Section-Based – Design and Implement Hybrid IT Network Architectures at Scale (Advanced Networking)
Quiz Summary
0 of 20 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Results
0 of 20 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- ANS – Network Design 0%
- ANS – Network Implementation 0%
-
Sorry, you failed the test. Carefully read our detailed explanations including the references and cheat sheets then try again. 🙂
To view your record of all previous attempts:
Visit our FAQ page for more information on the site’s features.
-
Congratulations! You passed the test. We still highly encourage you to carefully read our detailed explanations including the references and cheat sheets. 🙂
To view your record of all previous attempts:
Visit our FAQ page for more information on the site’s features.
-
Awesome! Perfect score! We still highly encourage you to carefully read our detailed explanations including the references and cheat sheets. 🙂
To view your record of all previous attempts:
Visit our FAQ page for more information on the site’s features.
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- Answered
- Review
-
Question 1 of 20
1. Question
Category: ANS – Network DesignA financial application is hosted in an EC2 instance launched in a private subnet. It must fetch and process the data stored in an Amazon S3 bucket to generate a PDF report file that will be uploaded back to the bucket. The traffic between the EC2 instance and Amazon S3 should not leave the Amazon network to protect confidential information.
What should the Network Engineer do to satisfy this requirement in the most cost-effective manner?
CorrectIncorrect -
Question 2 of 20
2. Question
Category: ANS – Network DesignA company has a hybrid network architecture that consists of multiple regional on-premises data centers and hundreds of AWS VPCs in various AWS Regions. The Network Administrator has been tasked to connect all of the company’s VPCs, on-premises networks, SD-WAN (Software-Defined Wide Area Network) virtual appliances, and VPN connections into a single gateway. The solution should also support inter-region peering across multiple AWS regions and provide higher bandwidth performance than a regular VPN connection.
What’s the MOST suitable solution that the Administrator should implement to build the requested network architecture?
CorrectIncorrect -
Question 3 of 20
3. Question
Category: ANS – Network DesignThe company’s two customer data centers have a total of four Direct Connect (DX) connections to its Amazon VPC. The architecture utilizes two DX locations with two connections each. The Network Engineer needs to aggregate multiple connections at a single AWS Direct Connect endpoint to treat them as a single, managed connection.
What should you use to fulfill this requirement?
CorrectIncorrect -
Question 4 of 20
4. Question
Category: ANS – Network DesignAn AWS Direct Connect connection has been established between the company’s on-premises data center and Amazon VPC using a private virtual interface with propagated routes. The Network team has been instructed to increase the connection bandwidth by allowing more than 1500 bytes of data and increasing the payload size per packet. This will enable the applications hosted in Amazon EC2 instances to send more data on-premises with the same amount of overhead. What should the team do to satisfy this requirement?
CorrectIncorrect -
Question 5 of 20
5. Question
Category: ANS – Network DesignA company is developing an online education portal in AWS which uses WebSockets for its live coding feature. The portal will be hosted in an Amazon ECS cluster and must be behind a load balancer that supports host-based and path-based routing to properly distribute the incoming traffic. There should also be consistent visibility and network traffic controls for every service of the containerized application to ensure high availability.
Which of the following is the MOST suitable solution that needs to be implemented to meet the above requirements?
CorrectIncorrect -
Question 6 of 20
6. Question
Category: ANS – Network ImplementationA company uses Amazon Virtual Private Cloud (VPC) IP Address Manager (IPAM) to facilitate IP address allocation when creating VPCs for testing environments. Management wants to automate the deployment of AWS resources. For this reason, the network engineer must generate a VPC component template that can be reused for multiple environments.
Which is the MOST suitable approach that will satisfy the requirement?
CorrectIncorrect -
Question 7 of 20
7. Question
Category: ANS – Network DesignAn organization has hundreds of Amazon VPCs for security, billing, regulatory, or other purposes that are located in us-east-1, us-east-2, us-west-1, and us-west-2 AWS Regions. A Network Engineer has been instructed to connect a VPC from the us-east-1 region to another VPC in the us-west-2 region. This will allow the two VPCs to communicate privately and securely with one another for sharing data or application services.
To improve security, the solution must also provide protection for outbound DNS requests from the VPCs to prevent DNS exfiltration of the customer data. This will ensure that no compromised application can use the DNS lookup function to maliciously send data out of the VPC to an external domain that an attacker can control.
What should the Network Engineer do to satisfy the above requirement in the MOST OPERATIONALLY-EFFICIENT WAY? (Select TWO.)
CorrectIncorrect -
Question 8 of 20
8. Question
Category: ANS – Network DesignA company has a Kubernetes application hosted in a fleet of Linux-based EC2 instances with private IPv4 addresses and a public data respository running in IPv6. The application uses a self-hosted MySQL database cluster that uses multiple private subnets in the company’s Amazon VPC. To fetch the required software and database patches, the EC2 container instances must be able to connect to the public Internet and download the needed data during the maintenance window.
A Network Administrator was instructed to set up a highly available and scalable solution that will safely allow the EC2 servers and the database instances to fetch the software patches from the Internet but prevent the outside network from initiating a connection. All of the company’s VPCs are configured with flow logs.
Which combination of steps can provide the FASTEST method for analyzing network traffic patterns and identifying risks across the corporate network? (Select TWO.)
CorrectIncorrect -
Question 9 of 20
9. Question
Category: ANS – Network DesignA company has several Amazon VPCs with Amazon Route 53 Resolvers and a DNS Firewall. The company needs to manually modify the Network Time Protocol (NTP) settings of its Amazon EC2 instances for testing purposes. The instances must use the Amazon Time Sync Service instead of an external NTP source.
The Amazon VPC must also be set to allow the Amazon Route 53 Resolver queries in the event that the Route 53 Resolver DNS Firewall is impaired, unresponsive, or not available in the zone. This approach favors high availability over security, which is what the company requires.
Which of the following options must the Network Engineer configure to satisfy the above requirements?
CorrectIncorrect -
Question 10 of 20
10. Question
Category: ANS – Network DesignA multinational bank has two data centers that are 60 miles (96.56 kilometers) from each other. The bank also has a single transit gateway that has multiple VPC and VPN attachments.
The Network team recently established two AWS Direct Connect connections from the company’s on-premises data centers to a Direct Connect location with the help of a local Direct Connect Partner. Afterward, they provisioned an AWS Direct Connect Gateway that connects to the AWS Direct Connect location via a transit virtual interface.
With this setup, what other network connections can be implemented? (Select TWO.)
CorrectIncorrect -
Question 11 of 20
11. Question
Category: ANS – Network DesignA startup is running a popular graphics design platform in AWS with over a million active users worldwide. The application is running in multiple AWS Regions with an Amazon DynamoDB Global table as its database tier. The Network Administrator has been assigned to reduce latency by routing the user traffic to the nearest application endpoint that is in close proximity to the user.
The solution must use an Anycast static IP address in order for the incoming traffic to be routed to the closest edge location. The IPv4 address entry points must come from the company’s own IP address ranges, instead of using the IP addresses that AWS provides by default.
Which combination of actions can satisfy the above requirements? (Select TWO.)
CorrectIncorrect -
Question 12 of 20
12. Question
Category: ANS – Network DesignA Network Engineer has been tasked to set up an HTTP proxy server using a single EC2 instance in the company’s VPC for domain whitelisting and content filtering. The proxy server will also be used to filter all traffic initiated by the EC2 instances to the company’s on-premises network. The Engineer must ensure that the solution provides an aggregate network bandwidth of up to 100 Gbps.
Which of the following should the Engineer do to satisfy this requirement?
CorrectIncorrect -
Question 13 of 20
13. Question
Category: ANS – Network DesignA leading insurance firm decided to adopt a hybrid cloud infrastructure that will connect its on-premises data center to its VPC located in the US East (N. Virginia) Region. A 10 Gbps AWS Direct Connect (DX) connection was established between the firm’s data center and an AWS Direct Connect Location using a private virtual interface. An AWS Direct Connect Gateway and a Virtual Private Gateway were also associated with the virtual interface to allow access to multiple VPCs and other resources.
Which of the following can be done using this connection? (Select TWO.)
CorrectIncorrect -
Question 14 of 20
14. Question
Category: ANS – Network DesignA bank has a hybrid cloud architecture in which its on-premises network and Amazon VPC is connected via an AWS Direct Connect connection using a private virtual interface. The Network Administrator has been assigned to set up a highly available Amazon AppStream 2.0 solution that provides the bank employees with instant access to their virtual desktop applications anytime and anywhere. The On-Demand AppStream 2.0 fleet must be able to communicate with the cloud resources both in the existing Amazon VPC and the company’s on-premises data center.
What should the Administrator do to complete this assignment?
CorrectIncorrect -
Question 15 of 20
15. Question
Category: ANS – Network DesignA Network Administrator launched an Amazon VPC with a primary CIDR block of
34.16.0.0/16
in order to deploy a fleet of Amazon EC2 instances for the company’s high performance computing (HPC) cluster. After a few months, there is no available IP address left in the existing VPC that hinders the launch of new EC2 instances. The Administrator must associate new secondary CIDR blocks to rectify the problem and to improve the scalability of the cloud architecture.Which of the following blocks can the Administrator associate to the existing VPC?
CorrectIncorrect -
Question 16 of 20
16. Question
Category: ANS – Network DesignAn organization has an online customer portal running on a fleet of Amazon EC2 instances hosted in a single private subnet. The portal connects to a 3rd party API, which is available through a public HTTPS endpoint, to fetch the latest customer data. A NAT Gateway has been integrated to the VPC to allow the private instances to connect to the HTTPS endpoint over the public Internet. Amazon CloudWatch metrics are also configured to properly monitor the application and network performance. The Network team noticed that the new outgoing connections are starting to fail and at the same time, the
ErrorPortAllocation
metric in Amazon CloudWatch for the NAT gateway is also increasing at a steady rate.Which of the following is the MOST suitable solution that the team should implement to further improve data connectivity?
CorrectIncorrect -
Question 17 of 20
17. Question
Category: ANS – Network DesignAn Amazon Virtual Private Cloud (VPC) has a fleet of EC2 instances hosted in a private subnet that connects to an Amazon S3 bucket via its VPC Gateway Endpoint. The VPC doesn’t have an attached Internet Gateway since the application is only used internally. You were instructed to configure the security group of the instances to only allow traffic to and from the public IP ranges of the S3 endpoint. To get the required IP ranges, you used the information provided by the
aws ec2 describe-prefix-lists
AWS CLI command. The solution worked but after a few weeks, you noticed that the outgoing requests are timing out and the instances can’t connect to the bucket any longer.Which of the following is the most suitable solution that you can do to solve this issue with LEAST effort?
CorrectIncorrect -
Question 18 of 20
18. Question
Category: ANS – Network DesignA company is using various AWS resources on its cloud architecture such as Amazon EC2 instances, S3 buckets, DynamoDB tables, RDS databases, and many others. There is a new policy that mandates all traffic between the VPC and other public AWS services to not leave the Amazon network. It should also block access from another AWS Region.
What type of VPC endpoint should you use for the Amazon S3 and DynamoDB?
CorrectIncorrect -
Question 19 of 20
19. Question
Category: ANS – Network DesignA multinational investment bank has recently provisioned an AWS Direct Connect (DX) connection from its on-premises data center to allow access to its various AWS resources. The Network Administrator has been instructed to configure the DX connection to allow the on-premises servers to connect to the EC2 resources in several Amazon VPCs and to fetch the data stored in the S3 buckets in various AWS Regions.
Which of the following should the Administrator do to complete the task with the LEAST amount of configuration overhead?
CorrectIncorrect -
Question 20 of 20
20. Question
Category: ANS – Network DesignA company has a Multi-VPC AWS Network Infrastructure consisting of multiple AWS accounts in selected AWS Regions. The AWS Control Tower service is used to launch and manage the AWS accounts as well as to specify the governed and non-governed Regions. To ensure data residency compliance, all API calls to AWS services in non-governed Regions must be blocked.
An end-to-end secure IPSec connection must also be implemented between the on-premises data center and the company’s Amazon VPC with low latency and high bandwidth. The hybrid connection must provide a more consistent network experience than a regular Internet-based VPN link.
Which combination of steps provides the MOST secure and operationally efficient solution? (Select TWO.)
CorrectIncorrect