1. You?ve configured a classic load balancer with EC2 Instances behind them. You are going to the DNS name for the load balancer, but you are not getting the response from the underlying instances. Which of the following are checks you should carry out? Choose 2 answers from the options given below(Select 2answers)

A) Ensure the Security group for the load balancer accepts traffic on port 80 from 10.0.0.0116
B) Ensure the load balancer is created in the private subnet
C) Ensure the Security group for the load balancer accepts traffic on port 80 from 0.0.0.0/0 .
D) Ensure the load balancer is created in the public subnet



2. You have a collection of assets stored in an 53 bucket. You want to enable users across the world to access these assets with the least latency. The users must also access the distribution via your company domain name. How can you achieve this? Choose 2 answers from the options given below.(Select 2answers)

A) Create a resource record in a hosted zone and create a PTR record
B) Create a web based distribution in Cloud front
C) Create an application load balancer and point it to your S3 bucket
D) Create a resource record in a hosted zone and create an ALIAS record



3. You?re working as a consultant for a company that has a three-tier application. The application layer of this architecture sends over 20Gbps of data per seconds during peak hours to and from Amazon S3. Currently, you?re running two NAT gateways in two subnets to transfer the data from your private application layer to Amazon S3. You will also need to ensure that the instances receive software patches from a third-party repository. What architecture changes should be made, if any?

A) Add a VPN connection for better throughput
B) Add an Internet gateway for better throughput
C) Add a VPC endpoint.
D) Add another NAT gateway



4. You?ve setup a VPC with a couple of Instances that have public IP addresses. These EC2 Instances need to reach an external web server on port 443. The instances are unable to reach the web server. You have verified the following � An Internet gateway is assigned to the VPC(1 0.0.0.0/16) The route table has a route for 0.0.0.0/0 to the Internet gateway � The Security Groups allows Outbound Traffic for port 443 � The NACL allows Outbound Traffic for port 443 and Inbound Traffic for ephemeral ports Based on the above information what could be the underlying issue. Please select:

A) You should not use the Internet gateway. instead use a NAT gateway for the routing of traffic
B) The route table should have a route for 10.0.0.0/16 to the Internet gateway
C) The Security Group should allow Inbound traffic for port 443
D) The external web server is blocking the requests



5. A windows machine in one VPC needs to join the AD domain in another VPC. VPC Peering has been established. But the domain join Is not working. What Is the other step that needs to be followed to ensure that the AD domain join can work as intended ?

A) Change the VPC peering connection to a Direct Connect connection
B) Ensure that the AD is placed In a public subnet
C) Ensure the security groups for the AD hosted subnet has the right wie for relevant subnets
D) Change the VPC peering connection to a VPN connection