ExamGecko
Search Search Login
Home Home / Amazon / ANS-C00
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?
An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF. What additional configuration is required to enable the applications in VPCs to communicate with each other and access onpremises resources?
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in uswest-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
You have two VPCs that you've peered. You created a route for VPC A to get to an instance in VPC. You are unable to ping the instance. You have double checked your security groups and NACLs. Why might this be?
You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URLs, the instances should be able to access any Amazon S3 bucket in the same region via any URL. Which of the following solutions should you deploy? (Choose two.)
In Amazon CloudFront, to link to your objects, if your domain name is d111111abcdef8.cloudfront.net and your object is image.jpg, then the URL for the link in your webpage will be _____.
Your website is under attack and a malicious party is stealing large amounts of data. You have default NACL rules. Stopping the attack is the ONLY priority in this case. Which two commands should you use? (Choose two.)
Which element of AWS Config can be used to help maintain internal and external compliance controls?
A bank built a new version of its banking application in AWS using containers that connect to an on-premises database over a VPN connection. This application version requires users to also update their client application. The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their onpremises version of the application to serve a small portion of the customers who haven't yet upgraded. What design will allow the company to serve both newer and earlier clients in the MOST efficient way?
A company is deploying a critical application on two Amazon EC2 instances in a VPC. Failed client connections to the EC2 instances must be logged according to company policy. What is the MOST cost-effective solution to meet these requirements?

Question 375 - ANS-C00 discussion

Report
Export

A company has a service that runs on TCP port 443 in VPC A within AWS account A network engineer is using AWS PrivateLink for the configuration. Which set of procedures should the network engineer follow to meet these requirements?

A.
The company wants to expose the service to Amazon EC2 instances in VPC B within AWS account B. The service must not be made public, and all other services in VPC A must not be accessible from VPC In VPC A, create an Application Load Balancer (ALB) that has an HTTPS listener. Create an endpoint service in VPC A that points to the ALB. Add the principal ARN of account B to the service endpoints allow list.In VPC B, create an interface endpoint that points to the service identifier of the endpoint service in AWS account A.
Answers
A.
The company wants to expose the service to Amazon EC2 instances in VPC B within AWS account B. The service must not be made public, and all other services in VPC A must not be accessible from VPC In VPC A, create an Application Load Balancer (ALB) that has an HTTPS listener. Create an endpoint service in VPC A that points to the ALB. Add the principal ARN of account B to the service endpoints allow list.In VPC B, create an interface endpoint that points to the service identifier of the endpoint service in AWS account A.
B.
In VPC A, create a Network Load Balancer (NLB) that has a TCP listener. Create an endpoint service in VPC A that points to the NLAdd the principal ARN of account B to the service endpoints allow list. In VPC B, create an interfaceendpoint that points to the service identifier of the endpoint service in AWS account A.
Answers
B.
In VPC A, create a Network Load Balancer (NLB) that has a TCP listener. Create an endpoint service in VPC A that points to the NLAdd the principal ARN of account B to the service endpoints allow list. In VPC B, create an interfaceendpoint that points to the service identifier of the endpoint service in AWS account A.
C.
In VPC A, create a Network Load Balancer (NLB) that has a TCP listener. Create an endpoint service in VPC A that points to the NLB. Add the principal ARN of account B to the service endpoints allow list. In VPC B, create a gatewayendpoint that points to the service identifier of the endpoint service in AWS account A.
Answers
C.
In VPC A, create a Network Load Balancer (NLB) that has a TCP listener. Create an endpoint service in VPC A that points to the NLB. Add the principal ARN of account B to the service endpoints allow list. In VPC B, create a gatewayendpoint that points to the service identifier of the endpoint service in AWS account A.
D.
In VPC A, create an Application Load Balancer (ALB) that has a TCP listener. Create an endpoint service in VPC A that points to the ALB. Add the principal ARN of account B to the service endpoints allow list. In VPC B, create aGateway Load Balancer endpoint that points to the service identifier of the endpoint service in AWS account A.
Answers
D.
In VPC A, create an Application Load Balancer (ALB) that has a TCP listener. Create an endpoint service in VPC A that points to the ALB. Add the principal ARN of account B to the service endpoints allow list. In VPC B, create aGateway Load Balancer endpoint that points to the service identifier of the endpoint service in AWS account A.
Suggested answer: A

Explanation:

Explanation:

Reference: https://docs.aws.amazon.com/vpc/latest/privatelink/vpce-interface.html

Show Answer
asked 16/09/2024
Ash Eller
37 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms