Jason
/
safaribook-aws-certified-cloud-practitioner-exam-guide
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Page: chap6_qa
Pages
Home chap1 chap1_qa chap2 chap2_qa chap3 chap3_qa chap4 chap4_qa chap5 chap5_qa chap6 chap6_qa chap7 chap7_qa exam1_ans exam1_ques
1 chap6_qa
Jason Zhu edited this page 2022-10-23 23:07:50 +11:00
Table of Contents

Questions

Q1

Which VPC component enables to you grant internet access to servers in the public subnet deployed in the VPC?

  1. NAT gateway
  2. Internet gateway
  3. VPC peering
  4. Security group

ANS: 4 (Should be 2)

Q2

Which of the following statements are true?

  1. NACLs protect entire subnets, whereas security groups protect the individual instance.
  2. NACLs protect the individual instance, whereas security groups protect the entire subnet.
  3. NACLs enable instances in the private subnet to access the internet and act as a NAT device, whereas security groups are used to assign IAM policies to servers that need access to S3 buckets.
  4. NACLs enable instances in the private subnet to access the internet and act as a NAT device, whereas security groups are used to assign IAM policies to servers that need access to S3 buckets.

ANS: 1 (Correct)

Q3

Which AWS service enables you to purchase and register new domain names that can be used to publish your website on the internet?

  1. Route53
  2. VPC
  3. RDS
  4. Elastic Beanstalk

ANS: 1 (Correct)

Q4

Which AWS service enables you to distribute your digital assets such that it is cached locally to users who attempt to access this content for a time to live, and thus helps to reduce network latency?

  1. AWS CloudFront
  2. AWS CloudTrail
  3. AWS CloudWatch
  4. AWS CloudScape

ANS: 1 (Correct)

Q5

Your organization hosts multiple AWS accounts with multiple VPCs. You would like to connect these VPCs together and centrally manage connectivity policies. Which AWS service enables you to connect multiple VPCs configured as a hub that controls how traffic is routed among all the connected networks, which act like spokes?

  1. AWS Transit Gateway
  2. AWS Global Accelerator
  3. AWS VPC Peering
  4. AWS Virtual Private Gateway

ANS: 1 (Correct)

Q6

Which AWS service enables you to grant internet access to EC2 instances configured with IPv4, and located in the private subnet of your VPC?

  1. Egress-only internet gateway
  2. NAT gateway
  3. VPC endpoint
  4. VPN tunnel

ANS: 2 (Correct)

Q7

You company has a primary production website in the US and a DR site in Sydney. You need to configure DNS such that if your primary site becomes unavailable, you can fail DNS over to the secondary site. Which DNS routing policy can you configure to achieve this?

  1. Weighted Routing
  2. Geolocation Routing
  3. Latency Routing
  4. Failover Routing

ANS: 4 (Correct)

Q8

You plan to set up DNS failover using Amazon Route53. Which feature of Route53 can you use to test your web application's availability and reachability?

  1. Private DNS
  2. CloudWatch
  3. Health checks
  4. DNS ping

ANS: 3 (Correct)

Q9

Which VPC firewall solution enables you to deny inbound traffic from a specific IP address, which can be used to prevent malicious attacks?

  1. AWS Firewall
  2. AWS Security Groups
  3. AWS Network Access Control Lists (NACLs)
  4. AWS CloudFront

ANS: 1 (Should be 3)

Q10

Which AWS service enables you to connect your private data center to your Amazon VPC with up to 100 Gbps network connectivity?

  1. Snowball
  2. Direct Connect
  3. Virtual Private Network (VPN)
  4. Virtual Satellite Network (VSN)

ANS: 2 (Correct)