You manage a web service that is used by client applications deployed in 300 offices worldwide. The web service architecture is an Elastic Load balancer (ELB) distributing traffic across four application servers deployed in an autoscaling group across two availability zones.
The ELB is configured to use round robin, and sticky sessions are disabled. You have configured the NACLs and Security Groups to allow port 22 from your bastion host, and port 80 from 0.0.0.0/0. The client configuration is managed by each regional IT team.
Upon inspection you find that a large amount of requests from incorrectly configured sites are causing a single application server to degrade. The remainder of the requests are equally distributed across all servers with no negative effects.
What should you do to remedy the situation and prevent future occurrences?

1. A. Mark the affected instance as degraded in the ELB and raise it with the client application team.
2. B. Update the NACL to only allow port 80 to the application servers from the ELB servers.
3. C. Update the Security Groups to only allow port 80 to the application servers from the ELB.
4. D. Terminate the affected instance and allow Auto Scaling to create a new instance.

Correct Answer: C

You are building an application that provides real-time audio and video services to customers on the Internet. The application requires high throughput. To ensure proper audio and video transmission, minimal latency is required.
Which of the following will improve transmission quality?

1. A. Enable enhanced networking
2. B. Select G2 instance types
3. C. Enable jumbo frames
4. D. Use multiple elastic network interfaces

Correct Answer: A
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html

A company uses AWS Direct Connect lo connect its corporate network to multiple VPCs in the same AWS account and the same AVVS Region Each VPC uses its own private VIF and its own virtual LAN on the Direct Connect connection The company has grown and will soon surpass the limit of VPCs and private VIFs for each connection
What is the MOST scalable way to add VPCs with on-premises connectivity?

1. A. Provision a new Direct Connect connection to handle the additional VPCs Use the new connection to connect additional VPCs.
2. B. Create virtual private gateways for each VPC that is over the service quota Use AWS Site-to-Site VPN to connect the virtual private gateways to the corporate network
3. C. Create a Direct Connect gateway, and add virtual private gateway associations to the VPC
4. D. Configure a private VIF to connect to the corporate network
5. E. Create a transit gateway and attach the VPCs Create a Direct Connect gateway, and associate it with the transit gateway Create a transit VIF to the Direct Connect gateway

Correct Answer: D

A company uses a newly provisioned 1-Gbps AWS Direct Connect connection to configure a virtual interface for access to Amazon S3
Which configuration values is the network engineer required to provide? (Select TWO.)

1. A. Connection speed
2. B. VLAN ID
3. C. IP prefixes to advertise
4. D. Direct Connect location
5. E. Virtual private gateway

Correct Answer: BE

A company is about to migrate an application from its on-premises data center to AWS. As part of the planning process, the following requirements involving DNS have been identified.
The organization’s VPC uses the CIDR block 172.16.0.0/16.
Assuming that there is no DNS namespace overlap, how can these requirements be met?

1. A. Change the DHCP options set for the VPC to use both the Amazon-provided DNS server and theon-premises DNS system
2. B. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.
3. C. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxie
4. D. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to 172.16.0.2. Change the DHCP options set for the VPC to use the new DNS proxie
5. E. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.
6. F. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxie
7. G. Configure the proxies to forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to the Amazon-provided DNS server (172.16.0.2). Change the DHCP options set for the VPC to use the new DNS proxie
8. H. Configure the on-premises DNS systems with a stub-zone, delegating the proxies as authoritative for the Route 53 private hosted zone.
9. I. Change the DHCP options set for the VPC to use both the on-premises DNS system
10. J. Configure theon-premises DNS systems with a stub-zone, delegating the Route 53 private hosted zone’s name servers as authoritative for the Route 53 private hosted zone.

Correct Answer: C