud.Which solution will meet these requirements with the HIGHEST availability?
A. Set up an Amazon CloudFront distribution with origin failover. Create an origin group for each Region where the solution is deployed.
B. Set up Route 53 latency-based routing. Add latency alias records. For the latency alias records, set the value of Evaluate Target Healthto Yes.
C. Set up an accelerator in AWS Global Accelerator. Configure Regional endpoint groups and health checks.
D. Set up Bring Your Own IP (BYOIP) addresses. Use the same PI addresses for each Region where the solution is deployed.
A company is using a NAT gateway to allow internet connectivity for private subnets in a VPC in the us-west-2 Region. After a security audit,the company needs to remove the NAT gateway.In the private subnets, the company has resources that use the unified Amazon CloudWatch agent. A network engineer must create a solutionto ensure that the unified CloudWatch agent continues to work after the removal of the NAT gateway.Which combination of steps should the network engineer take to meet these requirements? (Choose three.)
A. Validate that private DNS is enabled on the VPC by setting the enableDnsHostnames VPC attribute and the enableDnsSupport VPCattribute to true.
B. Create a new security group with an entry to allow outbound traffic that uses the TCP protocol on port 443 to destination 0.0.0.0/0
C. Create a new security group with entries to allow inbound traffic that uses the TCP protocol on port 443 from the IP prefixes of theprivate subnets.
D. Create the following interface VPC endpoints in the VPC: com.amazonaws.us-west-2.logs and com.amazonaws.us-west-2.monitoring.Associate the new security group with the endpoint network interfaces.
E. Create the following interface VPC endpoint in the VPC: com.amazonaws.us-west-2.cloudwatch. Associate the new security group withthe endpoint network interfaces.
F. Associate the VPC endpoint or endpoints with route tables that the private subnets use.
A company has multiple AWS accounts. Each account contains one or more VPCs. A new security guideline requires the inspection of all trafficbetween VPCs.The company has deployed a transit gateway that provides connectivity between all VPCs. The company also has deployed a shared servicesVPC with Amazon EC2 instances that include IDS services for stateful inspection. The EC2 instances are deployed across three AvailabilityZones. The company has set up VPC associations and routing on the transit gateway. The company has migrated a few test VPCs to the newsolution for traffic inspection.Soon after the configuration of routing, the company receives reports of intermittent connections for traffic that crosses Availability Zones.What should a network engineer do to resolve this issue?
A. Modify the transit gateway VPC attachment on the shared services VPC by enabling cross-Availability Zone load balancing.
B. Modify the transit gateway VPC attachment on the shared services VPC by enabling appliance mode support.
C. Modify the transit gateway by selecting VPN equal-cost multi-path (ECMP) routing support.
D. Modify the transit gateway by selecting multicast support.
A company has expanded its network to the AWS Cloud by using a hybrid architecture with multiple AWS accounts. The company has set up ashared AWS account for the connection to its on-premises data centers and the company offices. The workloads consist of private web-basedservices for internal use. These services run in different AWS accounts. Office-based employees consume these services by using a DNS namein an on-premises DNS zone that is named example.internal.The process to register a new service that runs on AWS requires a manual and complicated change request to the internal DNS. The processinvolves many teams.The company wants to update the DNS registration process by giving the service creators access that will allow them to register their DNSrecords. A network engineer must design a solution that will achieve this goal. The solution must maximize cost-effectiveness and mustrequire the least possible number of configuration changes.Which combination of steps should the network engineer take to meet these requirements? (Choose three.)
A. Create a record for each service in its local private hosted zone (serviceA.account1.aws.example.internal). Provide this DNS record tothe employees who need access.
B. Create an Amazon Route 53 Resolver inbound endpoint in the shared account VPC. Create a conditional forwarder for a domain namedaws.example.internal on the on-premises DNS servers. Set the forwarding IP addresses to the inbound endpoint's IP addresses that werecreated.
C. Create an Amazon Route 53 Resolver rule to forward any queries made to onprem.example.internal to the on-premises DNS servers.
D. Create an Amazon Route 53 private hosted zone named aws.example.internal in the shared AWS account to resolve queries for thisdomain.
E. Launch two Amazon EC2 instances in the shared AWS account. Install BIND on each instance. Create a DNS conditional forwarder oneach BIND server to forward queries for each subdomain under aws.example.internal to the appropriate private hosted zone in each AWSaccount. Create a conditional forwarder for a domain named aws.example.internal on the on-premises DNS servers. Set the forwarding IPaddresses to the IP addresses of the BIND servers.
F. Create a private hosted zone in the shared AWS account for each account that runs the service. Configure the private hosted zone tocontain aws.example.internal in the domain (account1.aws.example.internal). Associate the private hosted zone with the VPC that runsthe service and the shared account VPC.
A company has two on-premises data center locations. There is a company-managed router at each data center. Each data center has adedicated AWS Direct Connect connection to a Direct Connect gateway through a private virtual interface. The router for the first location isadvertising 110 routes to the Direct Connect gateway by using BGP, and the router for the second location is advertising 60 routes to theDirect Connect gateway by using BGP. The Direct Connect gateway is attached to a company VPC through a virtual private gateway.A network engineer receives reports that resources in the VPC are not reachable from various locations in either data center. The networkengineer checks the VPC route table and sees that the routes from the first data center location are not being populated into the route table.The network engineer must resolve this issue in the most operationally efficient manner.What should the network engineer do to meet these requirements?
A. Remove the Direct Connect gateway, and create a new private virtual interface from each company router to the virtual private gatewayof the VPC.
B. Change the router configurations to summarize the advertised routes.
C. Open a support ticket to increase the quota on advertised routes to the VPC route table.
D. Create an AWS Transit Gateway. Attach the transit gateway to the VPC, and connect the Direct Connect gateway to the transit gateway.
An ecommerce company is hosting a web application on Amazon EC2 instances to handle continuously changing customer demand. The EC2instances are part of an Auto Scaling group. The company wants to implement a solution to distribute traffic from customers to the EC2instances. The company must encrypt all traffic at all stages between the customers and the application servers. No decryption atintermediate points is allowed.Which solution will meet these requirements?
A. Create an Application Load Balancer (ALB). Add an HTTPS listener to the ALB. Configure the Auto Scaling group to register instanceswith the ALB's target group.
B. Create an Amazon CloudFront distribution. Configure the distribution with a custom SSL/TLS certificate. Set the Auto Scaling group asthe distribution's origin.
C. Create a Network Load Balancer (NLB). Add a TCP listener to the NLB. Configure the Auto Scaling group to register instances with theNLB's target group.
D. Create a Gateway Load Balancer (GLB). Configure the Auto Scaling group to register instances with the GLB's target group.
A company is using custom DNS servers that run BIND for name resolution in its VPCs. The VPCs are deployed across multiple AWS accountsthat are part of the same organization in AWS Organizations. All the VPCs are connected to a transit gateway. The BIND servers are running ina central VPC and are configured to forward all queries for an on-premises DNS domain to DNS servers that are hosted in an on-premises datacenter. To ensure that all the VPCs use the custom DNS servers, a network engineer has configured a VPC DHCP options set in all the VPCsthat specifies the custom DNS servers to be used as domain name servers.Multiple development teams in the company want to use Amazon Elastic File System (Amazon EFS). A development team has created a newEFS file system but cannot mount the file system to one of its Amazon EC2 instances. The network engineer discovers that the EC2 instancecannot resolve the IP address for the EFS mount point fs-33444567d.efs.us-east-1.amazonaws.com. The network engineer needs to implementa solution so that development teams throughout the organization can mount EFS file systems.Which combination of steps will meet these requirements? (Choose two.)
A. Configure the BIND DNS servers in the central VPC to forward queries for efs.us-east-1.amazonaws.com to the Amazon provided DNSserver (169.254.169.253).
B. Create an Amazon Route 53 Resolver outbound endpoint in the central VPC. Update all the VPC DHCP options sets to useAmazonProvidedDNS for name resolution.
C. Create an Amazon Route 53 Resolver inbound endpoint in the central VPUpdate all the VPC DHCP options sets to use the Route 53Resolver inbound endpoint in the central VPC for name resolution.
D. Create an Amazon Route 53 Resolver rule to forward queries for the on-premises domain to the on-premises DNS servers. Share therule with the organization by using AWS Resource Access Manager (AWS RAM). Associate the rule with all the VPCs.
E. Create an Amazon Route 53 private hosted zone for the efs.us-east-1.amazonaws.com domain. Associate the private hosted zone withthe VPC where the EC2 instance is deployed. Create an A record for fs-33444567d.efs.us-east1.amazonaws.com in the private hostedzone. Configure the A record to return the mount target of the EFS mount point.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ANS-C01 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.