AWS ANS-C00 Certified Advanced Networking Practical Exam Set 1

A company has setup an application on an EC2 Instance in a private subnet. This Instance is used to process videos. The Instance has been enabled with Enhanced Networking. The Instance now needs to get videos from an S3 bucket for processing. An lAM Role has been assigned to the Instance to access S3. But when the EC2 Instance tries to access the S3 bucket, a 403 error is returned. What needs to be done to ensure that the error gets resolved?


Options are :

  • Ensure that the CIDR range for the 53 bucket is added to the NACL?s for the subne
  • Ensure that a VPC endpoint is created and attached to the subnet (Correct)
  • Ensure that a VPC endpoint is created and attached to the EC2 Instance
  • Ensure that the CIDR range for the S3 bucket is added to the Security Groups for the EC2 Instance

Answer : Ensure that a VPC endpoint is created and attached to the subnet

AWS SCS-C01 Certified Security Speciality Practice Exam Set 1

Your company is planning on deploying EC2 Instances across multiple regions. These instances will make calls to the Simple Storage service. You are trying to understand the data transfer costs which are Incurred in such an implementation. Which of the following is not charged by AWS?


Options are :

  • From your on-premises data center to Amazon S3 in us-east-i (Correct)
  • From Amazon EC2 in eu-west-i to your on-premises data center
  • From an Elastic Compute Cloud (Amazon EC2) in eu-west-i to Amazon Simple Storage Service (Amazon S3) in us-east-i
  • From Amazon 53 In us-east-i to Amazon EC2 in eu-west-

Answer : From your on-premises data center to Amazon S3 in us-east-i

Your team has created a cloud formation template. The template consists of a creation of a Virtual private gateway, Customer gateway and a VPN connection based on the created artifacts. The templates sometimes gives errors because the routes are not being added because of the missing Virtual private gateway resource. How can you resolve this?


Options are :

  • Add a Depends On attribute to the VPGW on the Route table
  • Add a custom resource to the template for the Route Table entry
  • Change the order of the creation of the resources in the template
  • Add a Depends On attribute to the Route Table entry on the VPGW (Correct)

Answer : Add a Depends On attribute to the Route Table entry on the VPGW

You have a team that is trying to ingest data in Amazon 53. They are trying to ingest 1 TB of data using a large instance. Enhanced Networking has been enabled on the instance. But the data ingestion process is Quiz n still running slowly. What can be done to rectify the issue?


Options are :

  • Create a VPC endpoint from the instance to 53
  • Consider using 2 instances and splitting the ingestion of data (Correct)
  • Create a VPN connection from the instance to S3
  • Use an AWS Direct Connect connection between S3 and the instance

Answer : Consider using 2 instances and splitting the ingestion of data

AWS DVA-C00 Certified Developer Associate Practice Exam Set 6

Your company is planning on opening an AWS Direct Connect connection. They need to ensure that their router has the required capabilities to support this connection. Which of the following needs to be supported by the router. Choose 3 answers from the options given below ?


Options are :

  • 802.lad
  • BGP and BGP MDS authentication (Correct)
  • Single Mode Fiber (Correct)
  • 802.1QVLAN (Correct)
  • 1 Gpbs copper connection

Answer : BGP and BGP MDS authentication Single Mode Fiber 802.1QVLAN

You need to create a Private VIF for an existing AWS Direct Connect connection. Which of the following is required during the configuration process?


Options are :

  • VLAN ID (Correct)
  • Virtual Gateway (Correct)
  • The Peer Public IP
  • Prefixes to advertise

Answer : VLAN ID Virtual Gateway

You?ve just setup an Amazon Red shift cluster and started loading tables using the COPY command. You?ve noticed that the Internet Is being utilized for the data being copied. You want to ensure that the internet is not used during the copy operation. How can you achieve this?


Options are :

  • Ensure the routing table points to a VPN instead of the Internet gateway
  • Ensure Enhanced VPC routing Is enabled for the Red shift cluster (Correct)
  • Ensure the Security Groups are set on the EC2 Instances hosting the Red shift cluster
  • Ensure the NACL?s are set on the Subnets hosting the Red shift cluster

Answer : Ensure Enhanced VPC routing Is enabled for the Red shift cluster

AWS SCS-C01 Certified Security Speciality Practice Exam Set 2

Your team has setup a testing environment using a VPC and EC2 Instances. An application is being hosted on these Instances. Some housekeeping scripts are being developed using AWS Lambda that would need to delete files created by these Ec2 Instances on their respective EBS volumes. What Is the Initial configuration that needs to be put in place?


