لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
A company's existing AWS environment contains public application servers that run on Amazon EC2 instances. The application servers run in a VPC subnet. Each server is associated with an Elastic IP address.The company has a new requirement for firewall inspection of all traffic from the internet before the traffic reaches any EC2 instances. A security engineer has deployed and configured a Gateway Load Balancer (GLB) in a standalone VPC with a fleet of third-party firewalls.How should a network engineer upda
A. Deploy a transit gateway
B. Update the application subnet route table to have a default route to the GLOn the standalone VPC that contains the firewall fleet, add a route in the route table for the application VPC's CIDR block with the GLB endpoint as the destination
C. Provision a GLB endpoint in the application VPC in a new subnet
D. Instruct the security engineer to move the GLB into the application VPC
عرض الإجابة
اجابة صحيحة: A
السؤال #2
A company has developed a new web application on AWS. The application runs on Amazon Elastic Container Service (Amazon ECS) on AWS Fargate behind an Application Load Balancer (ALB) in the us-east-1 Region. The application uses Amazon Route 53 to host the DNS records for the domain. The content that is served from the website is mostly static images and files that are not updated frequently. Most of the traffic to the website from end users will originate from the United States. Some traffic will originate f
A. Configure the ALB to use an AWS Global Accelerator accelerator in us-east-1
B. Configure the ALB to use a secure HTTPS listener
C. Configure the ALB to use a secure HTTPS listener
D. Configure the ALB to use an AWS Global Accelerator accelerator in us-east-1
عرض الإجابة
اجابة صحيحة: C
السؤال #3
A real estate company is building an internal application so that real estate agents can upload photos and videos of various properties. The application will store these photos and videos in an Amazon S3 bucket as objects and will use Amazon DynamoDB to store corresponding metadata. The S3 bucket will be configured to publish all PUT events for new object uploads to an Amazon Simple Queue Service (Amazon SQS) queue.A compute cluster of Amazon EC2 instances will poll the SQS queue to find out about newly upl
A. Place the EC2 instances in a public subnet
B. Place the EC2 instances in a private subnet
C. Place the EC2 instances in a private subnet
D. Place the EC2 instances in a private subnet
عرض الإجابة
اجابة صحيحة: C
السؤال #4
A network engineer must develop an AWS CloudFormation template that can create a virtual private gateway, a customer gateway, a VPN connection, and static routes in a route table. During testing of the template, the network engineer notes that the CloudFormation template has encountered an error and is rolling back. What should the network engineer do to resolve the error?
A. Change the order of resource creation in the CloudFormation template
B. Add the DependsOn attribute to the resource declaration for the virtual private gatewa
C. Specify the route table entry resource
D. Add a wait condition in the template to wait for the creation of the virtual private gateway
E. Add the DependsOn attribute to the resource declaration for the route table entr
F. Specify the virtual private gateway resource
عرض الإجابة
اجابة صحيحة: C
السؤال #5
A company is planning a migration of its critical workloads from an on-premises data center to Amazon EC2 instances. The plan includes a new 10 Gbps AWS Direct Connect dedicated connection from the on-premises data center to a VPC that is attached to a transit gateway. The migration must occur over encrypted paths between the on-premises data center and the AWS Cloud. Which solution will meet these requirements while providing the HIGHEST throughput?
A. Configure a public VIF on the Direct Connect connectio
B. Configure an AWS Site-to-Site VPN connection to the transit gateway as a VPN attachment
C. Configure a transit VIF on the Direct Connect connectio
D. Configure an IPsec VPN connection to an EC2 instance that is running third-party VPN software
E. Configure MACsec for the Direct Connect connectio
F. Configure a transit VIF to a Direct Connect gateway that is associated with the transit gateway
عرض الإجابة
اجابة صحيحة: C
السؤال #6
A company runs an application on Amazon EC2 instances. A network engineer implements a NAT gateway in the application's VPC to replace self-managed NAT instances. After the network engineer shifts traffic from the self-managed NAT instances to the NAT gateway, users begin to report issues.During troubleshooting, the network engineer discovers that the connection to the application is closing after approximately 6 minutes of inactivity.What should the network engineer do to resolve this issue?
A. Check for increases in the IdleTimeoutCount Amazon CloudWatch metric for the NAT gateway
B. Check for increases in the ErrorPortAllocation Amazon CloudWatch metric for the NAT gateway
C. Check for increases in the PacketsDropCount Amazon CloudWatch metric for the NAT gateway
D. Check for decreases in the ActiveConnectionCount Amazon CloudWatch metric for the NAT gateway
عرض الإجابة
اجابة صحيحة: A
السؤال #7
A network engineer is designing the architecture for a healthcare company's workload that is moving to the AWS Cloud. All data to and from the on-premises environment must be encrypted in transit. All traffic also must be inspected in the cloud before the traffic is allowed to leave the cloud and travel to the on-premises environment or to the internet.The company will expose components of the workload to the internet so that patients can reserve appointments. The architecture must secure these components a
A. Use Traffic Mirroring to copy all traffic to a fleet of traffic capture appliances
B. Set up AWS WAF on all network components
C. Configure an AWS Lambda function to create Deny rules in security groups to block malicious IP addresses
D. Use AWS Direct Connect with MACsec support for connectivity to the cloud
E. Use Gateway Load Balancers to insert third-party firewalls for inline traffic inspection
F. Configure AWS Shield Advanced and ensure that it is configured on all public assets
عرض الإجابة
اجابة صحيحة: BDF
السؤال #8
A company deploys a new web application on Amazon EC2 instances. The application runs in private subnets in three Availability Zones behind an Application Load Balancer (ALB). Security auditors require encryption of all connections. The company uses Amazon Route 53 for DNS and uses AWS Certificate Manager (ACM) to automate SSL/TLS certificate provisioning. SSL/TLS connections are terminated on the ALB. The company tests the application with a single EC2 instance and does not observe any problems. However, a
A. Modify the ALB listener configuratio
B. Edit the rule that forwards traffic to the target grou
C. Change the rule to enable group-level stickines
D. Set the duration to the maximum application session length
E. Replace the ALB with a Network Load Balance
F. Create a TLS listene G
عرض الإجابة
اجابة صحيحة: C
السؤال #9
Your organization has a newly installed 1-Gbps AWS Direct Connect connection. You order the cross-connect from the Direct Connect location provider to the port on your router in the same facility. To enable the use of your first virtual interface, your router must be configured appropriately. What are the minimum requirements for your router?
A. 1-Gbps Multi Mode Fiber Interface, 802
B. 1-Gbps Single Mode Fiber Interface, 802
C. IPsec Parameters, Pre-Shared key, Peer IP Address, BGP Session with MD5
D. BGP Session with MD5, 802
عرض الإجابة
اجابة صحيحة: C
السؤال #10
A company has deployed an application in a VPC that uses a NAT gateway for outbound traffic to the internet. A network engineer notices a large quantity of suspicious network traffic that is traveling from the VPC over the internet to IP addresses that are included on a deny list. The network engineer must implement a solution to determine which AWS resources are generating the suspicious traffic. The solution must minimize cost and administrative overhead. Which solution will meet these requirements?
A. Launch an Amazon EC2 instance in the VP
B. Use Traffic Mirroring by specifying the NAT gateway as the source and the EC2 instance as the destinatio
C. Analyze the captured traffic by using open-source tools to identify the AWS resources that are generating the suspicious traffic
D. Use VPC flow log
E. Launch a security information and event management (SIEM) solution in the VP
F. Configure the SIEM solution to ingest the VPC flow log G
عرض الإجابة
اجابة صحيحة: B
السؤال #11
A company is deploying a new application on AWS. The application uses dynamic multicasting. The company has five VPCs that are all attached to a transit gateway Amazon EC2 instances in each VPC need to be able to register dynamically to receive a multicast transmission. How should a network engineer configure the AWS resources to meet these requirements?
A. Create a static source multicast domain within the transit gatewa
B. Associate the VPCs and applicable subnets with the multicast domai
C. Register the multicast senders' network interface with the multicast domai
D. Adjust the network ACLs to allow UDP traffic from the source to all receivers and to allow UDP traffic that is sent to the multicast group address
E. Create a static source multicast domain within the transit gatewa
F. Associate the VPCs and applicable subnets with the multicast domai G
عرض الإجابة
اجابة صحيحة: D
السؤال #12
A company plans to run a computationally intensive data processing application on AWS. The data is highly sensitive. The VPC must have no direct internet access, and the company has applied strict network security to control access.Data scientists will transfer data from the company's on-premises data center to the instances by using an AWS Site-to-Site VPN connection. The on-premises data center uses the network range 172.31.0.0/20 and will use the network range 172.31.16.0/20 in the application VPC.The da
A. Modify the security group for the application
B. Modify the network ACLs for the VPC subnet
C. Modify the network ACLs for the VPC subnet
D. Modify the security group for the application
عرض الإجابة
اجابة صحيحة: B
السؤال #13
A company's AWS architecture consists of several VPCs. The VPCs include a shared services VPC and several application VPCs. The company has established network connectivity from all VPCs to the on-premises DNS servers. Applications that are deployed in the application VPCs must be able to resolve DNS for internally hosted domains on premises. The applications also must be able to resolve local VPC domain names and domains that are hosted in Amazon Route 53 private hosted zones. What should a network enginee
A. reate a new Route 53 Resolver inbound endpoint in the shared services VPC
B. reate a new Route 53 Resolver outbound endpoint in the shared services VPC
C. reate a new Route 53 Resolver outbound endpoint in the shared services VPCreate forwarding rules for the on-premises hosted domains
D. reate a new Route 53 Resolver inbound endpoint in the shared services VPC
عرض الإجابة
اجابة صحيحة: B
السؤال #14
A company has two on-premises data center locations. There is a company-managed router at each data center. Each data center has a dedicated AWS Direct Connect connection to a Direct Connect gateway through a private virtual interface. The router for the first location is advertising 110 routes to the Direct Connect gateway by using BGP, and the router for the second location is advertising 60 routes to the Direct Connect gateway by using BGP. The Direct Connect gateway is attached to a company VPC through
A. Remove the Direct Connect gateway, and create a new private virtual interface from each company router to the virtual private gateway of the VPC
B. Change the router configurations to summarize the advertised routes
C. Open a support ticket to increase the quota on advertised routes to the VPC route table
D. Create an AWS Transit Gatewa
E. Attach the transit gateway to the VPC, and connect the Direct Connect gateway to the transit gateway
عرض الإجابة
اجابة صحيحة: D
السؤال #15
A company needs to temporarily scale out capacity for an on-premises application and wants to deploy new servers on Amazon EC2 instances. A network engineer must design the networking solution for the connectivity and for the application on AWS.The EC2 instances need to share data with the existing servers in the on-premises data center. The servers must not be accessible from the internet. All traffic to the internet must route through the firewall in the on-premises data center. The servers must be able t
A. Create a VPC that has public subnets and private subnets
B. Create a VPC that has private subnets
C. Create a VPC that has public subnets
D. Create a VPC that has public subnets and private subnets
عرض الإجابة
اجابة صحيحة: A
السؤال #16
A company has two on-premises data center locations. There is a company-managed router at each data center. Each data center has a dedicated AWS Direct Connect connection to a Direct Connect gateway through a private virtual interface. The router for the first location is advertising 110 routes to the Direct Connect gateway by using BGP, and the router for the second location is advertising 60 routes to the Direct Connect gateway by using BGP. The Direct Connect gateway is attached to a company VPC through
A. Remove the Direct Connect gateway, and create a new private virtual interface from each company router to the virtual private gateway of the VPC
B. Change the router configurations to summarize the advertised routes
C. Open a support ticket to increase the quota on advertised routes to the VPC route table
D. Create an AWS Transit Gateway
عرض الإجابة
اجابة صحيحة: D
السؤال #17
A consulting company manages AWS accounts for its customers. One of the company's customers needs to add intrusion prevention for its environment without having to re-architect the environment. The customer's environment includes five VPCs in two AWS Regions in the United States. VPC-to-VPC connectivity is achieved through VPC peering. The customer does not plan to increase the number of VPCs within the next 2 years. The solution must accommodate unencrypted traffic.Which solution will meet these requiremen
A. Configure VPC security groups and network ACLs
B. Use an AWS Network Firewall centralized deployment model in each VPC
C. Use an AWS Network Firewall distributed deployment model in each VPC
D. Deploy AWS Shield in each VPC
عرض الإجابة
اجابة صحيحة: B
السؤال #18
A company is deploying third-party firewall appliances for traffic inspection and NAT capabilities in its VPC. The VPC is configured with private subnets and public subnets. The company needs to deploy the firewall appliances behind a load balancer. Which architecture will meet these requirements MOST cost-effectively?
A. eploy a Gateway Load Balancer with the firewall appliances as targets
B. eploy a Gateway Load Balancer with the firewall appliances as targets
C. eploy a Network Load Balancer with the firewall appliances as targets
D. eploy a Network Load Balancer with the firewall appliances as targets
عرض الإجابة
اجابة صحيحة: B
السؤال #19
A data analytics company has a 100-node high performance computing (HPC) cluster. The HPC cluster is for parallel data processing and is hosted in a VPC in the AWS Cloud. As part of the data processing workflow, the HPC cluster needs to perform several DNS queries to resolve and connect to Amazon RDS databases, Amazon S3 buckets, and on-premises data stores that are accessible through AWS Direct Connect. The HPC cluster can increase in size by five to seven times during the companys peak event at the end of
A. Scale out the DNS service by adding two additional EC2 instances in the VPC
B. Scale up the existing EC2 instances that the company is using as DNS servers
C. Create Route 53 Resolver outbound endpoints
D. Create Route 53 Resolver inbound endpoints
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: