A company has deployed a new web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group. Enterprise customers from around the world will use the application. Employees of these enterprise customers will connect to the application over HTTPS from office locations.
The company must configure firewalls to allow outbound traffic to only approved IP addresses. The employees of the enterprise customers must be able to access the application with the least amountof latency.
Which change should a network engineer make in the infrastructure to meet these requirements?

1. A. Create a new Network Load Balancer (NLB). Add the ALB as a target of the NLB.
2. B. Create a new Amazon CloudFront distributio
3. C. Set the ALB as the distribution’s origin.
4. D. Create a new accelerator in AWS Global Accelerato
5. E. Add the ALB as an accelerator endpoint.
6. F. Create a new Amazon Route 53 hosted zon
7. G. Create a new record to route traffic to the ALB.

Correct Answer: B
Amazon CloudFront is a content delivery network (CDN) that can speed up the delivery of static and dynamic web content, such as images, videos, and APIs2. CloudFront can also provide end-to-end encryption for HTTPS traffic by using SSL certificates from AWS Certificate Manager (ACM) or other sources2. CloudFron can also support session affinity (sticky sessions) with a load balancer-generated cookie or an application-based cookie policy2.

An international company provides early warning about tsunamis. The company plans to use IoT devices to monitor sea waves around the world. The data that is collected by the IoT devices must reach the company’s infrastructure on AWS as quickly as possible. The company is using three operation centers around the world. Each operation center is connected to AWS through Its own AWS Direct Connect connection. Each operation center is connected to the internet through at least two upstream internet service providers.
The company has its own provider-independent (PI) address space. The IoT devices use TCP protocols for reliable transmission of the data they collect. The IoT devices have both landline and mobile internet connectivity. The infrastructure and the solution will be deployed in multiple AWS Regions. The company will use Amazon Route 53 for DNS services.
A network engineer needs to design connectivity between the IoT devices and the services that run in the AWS Cloud.
Which solution will meet these requirements with the HIGHEST availability?

1. A. Set up an Amazon CloudFront distribution with origin failove
2. B. Create an origin group for each Region where the solution is deployed.
3. C. Set up Route 53 latency-based routin
4. D. Add latency alias record
5. E. For the latency alias records, set the value of Evaluate Target Health to Yes.
6. F. Set up an accelerator in AWS Global Accelerato
7. G. Configure Regional endpoint groups andhealth checks.
8. H. Set up Bring Your Own IP (BYOIP) addresse
9. I. Use the same PI addresses for each Region where the solution is deployed.

Correct Answer: B
https://aws.amazon.com/blogs/iot/automate-global-device-provisioning-with-aws-iot-core-and-amazon-route-53

A Network Engineer is provisioning a subnet for a load balancer that will sit in front of a fleet of application servers in a private subnet. There is limited IP space left in the VPC CIDR. The application has few users now but is expected to grow quickly to millions of users.
What design will use the LEAST amount of IP space, while allowing for this growth?

1. A. Use two /29 subnets for an Application Load Balancer in different Availability Zones.
2. B. Use one /29 subnet for the Network Load Balance
3. C. Add another VPC CIDR to the VPC to allow for future growth.
4. D. Use two /28 subnets for a Network Load Balancer in different Availability Zones.
5. E. Use one /28 subnet for an Application Load Balance
6. F. Add another VPC CIDR to the VPC to allow for future growth.

Correct Answer: C

A company is deploying a new application in the AWS Cloud. The company wants a highly available web server that will sit behind an Elastic Load Balancer. The load balancer will route requests to multiple target groups based on the URL in the request. All traffic must use HTTPS. TLS processing must be offloaded to the load balancer. The web server must know the user’s IP address so that the company can keep accurate logs for security purposes.
Which solution will meet these requirements?

1. A. Deploy an Application Load Balancer with an HTTPS listene
2. B. Use path-based routing rules to forward the traffic to the correct target grou
3. C. Include the X-Forwarded-For request header with traffic to the targets.
4. D. Deploy an Application Load Balancer with an HTTPS listener for each domai
5. E. Use host-based routing rules to forward the traffic to the correct target group for each domai
6. F. Include the X-Forwarded-For request header with traffic to the targets.
7. G. Deploy a Network Load Balancer with a TLS listene
8. H. Use path-based routing rules to forward the traffic to the correct target grou
9. I. Configure client IP address preservation for traffic to the targets.
10. J. Deploy a Network Load Balancer with a TLS listener for each domai
11. K. Use host-based routing rules to forward the traffic to the correct target group for each domai
12. L. Configure client IP address preservation for traffic to the targets.

Correct Answer: A
An Application Load Balancer (ALB) can be used to route traffic to multiple target groups based on the URL in the request. The ALB can be configured with an HTTPS listener to ensure all traffic uses HTTPS. TLS processing can be offloaded to the ALB, which reduces the load on the web server. Path-based routing rules can be used to route traffic to the correct target group based on the URL in the request. The X-Forwarded-For request header can be included with traffic to the targets, which will allow the web server to know the user's IP address and keep accurate logs for security purposes.

A company uses a 1 Gbps AWS Direct Connect connection to connect its AWS environment to its
on-premises data center. The connection provides employees with access to an application VPC that is hosted on AWS. Many remote employees use a company-provided VPN to connect to the data center. These employees are reporting slowness when they access the application during business hours. On-premises users have started to report similar slowness while they are in the office.
The company plans to build an additional application on AWS. On-site and remote employees will use the additional application. After the deployment of this additional application, the company will need 20% more bandwidth than the company currently uses. With the increased usage, the company wants to add resiliency to the AWS connectivity. A network engineer must review the current implementation and must make improvements within a limited budget.
What should the network engineer do to meet these requirements MOST cost-effectively?

1. A. Set up a new 1 Gbps Direct Connect dedicated connection to accommodate the additional traffic load from remote employees and the additional applicatio
2. B. Create a link aggregation group (LAG).
3. C. Deploy an AWS Site-to-Site VPN connection to the application VP
4. D. Configure the on-premises routing for the remote employees to connect to the Site-to-Site VPN connection.
5. E. Deploy Amazon Workspaces into the application VPInstruct the remote employees to connect to Workspaces.
6. F. Replace the existing 1 Gbps Direct Connect connection with two new 2 Gbps Direct Connect hosted connection
7. G. Create an AWS Client VPN endpoint in the application VP
8. H. Instruct the remote employees to connect to the Client VPN endpoint.

Correct Answer: A
Setting up a new 1 Gbps Direct Connect dedicated connection to accommodate the additional trafficload from remote employees and the additional application would provide more bandwidth and lower latency than a VPN connection over the public internet1. Creating a link aggregation group (LAG) with the existing and new Direct Connect connections would provide resiliency and redundancy for the AWS connectivity2.