Options are :

  • Ensure the VPC has a route entry to the Lambda function
  • Ensure to use the –vpc -config when creating the AWS Lambda function (Correct)
  • Ensure an Internet gateway Is attached to the VPC
  • Ensure to use the --vpc- conflg when creating the Ec2 instance

Answer : Ensure to use the –vpc -config when creating the AWS Lambda function

You have an on-premise application that needs access to the Simple Storage Service. Some of the key requirements are high bandwidth for the connection, low jitter and high availability. Which of the following option would you consider in the design?


Options are :

  • Use the public Internet to access the S3 service
  • Using an IPSec VPN connection to a Virtual Private gateway
  • Using AWS Direct Connect with a private VIF
  • Using AWS Direct Connect with a public VIF (Correct)

Answer : Using AWS Direct Connect with a public VIF

Your production team has created a Multi-AZ Amazon RDS instance. The application connects to the instance via a custom DNS A record. There was an instance wherein the primary database failed and the application could no longer connect to the database. What needs to be done to ensure this same issue does not happen in the future?


Options are :

  • Ensure that the application is using the IP address of primary database instance
  • Ensure that the application is using the IP address of secondary database instance
  • Ensure the primary database is quickly swapped with the secondary one
  • Ensure that the application Is using the Amazon RDS hostname (Correct)

Answer : Ensure that the application Is using the Amazon RDS hostname

AWS SCS-C01 Certified Security Speciality Practice Exam Set 4

Your company has an AWS Direct connect connection in the us-west region. They want to use a VPC via the AWS Direct Connect connection. The VPC is located in another region. How can you achieve this connectivity? Choose 2 answers from the options given below.


Options are :

  • Create a private VIF from the current AWS Direct Connect Connection. With Inter-region peering this is possible.
  • Create a Direct Connect gateway in a public region (Correct)
  • Create a Public VIF and then a VPN connection over that to the remote VPC (Correct)
  • Create a private VIF and then a VPN connection over that to the remote VPC

Answer : Create a Direct Connect gateway in a public region Create a Public VIF and then a VPN connection over that to the remote VPC

You design cloud formation templates which are used to provision infrastructure for your company?s account. This is the primary way in which resources can be created. But apart from Cloud formation • the company wants to get automated alerts if any other resources get created. Choose 3 services from the below list that can help accomplish this?


Options are :

  • Ops work
  • AWS Config (Correct)
  • Simple Notification Service
  • Cloud watch Logs
  • AWS Lrrbd (Correct)
  • Cloud formation

Answer : AWS Config AWS Lrrbd

You want to automated the VPC Peering connections that occurs in your AWS Account. Which of the following methods can be used to automate the VPC peering connections


Options are :

  • Use a Cloud formation template to peer the VPC5 (Correct)
  • Use an Ops work stack to peer the VPCs
  • Use cloud trail along with a Lambda function
  • Use Cloud watch metrics along with a Lambda function

Answer : Use a Cloud formation template to peer the VPC5

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 13

Your team has created a cloud formation template. It creates a VPC and a subnet with a CIDR block of 10.0.0.0/16 and you have created another subnet with in the VPC with a CIDR block of 10.1.0.0/24. What will happen when you try to deploy the template?


Options are :

  • The template will give a deployment error and all resources will be rolled back (Correct)
  • The template will give a deployment error when creating the subnet and leave the VPC as created
  • The template will give an error during the design stage
  • The template will deploy successfully

Answer : The template will give a deployment error and all resources will be rolled back

You have a set of EC2 Instances in a VPC. You need to have optimal network performance on these Instances. These Instances will talk to Instances In another VPC via VPC peering. Which of the following should be carried out to ensure maximum network performance? Choose 2 answers from the options given below.


Options are :

  • Ensure the operating system supports Enhanced networking (Correct)
  • Set the MTU on the Instances to 9001
  • Enable Enhanced Networking on the Instances (Correct)
  • Create 2 availability zones for the instances in the primary VPC and place them in a placement group

Answer : Ensure the operating system supports Enhanced networking Enable Enhanced Networking on the Instances

You are designing an SSL/TLS solution that requires HTTPS clients to be authenticated by the Web server using client certificate authentication. The solution must be resilient. Which of the following options would you consider for configuring the web server infrastructure? Choose 2 answers from the options below


Options are :

  • Configure ELB with TCP listeners on TCP/443. And place the Web servers behind it. (Correct)
  • Configure your web servers as the origins for a Cloud Front distribution.
  • Configure your Web servers with EIP?s. Place the Web servers in a Route53 Record Set and configure health checks against all Web servers.
  • Configure ELB with HTTPS listeners, and place the Web servers behind it. (Correct)

Answer : Configure ELB with TCP listeners on TCP/443. And place the Web servers behind it. Configure ELB with HTTPS listeners, and place the Web servers behind it.

