You run a well-architected, multi-AZ application in the eu-central-1 (Frankfurt) AWS region. The application is hosted in a VPC and is only accessed from the corporate network. To support large volumes of data transfer and administration of the application, you use a single 10-Gbps AWS Direct Connect connection with multiple private virtual interfaces. As part of a review, you decide to improve the resilience of your connection to AWS and make sure that any additional connectivity does not share the same Direct Connect routers at AWS. You need to provide the best levels of resilience to meet the application's needs.

Which two options should you consider? (Choose two.)

A. Install a second 10-Gbps Direct Connect connection to the same Direct Connection location.

B. Deploy an IPsec VPN over a public virtual interface on a new 10-Gbps Direct Connect connection.

C. Install a second 10-Gbps Direct Connect connection to a Direct Connect location in eu-west-1.

D. Deploy an IPsec VPN over the Internet to the eu-west-1 region for diversity.

E. Install a second 10-Gbps Direct Connect connection to a second Direct Connect location for eucentral-1.

An organization will be expanding its current network design. When fully built out, there will be 99 VPCs spread across 11 AWS accounts (9 VPCs per account). There is currently an AWS Direct Connect connection into one account with 9 VPCs, each with a virtual network interface (VIF) per VPC.

Which of the following designs will minimize cost while allowing the organization to expand?

A. Order 10 new Direct Connect connections, one from each of the accounts that will be provisioned. Create private VIFs in each account. Attach one private VIF per VPC.

B. Create a public VIF on the Direct Connect connection. Leverage the public VIF to create a VPN connection to each VPC.

C. Create hosted private VIFs in the existing account. Connect a private VIF to an AWS Direct Connect gateway in each account. Connect the gateway in each account to the VPCs.

D. Create a transit VPC in the existing account that consists of two routers in separate Availability Zones. Connect each VPC to the two routers in the transit VPC by using VPN.

You have a global corporate network with 153 individual IP prefixes in your internal routing table. You establish a private virtual interface over AWS Direct Connect to a VPC that has an Internet gateway (IGW). All instances in the VPC must be able to route to the Internet via an IGW and route to the global corporate network via the VGW.

How should you configure your on-premises BGP peer to meet these requirements?

A. Configure AS-Prepending on your BGP session

B. Summarize your prefix announcement to less than 100

C. Announce a default route to the VPC over the BGP session

D. Enable route propagation on the VPC route table

An organization has ordered a new AWS Direct Connect connection. The AWS Management Console reports that the connection is available and BGP status is up. However, the networking team is not able to reach instances in the VPC using ping on the organization's private IP address.

What could cause this connectivity issue? (Choose two.)

A. The VGW is not advertising the correct CIDR range back on-premises.

B. The instance security group does not allow ICMP traffic.

C. A public virtual interface must be configured for Amazon EC2 connectivity.

D. The on-premises router is not advertising the correct CIDR range to AWS.

E. There is a misconfiguration of the bi-directional forwarding detection.

You need to find the subnet, the security group and the VPC that your instance is associated with. You only have access to the terminal of an instance with an admin role attached.

What is the first part of the command you would use?

A. aws ec2 describe-network-acl

B. aws ec2 describe-instances

C. aws vpc describe-all

D. aws ec2 describe-security-groups

You manage a webserver that serves a webpage on AWS infrastructure. You utilize an Application Load

Balancer, CloudFront, S3, and some other AWS services for this site. You are only responsible for the

server and you don't have access to the AWS console or API.

You need to find out what IPs are accessing your website. What is the best way to achieve this?

A. Ask someone with IAM permissions to view the Flow Logs to give you access.

B. View the access logs. They already show this information.

C. Run "curl http://169.254.169.254/latest/meta-data/access_log

D. Add "X-Forwarded For" to the access logs and view the access logs.

In the context of Amazon CloudFront, when you configure the media player, the path you specify to the media file must contain the characters _____________.

A. flv/std just before the domain name

B. flv/std immediately after the domain name

C. cfx/st just before the domain name D. cfx/st immediately after the domain name

Which of the following is true when you don't configure Amazon CloudFront to forward cookies to your origin?

A. CloudFront removes the Cookie header from requests that it forwards to your origin.

B. CloudFront disables viewer requests to your origin, including all cookies.

C. CloudFront caches your objects based on cookie values.

D. CloudFront automates code deployments to any instance.

What is the maximum size of a response body that Amazon CloudFront will return to the viewer?

A. Unlimited

B. 5 GB

C. 100 MB

D. 20 GB

A user has enabled detailed CloudWatch monitoring with the AWS Simple Notification Service. Which of

the below mentioned statements helps the user understand detailed monitoring better?

A. SNS cannot provide data every minute

B. There is no need to enable since SNS provides data every minute

C. SNS will send data every minute after configuration

D. AWS CloudWatch does not support monitoring for SNS