Quiz Summary
0 of 12 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Results
0 of 12 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- ANS – Network Implementation 0%
- ANS – Network Management and Operation 0%
-
Sorry, you failed the test. Carefully read our detailed explanations including the references and cheat sheets then try again. 🙂
To view your record of all previous attempts:
Visit our FAQ page for more information on the site’s features.
-
Congratulations! You passed the test. We still highly encourage you to carefully read our detailed explanations including the references and cheat sheets. 🙂
To view your record of all previous attempts:
Visit our FAQ page for more information on the site’s features.
-
Awesome! Perfect score! We still highly encourage you to carefully read our detailed explanations including the references and cheat sheets. 🙂
To view your record of all previous attempts:
Visit our FAQ page for more information on the site’s features.
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- ✔️ Answered
- 🏳️ For Review
-
Question 1 of 12
1. Question
Category: ANS – Network ImplementationAn enterprise application is hosted in Amazon EKS on Fargate with an Amazon VPC Container Network Interface (CNI) plugin configured. The application hosts corporate report files that are accessed by millions of people around the world.
The company decided to launch a new security feature to prevent users in specific geographic locations from accessing the website’s static content. The solution should also reduce the number of simultaneous requests that are sent to your origin and improve the cache hit ratio.
What should be done to enable this new feature?
CorrectIncorrect -
Question 2 of 12
2. Question
Category: ANS – Network ImplementationA company has multiple Amazon VPCs for each of its department namely Shared Services VPC, Service Consumer VPC, and an Outbound VPC proxy for domain whitelisting and content filtering. These common services ensure data compliance and network security of the company’s entire cloud infrastructure. For every new workload in AWS, the Network Team always creates a new VPC and manually peers it to the Shared VPCs.
What should the team do to automate the VPC Peering process for new AWS workloads?
CorrectIncorrect -
Question 3 of 12
3. Question
Category: ANS – Network ImplementationAn application is hosted in an Auto Scaling group of EC2 instances behind an Application Load Balancer. The Security team detected 300 random IP addresses that submitted bad requests to the application. These malicious web requests generate thousands of HTTP 4xx error codes that significantly affect the application’s performance. Based on the security logs, the Security team predicts that there would be more attacks from new IP addresses that need to be blocked.
What is the MOST suitable solution that the Network Administrator should implement to mitigate this security threat?
CorrectIncorrect -
Question 4 of 12
4. Question
Category: ANS – Network ImplementationAn online trade finance system is hosted in two Dedicated EC2 Hosts that are behind an Application Load Balancer. A Network Engineer is tasked to implement a web filtering solution that automatically blocks web requests from a list of blacklisted countries issued by the Financial Action Task Force (FATF).
What should the Engineer implement to satisfy this requirement?
CorrectIncorrect -
Question 5 of 12
5. Question
Category: ANS – Network ImplementationA Network Administrator is setting up an automated monitoring system that checks whether all Elastic IP addresses are attached to EC2 instances. The monitoring solution should verify that the Elastic IP addresses are also used by the elastic network interfaces (ENIs).
What should the Administrator do to complete this task?
CorrectIncorrect -
Question 6 of 12
6. Question
Category: ANS – Network ImplementationA financial application is hosted in several EC2 instances behind an Application Load Balancer that only accepts HTTP or HTTPS traffic. A recent misconfiguration incident occurred when a Network team member incorrectly replaced the existing security group with an unused one that allows all inbound traffic. One of the measures to prevent this from happening again is to track unassociated security groups automatically.
Which of the following is the MOST suitable solution that the team should implement?
CorrectIncorrect -
Question 7 of 12
7. Question
Category: ANS – Network ImplementationAn organization is preparing a CloudFormation template that uses the
Fn::Cidr
intrinsic function within a subnet resource to fetch available CIDR ranges. The CIDR block of the organization’s Amazon VPC is192.168.0.0/24
and the intrinsic function must produce 6 CIDRs with a/27
subnet mask.Which of the following options provides the correct combination of parameter values that will yield the expected result?
CorrectIncorrect -
Question 8 of 12
8. Question
Category: ANS – Network Management and OperationA company has a security information and event management (SIEM) solution that analyzes CloudTrail logs stored in an S3 bucket. The CloudTrail trail is configured to send a notification to an SNS topic whenever a log is outputted to the bucket. The SIEM polls new events from an SQS queue that is subscribed to the SNS topic. Then based on the SQS message, the SIEM fetches logs from the S3 bucket. A misconfiguration that resulted in permission issues has caused the SIEM to stop getting new events.
What could possibly cause this issue?
CorrectIncorrect -
Question 9 of 12
9. Question
Category: ANS – Network ImplementationAn AWS Consultant is creating a CloudFormation template that automatically establishes a VPC peering connection between two VPCs. The requester VPC located at us-east-1 is owned by the company and the accepter VPC in us-west-1 belongs to another AWS account.
What should the Consultant do in order to implement this task?
CorrectIncorrect -
Question 10 of 12
10. Question
Category: ANS – Network ImplementationA Network Engineer has created an AWS CloudFormation template that can automatically peer with a virtual private cloud (VPC) in another AWS account by using the
AWS::EC2::VPCPeeringConnection
entity configuration. The VPC peering connection will help facilitate data access and data transfer between two VPCs. While doing the deployment, the Engineer received aVpcPeeringConnection failed to stabilize
error in CloudFormation.Which of the following are the possible causes for this issue? (Select TWO.)
CorrectIncorrect -
Question 11 of 12
11. Question
Category: ANS – Network ImplementationA Systems Administrator has been tasked to set up a notification system that tracks every change in the AWS IP address ranges. How can the Administrator implement the solution with the LEAST effort?
CorrectIncorrect -
Question 12 of 12
12. Question
Category: ANS – Network ImplementationA Network Engineer has been tasked to set up an automated solution to check whether all Elastic IP addresses are properly attached to the Amazon EC2 instances. The solution must verify that the Elastic IP addresses are also in-use by the elastic network interfaces (ENIs).
How can the Engineer satisfy the above requirements?
CorrectIncorrect