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 9

Your company has an AWS Direct connect connection in the us-west region. They are currently using a public VIF to access an S3 bucket in the us-west region. They now want to make use of AWS Direct Connect to access an 53 bucket in the us-east region. How can this be achieved In the most economical way?


Options are :

  • Create an VPN IPsec connection
  • Create another AWS Direct connect connection from your on-premise network in the us-east region.
  • Create another Public VIF from your current AWS Direct connect connection (Correct)
  • Create another Private VIF from your current AWS Direct connect connection

Answer : Create another Public VIF from your current AWS Direct connect connection

A company has setup a set of EC2 Instances behind an Application Load Balancer. There seems to be a barrage of requests from a series of URL?s, You need to have these URL?s blacklisted. How can you achieve this on an ongoing manner?


Options are :

  • Put a WAF in front of the Application Load Balancer (Correct)
  • Deny the URL?s via the NACL?s for the subnet
  • Use AWS VPC Flow logs to prevent the attacks from the URL?s
  • Deny the URLS via the Security Groups for the Instance

Answer : Put a WAF in front of the Application Load Balancer

You currently have 9 EC2 instances running in a Placement Group. All these 9 instances were initially launched at the same time and seem to be performing as expected. You decide that you need to add 2 new instances to the group; however, when you attempt to do this you receive a capacity error. Which of the following actions will most likely fix this problem? Choose the correct answer from the options below Please select:


Options are :

  • Stop and restart the instances in the Placement Group and then try the launch again. (Correct)
  • Make a new Placement Group and launch the new instances in the new group. Make sure the Placement Groups are in the same subnet.
  • Request a capacity Increase from AWS as you are initially limited to 10 instances per Placement Group.
  • Make sure all the instances are the same size and then try the launch again.

Answer : Stop and restart the instances in the Placement Group and then try the launch again.

AWS SCS-C01 Certified Security Speciality Practice Exam Set 4

You have a My SQL cluster which is hosted in AWS. The nodes in the cluster currently work with the private IP addresses. There is a self-referencing security group which is used for securing access across the nodes of the cluster. There Is now a requirement to ensure disaster recovery for these nodes in another region. How can you achieve communication across the nodes in different regions securely?


Options are :

  • Use public IP addresses and use SSL certificates for secure communication across the nodes
  • Create a VPN IPSec tunnel. Ensure the nodes in the different region reference the security groups assigne to the nodes in the primary region
  • Use the private IP addresses of the nodes and use SSL certificates for secure communication across the nodes
  • Create a VPN IPSec tunnel. Ensure the nodes in the different region reference the VPC CIDR block in their security groups (Correct)

Answer : Create a VPN IPSec tunnel. Ensure the nodes in the different region reference the VPC CIDR block in their security groups

Your company has an AWS Direct Connect connection from a VPC to an on-premise location. Which of the following can be used as a backup incase the Direct Connect connection fails for any reason? Choose 2 answers from the options given below ?


Options are :

  • Setup a secondary Direct Connect connection.
  • Setup a peering connection (Correct)
  • Set up a VPN connection „ (Correct)
  • There is no need to configure this as AWS will fall back to a secondary Direct Connect connection as per their SLA.

Answer : Setup a peering connection Set up a VPN connection „

Your company has the following Direct Connect and VPN Connections Site A - VPN 10.1.0.0/24 AS 65000 65000 Site B - VPN 10.1.0.252/30 AS 65000 Site C - Direct Connect 10.0.0.0/8 AS 65000 Site D - Direct Connect 10.0.0.0/16 AS 65000 SI Which site will AWS choose to reach your network? SI Please select:


Options are :

  • Site A
  • Site C
  • Site D
  • Site B (Correct)

Answer : Site B

Practice Questions : AWS Certified Solutions Architect Associate

Your company has an EC2 Instance hosted in AWS. This EC2 Instance hosts an application. Currently this application Is experiencing a number of Issues. You need to inspect the network packets to see what the ty of error that Is occurring? Which one of the below steps can help address this issue?


Options are :

  • Use another instance. Setup a port to promiscuous mode? and sniff the traffic to analyze the packets
  • Use a network mentioning tool provided by an AWS partner. (Correct)
  • Use VPC Flow Logs.
  • Use Cloud watch metric

Answer : Use a network mentioning tool provided by an AWS partner.

You have working on creating a VPN connection between AWS and your on-premise infrastructure. You?ve created the Virtual private gateway • and the customer gateway. You need to ensure the firewall rules are set on your side. Which of the following would you configure? Choose 2 answers from the options given below ?


Options are :

  • UDP port 500 (Correct)
  • TCP port SOO
  • IP protocol 50 (Correct)
  • TCP port SO
  • P protocol 5
  • UDP port SO

Answer : UDP port 500 IP protocol 50

You have setup an EC2 Instance that hosts a web application. You have set the following rules • Security Group Rules o Allow Inbound Traffic on port 80 from 0.0.0.0/0 o Deny Outgoing Traffic • NACL o Allow Inbound Traffic on port 80 from 0.0.0.0/0 o Deny Outgoing Traffic Users are complaining that they cannot access the web server. How can you ensure that the issue gets resolved?


Options are :

  • Allow Outgoing Traffic on the NACL for port 80
  • Allow Outgoing Traffic on the Security groups for ephemeral ports
  • Allow Outgoing Traffic on the NACL for ephemeral ports (Correct)
  • Allow Outgoing Traffic on the Security groups for port 80

Answer : Allow Outgoing Traffic on the NACL for ephemeral ports

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 15

Your team is using a NAT instance on an Linux EC2 Instance. The private subnet has a route added for S 0.0.0.0/0 for the NAT Instance. This NAT Instance Is being used to download updates from the Internet for instances In the private subnet. But the IT administrators who are in charge of applying the updates complain of slow response times. What can be done to rectify this issue? Choose 2 answers from the options given below


Options are :

  • Upgrade the NAT instance to a larger instance type (Correct)
  • Move the NAT instance to the private subnet to be closer the instances
  • Add another NAT instance. Add another route for 0.0.0.0/0 to the new NAT instance
  • Replace the NAT instance with a NAT gateway (Correct)

Answer : Upgrade the NAT instance to a larger instance type Replace the NAT instance with a NAT gateway

You are trying to diagnose a connection issue with a Linux instance. The instance is assigned a public IP and is in the public subnet. You can also see that the Internet gateway is attached and the route tables are in place. You SSH into the Instance from a bastion host. You then do an lf config and see that the Interface does not have a public IP address. What should be done next to check the issue ?


Options are :

  • Assign an Elastic IP to the interface
  • Assign the public IP to the interface
  • Assign a private P to the interface
  • Check the Security Groups for the instance (Correct)

Answer : Check the Security Groups for the instance

You need to perform a deep packet analysis for packets that are being sent to your EC2 Instance. Which of the following can help you accomplish this?


Options are :

  • AWS VPC Flow Logs
  • AWS Cloud Trail
  • AWS Cloud Watch
  • Wire shark (Correct)

Answer : Wire shark

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 12

You have an EC2 Instance that will act as a custom origin for a Cloud front web distribution. You need to ensure that traffic is encryp


Options are :

  • Configure the Viewer protocol policy as Redirect HTTP to HTTPS and ensure that the traffic flows via the
  • Configure the Viewer protocol policy as HTTP and ensure that SSL certificate is installed on the EC2 Instance
  • Configure the Viewer protocol policy as Redirect HTTP to HTTPS and Change the Origin Protocol policy to Match Viewer (Correct)
  • Configure the Viewer protocol policy as HTTPS and ensure that the traffic flows via the Amazon Virtual Private Network

Answer : Configure the Viewer protocol policy as Redirect HTTP to HTTPS and Change the Origin Protocol policy to Match Viewer

You?re AWS Admin team has created an AWS workspace. Users on the on-premise environment don?t seem to have the ability to use the AWS created workspaces. What could be the primary underling issue. Please select:


Options are :

  • The ports on the company firewall are not open
  • The Security Groups on AWS Workspaces are not allowing outbound traffic
  • The NACLS on the AWS Workspaces are not allowing incoming traffic
  • The AWS Workspaces have not been created properly. They need to be recreated (Correct)

Answer : The AWS Workspaces have not been created properly. They need to be recreated

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions