An IoT company sells hardware sensor modules that periodically send out temperature, humidity, pressure, and location data through the MQTT messaging protocol. The hardware sensor modules send this data to the company's on-premises MQTT brokers that run on Linux servers behind a load balancer. The hardware sensor modules have been hardcoded with public IP addresses to reach the brokers.
The company is growing and is acquiring customers across the world. The existing solution can no longer scale and is introducing additional latency because of the company's global presence. As a result, the company decides to migrate its entire infrastructure from on premises to the AWS Cloud. The company needs to migrate without reconfiguring the hardware sensor modules that are already deployed across the world. The solution also must minimize latency.
The company migrates the MQTT brokers to run on Amazon EC2 instances. What should the company do next to meet these requirements?

1. A. Place the EC2 instances behind a Network Load Balancer (NLB). Configure TCP listener
2. B. Use Bring Your Own IP (BYOIP) from the on-premises network with the NLB.
3. C. Place the EC2 instances behind a Network Load Balancer (NLB). Configure TCP listener
4. D. Create an AWS Global Accelerator accelerator in front of the NLUse Bring Your Own IP (BYOIP) from the on-premises network with Global Accelerator.
5. E. Place the EC2 instances behind an Application Load Balancer (ALB). Configure TCP listener
6. F. Create an AWS Global Accelerator accelerator in front of the AL
7. G. Use Bring Your Own IP (BYOIP) from the on-premises network with Global Accelerator
8. H. Place the EC2 instances behind an Amazon CloudFront distributio
9. I. Use Bring Your Own IP (BYOIP) from the on-premises network with CloudFront.

Correct Answer: B

A company’s network engineer is designing a hybrid DNS solution for an AWS Cloud workload. Individual teams want to manage their own DNS hostnames for their applications in their development environment. The solution must integrate the application-specific hostnames with the centrally managed DNS hostnames from the on-premises network and must provide bidirectional name resolution. The solution also must minimize management overhead.
Which combination of steps should the network engineer take to meet these requirements? (Choose three.)

1. A. Use an Amazon Route 53 Resolver inbound endpoint.
2. B. Modify the DHCP options set by setting a custom DNS server value.
3. C. Use an Amazon Route 53 Resolver outbound endpoint.
4. D. Create DNS proxy servers.
5. E. Create Amazon Route 53 private hosted zones.
6. F. Set up a zone transfer between Amazon Route 53 and the on-premises DNS.

Correct Answer: ABE

A company has its production VPC (VPC-A) in the eu-west-1 Region in Account 1. VPC-A is attached to a transit gateway (TGW-A) that is connected to an on-premises data center in Dublin, Ireland, by an AWS
Direct Connect transit VIF that is configured for an AWS Direct Connect gateway. The company also has a staging VPC (VPC-B) that is attached to another transit gateway (TGW-B) in the eu-west-2 Region in Account 2.
A network engineer must implement connectivity between VPC-B and the on-premises data center in Dublin. Which solutions will meet these requirements? (Choose two.)

1. A. Configure inter-Region VPC peering between VPC-A and VPC-
2. B. Add the required VPC peering route
3. C. Add the VPC-B CIDR block in the allowed prefixes on the Direct Connect gateway association.
4. D. Associate TGW-B with the Direct Connect gatewa
5. E. Advertise the VPC-B CIDR block under the allowed prefixes.
6. F. Configure another transit VIF on the Direct Connect connection and associate TGW-
7. G. Advertise the VPC-B CIDR block under the allowed prefixes.
8. H. Configure inter-Region transit gateway peering between TGW-A and TGW-
9. I. Add the peering routes in the transit gateway route table
10. J. Add both the VPC-A and the VPC-B CIDR block under the allowed prefix list in the Direct Connect gateway association.
11. K. Configure an AWS Site-to-Site VPN connection over the transit VIF to TGW-B as a VPN attachment.

Correct Answer: BC
* B. Associate TGW-B with the Direct Connect gateway. Advertise the VPC-B CIDR block under the allowed prefixes. This will allow traffic from VPC-B to be sent over the Direct Connect connection to the on-premises data center via TGW-B. C. Configure another transit VIF on the Direct Connect connection and associate TGW-B. Advertise the VPC-B CIDR block under the allowed prefixes. This will enable the use of the Direct Connect connection for VPC-B's traffic by connecting TGW-B to the Direct Connect gateway.

A company is using a NAT gateway to allow internet connectivity for private subnets in a VPC in the us-west-2 Region. After a security audit, the company needs to remove the NAT gateway.
In the private subnets, the company has resources that use the unified Amazon CloudWatch agent. A network engineer must create a solution to ensure that the unified CloudWatch agent continues to work after the removal of the NAT gateway.
Which combination of steps should the network engineer take to meet these requirements? (Choose three.)

1. A. Validate that private DNS is enabled on the VPC by setting the enableDnsHostnames VPC attribute and the enableDnsSupport VPC attribute to true.
2. B. Create a new security group with an entry to allow outbound traffic that uses the TCP protocol on port 443 to destination 0.0.0.0/0
3. C. Create a new security group with entries to allow inbound traffic that uses the TCP protocol on port 443 from the IP prefixes of the private subnets.
4. D. Create the following interface VPC endpoints in the VPC: com.amazonaws.us-west-2.logs and com.amazonaws.us-west-2.monitorin
5. E. Associate the new security group with the endpoint network interfaces.
6. F. Create the following interface VPC endpoint in the VPC: com.amazonaws.us-west-2.cloudwatch.Associate the new security group with the endpoint network interfaces.
7. G. Associate the VPC endpoint or endpoints with route tables that the private subnets use.

Correct Answer: BDF

A company’s network engineer needs to design a new solution to help troubleshoot and detect network anomalies. The network engineer has configured Traffic Mirroring. However, the mirrored traffic is overwhelming the Amazon EC2 instance that is the traffic mirror target. The EC2 instance hosts tools that the company’s security team uses to analyze the traffic. The network engineer needs to design a highly available solution that can scale to meet the demand of the mirrored traffic.
Which solution will meet these requirements?

1. A. Deploy a Network Load Balancer (NLB) as the traffic mirror targe
2. B. Behind the NL
3. C. deploy a fleet of EC2 instances in an Auto Scaling grou
4. D. Use Traffic Mirroring as necessary.
5. E. Deploy an Application Load Balancer (ALB) as the traffic mirror targe
6. F. Behind the ALB, deploy a fleet of EC2 instances in an Auto Scaling grou
7. G. Use Traffic Mirroring only during non-business hours.
8. H. Deploy a Gateway Load Balancer (GLB) as the traffic mirror targe
9. I. Behind the GL
10. J. deploy a fleet of EC2 instances in an Auto Scaling grou
11. K. Use Traffic Mirroring as necessary.
12. L. Deploy an Application Load Balancer (ALB) with an HTTPS listener as the traffic mirror targe
13. M. Behind the AL
14. N. deploy a fleet of EC2 instances in an Auto Scaling grou
15. O. Use Traffic Mirroring only during active events or business hours.

Correct Answer: A