لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
A company wants to improve visibility into its AWS environment. The AWS environment consists of multiple VPCs that are connected to a transit gateway. The transit gateway connects to an on-premises data center through an AWS Direct Connect gateway and a pair of redundant Direct Connect connections that use transit VIFs. The company must receive notification each time a new route is advertised to AWS from on premises over Direct Connect. What should a network engineer do to meet these requirements?
A. Enable Amazon CloudWatch metrics on Direct Connect to track the received route
B. Configure a CloudWatch alarm to send notifications when routes change
C. Onboard Transit Gateway Network Manager to Amazon CloudWatch Logs Insight
D. Use Amazon EventBridge (Amazon CloudWatch Events) to send notifications when routes change
E. Configure an AWS Lambda function to periodically check the routes on the Direct Connect gateway and to send notifications when routes change
F. Enable Amazon CloudWatch Logs on the transit VIFs to track the received route G
عرض الإجابة
اجابة صحيحة: D
السؤال #2
You deploy an Amazon EC2 instance that runs a web server into a subnet in a VPC. An Internet gateway is attached, and the main route table has a default route (0.0.0.0/0) configured with a target of the Internet gateway. The instance has a security group configured to allow as follows: Protocol: TCP Port: 80 inbound, nothing outbound The Network ACL for the subnet is configured to allow as follows: Protocol: TCP Port: 80 inbound, nothing outbound When you try to browse to the web server, you receive no resp
A. Add an entry to the security group outbound rules for Protocol: TCP, Port Range: 80
B. Add an entry to the security group outbound rules for Protocol: TCP, Port Range: 1024-65535
C. Add an entry to the Network ACL outbound rules for Protocol: TCP, Port Range: 80
D. Add an entry to the Network ACL outbound rules for Protocol: TCP, Port Range: 1024-65535
عرض الإجابة
اجابة صحيحة: C
السؤال #3
Your security team implements a host-based firewall on all of your Amazon Elastic Compute Cloud (EC2) instances to block all outgoing traffic. Exceptions must be requested for each specific requirement. Until you request a new rule, you cannot access the instance metadata service. Which firewall rule should you request to be added to your instances to allow instance metadata access?
A. Inbound; Protocol tcp; Source [Instance’s EIP]; Destination 169
B. Inbound; Protocol tcp; Destination 169
C. Outbound; Protocol tcp; Destination 169
D. Outbound; Protocol tcp; Destination 169
عرض الإجابة
اجابة صحيحة: D
السؤال #4
A global delivery company is modernizing its fleet management system. The company has several business units. Each business unit designs and maintains applications that are hosted in its own AWS account in separate application VPCs in the same AWS Region. Each business unit's applications are designed to get data from a central shared services VPC. The company wants the network connectivity architecture to provide granular security controls. The architecture also must be able to scale as more business units
A. Create a central transit gatewa
B. Create a VPC attachment to each application VP
C. Provide full mesh connectivity between all the VPCs by using the transit gateway
D. Create VPC peering connections between the central shared services VPC and each application VPC in each business unit's AWS account
E. Create VPC endpoint services powered by AWS PrivateLink in the central shared services VPCreate VPC endpoints in each application VPC
F. Create a central transit VPC with a VPN appliance from AWS Marketplac G
عرض الإجابة
اجابة صحيحة: B
السؤال #5
A network engineer is designing a hybrid architecture that uses a 1 Gbps AWS Direct Connect connection between the company's data center and two AWS Regions: us-east-1 and eu-west-1. The VPCs in us-east-1 are connected by a transit gateway and need to access several on-premises databases. According to company policy, only one VPC in eu-west-1 can be connected to one on-premises server. The on-premises network segments the traffic between the databases and the server. How should the network engineer set up t
A. Create one hosted connectio
B. Use a transit VIF to connect to the transit gateway in us-east-1
C. Connect gateway for both VIFs to route from the Direct Connect locations to the corresponding AWS Region along the path that has the lowest latency
D. Create one hosted connectio
E. Use a transit VIF to connect to the transit gateway in us-east-1
F. Create one dedicated connectio G
عرض الإجابة
اجابة صحيحة: B
السؤال #6
A media company is implementing a news website for a global audience. The website uses Amazon CloudFront as its content delivery network. The backend runs on Amazon EC2 Windows instances behind an Application Load Balancer (ALB). The instances are part of an Auto Scaling group. The company's customers access the website by using service example com as the CloudFront custom domain name. The CloudFront origin points to an ALB that uses service- alb.example.com as the domain name. The company’s security policy
A. Create a self-signed certificate for service
B. Import the certificate into AWS Certificate Manager (ACM)
C. Change the default behavior to redirect HTTP to HTTPS
D. Create a certificate for service
E. Change the default behavior to redirect HTTP to HTTPS
F. Create a certificate with any domain name by using AWS Certificate Manager (ACM) for the EC2 instance G
عرض الإجابة
اجابة صحيحة: A
السؤال #7
A company is running multiple workloads on Amazon EC2 instances in public subnets. In a recent incident, an attacker exploited an application vulnerability on one of the EC2 instances to gain access to the instance. The company fixed the application and launched a replacement EC2 instance that contains the updated application. The attacker used the compromised application to spread malware over the internet. The company became aware of the compromise through a notification from AWS. The company needs the ab
A. Use Amazon GuardDuty to analyze traffic patterns by inspecting DNS requests and VPC flow logs
B. Use Amazon GuardDuty to deploy AWS managed decoy systems that are equipped with the most recent malware signatures
C. Set up a Gateway Load Balance
D. Run an intrusion detection system (IDS) appliance from AWS Marketplace on Amazon EC2 for traffic inspection
E. Configure Amazon Inspector to perform deep packet inspection of outgoing traffic
عرض الإجابة
اجابة صحيحة: B
السؤال #8
A government contractor is designing a multi-account environment with multiple VPCs for a customer. A network security policy requires all traffic between any two VPCs to be transparently inspected by a third-party appliance. The customer wants a solution that features AWS Transit Gateway. The setup must be highly available across multiple Availability Zones, and the solution needs to support automated failover. Furthermore, asymmetric routing is not supported by the inspection appliances. Which combination
A. Deploy two clusters that consist of multiple appliances across multiple Availability Zones in a designated inspection VP
B. Connect the inspection VPC to the transit gateway by using a VPCattachmen
C. Create a target group, and register the appliances with the target grou
D. Create a Network Load Balancer (NLB), and set it up to forward to the newly created target grou
E. Configure a default route in the inspection VPCs transit gateway subnet toward the NLB
F. Deploy two clusters that consist of multiple appliances across multiple Availability Zones in a designated inspection VP G
عرض الإجابة
اجابة صحيحة: C
السؤال #9
A Network Engineer is provisioning a subnet for a load balancer that will sit in front of a fleet of application servers in a private subnet. There is limited IP space left in the VPC CIDR. The application has few users now but is expected to grow quickly to millions of users. What design will use the LEAST amount of IP space, while allowing for this growth?
A. Use two /29 subnets for an Application Load Balancer in different Availability Zones
B. Use one /29 subnet for the Network Load Balance
C. Add another VPC CIDR to the VPC to allow for future growth
D. Use two /28 subnets for a Network Load Balancer in different Availability Zones
E. Use one /28 subnet for an Application Load Balance
F. Add another VPC CIDR to the VPC to allow for future growth
عرض الإجابة
اجابة صحيحة: C
السؤال #10
A company has deployed a new web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group. Enterprise customers from around the world will use the application. Employees of these enterprise customers will connect to the application over HTTPS from office locations. The company must configure firewalls to allow outbound traffic to only approved IP addresses. The employees of the enterprise customers must be able to access the applica
A. Create a new Network Load Balancer (NLB)
B. Create a new Amazon CloudFront distributio
C. Set the ALB as the distribution’s origin
D. Create a new accelerator in AWS Global Accelerato
E. Add the ALB as an accelerator endpoint
F. Create a new Amazon Route 53 hosted zon G
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: