1. Your company has many remote branch offices that need to connect with your AWS(Amazon Web Service) VPC. Which of the following can help achieve this connectivity In an easy manner?

A) AWS Direct Connect with a Private VIF
B) AWS Direct Connect with a Public V1F
C) VPC Peering
D) VPN Cloud hub



2. You?ve setup a private hosted zone in Route 53. You?ve setup a VPN connection between the AWS(Amazon Web Service) VPC and your on-premise network. You need to ensure that you can resolve DNS names from on-premise to the resources records defined in the Private hosted zone. How can you accomplish this?

A) Create a DNS forwarder server in your on-premise location. Configure the VPC with a new DHCP options s which uses this DNS forwarder.
B) Configure a DNS resolver in the VPC which will resolve DNS requests to the Route 53 private hosted zone.
C) Configure a DNS forwarder In the VPC which will forward DNS requests to the Route 53 private hosted zone
D) Create a DNS resolver server in your on-premise location. Configure the VPC with a new DHCP options set which uses this DNS resolver.



3. Your company is planning on using AWS(Amazon Web Service) EC2 and ELB for deployment for their web applications. The security policy mandates that all traffic should be encrypted. Which of the below options will ensure that this requirement is met. Choose 2 answers from the options below.(Select 2answers)

A) Ensure the load balancer listens on port 80
B) Ensure the hTTPS listener sends requests to the Instances on port 80
C) Ensure the HTTPS listener sends requests to the instances on port 443
D) Ensure the load balancer listens on port 443



4. You are planning on creating a VPC endpoint for your SaaS product hosted in AWS. You will provide this link to a customer who will access the link from their application. The application works on the UDP protocol. You plan on providing the DNS name for the link to them. But the customer is not able to use the link from within their application. What could be the issue?

A) The gateway endpoint has a policy that denies access. This should be modified accordingly.
B) The customer needs to use a NAT device to access the endpoint service
C) The service endpoint only works on the TCP protocol
D) The customer needs to create a Network load balancer to access the endpoint service



5. Your company currently hosts an application that consists of a NGINX web server that is hosted behind a load balancer. You need to ensure that you restrict access to certain locations for the content hosted on the Web server. How can you accomplish this?

A) Use the IP addresses in the X-Forwarded-For HTTP header and then restrict content via Cloud front geor estrictions.
B) Use the ELB itself to restrict content via geo-restrictions
C) Use the ELB logs to create a blacklist for restrictions
D) Use the NGINX logs to get the web server variable and then use the IP address to restrict content via Cloud front geo-restrictions.