Quiz 1 of 0

Exam Simulator: Networking and Content Delivery

Anastasia-Instructor September 1, 2022

Time limit: 0

Quiz Summary

0 of 25 Questions completed

Questions:

Information

You have already completed the quiz before. Hence you can not start it again.

Quiz is loading…

You must sign in or sign up to start the quiz.

You must first complete the following:

Results

Quiz complete. Results are being recorded.

Results

0 of 25 Questions answered correctly

Your time:

Time has elapsed

You have reached 0 of 0 point(s), (0)

Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)

A company wants to create a VPC with a dedicated tenancy for the 10.0.0.0/16 IPv4 CIDR block.

Which command should a SysOps administrator type in the command-line tool to meet the requirement?

aws ec2 create-vpc

--cidr-block 10.0.0.0/16 --instance-tenancy dedicated

aws ec2 create-vpc

--cidr-block 10.0.0.0/16 --instance-tenancy

aws ec2 create-vpc

--cidr-block 10.0.0.0/16 --tenancy dedicated

aws ec2 create-vpc

--cidr-block 10.0.0.0/15 --instance-tenancy dedicated

Correct

Incorrect

Question 7 of 25

7. Question
A company needs to increase the security of its VPC. The company wants to control traffic in and out of its subnets.

Which service should a SysOps administrator use to meet the requirement?
- Network ACL
- AWS Shield
- AWS WAF
- AWS Resource Group
Correct

Incorrect
Question 8 of 25

8. Question
Which of the following ACL rules allows inbound HTTP traffic from any IPv4 address.
- Rule: 100, Type: HTTP, Protocol: TCP, Port range: 80, Source: 0.0.0.0/0, Allow/Deny: ALLOW
- Rule: 100, Type: HTTP, Protocol: TCP, Port range: 443, Source: 0.0.0.0/0, Allow/Deny: ALLOW
- Rule: 100, Type: HTTP, Protocol: TCP, Port range: 53, Source: 0.0.0.0/0, Allow/Deny: ALLOW
- Rule: 100, Type: HTTP, Protocol: TCP, Port range: 22, Source: 0.0.0.0/0, Allow/Deny: ALLOW
Correct

Incorrect
Question 9 of 25

9. Question
A company just launched an EC2 instance in a subnet into its VPC. After investigation, a SysOps administrator has realized that the EC2 instance isn’t accessible from the Internet.

What could be the primary cause of this issue?
- The route table is not configured properly
- The DNS hostname is wrong
- The VPC is not enabled for ClassicLink
- VPC peering connection is not created
Correct

Incorrect
Question 10 of 25

10. Question
A company just finalized the process of hosting its WordPress blog on a new Amazon EC2 Linux instance. After trying to connect to the instance the SysOps administrator gets the following error message:
```
Network error: Connection timed out or Error connecting
```
Which actions should the SysOps administrator take to fix this issue? (Select TWO.)
- Check your security group rules
- Use the AWS CLI command get-console-output
- Change the label of an attached ext4 volume
- Create a new key pair
- Check the route table for the subnet
Correct

Incorrect
Question 11 of 25

11. Question
Α company handles sensitive data in their private subnet, the data is processed by the EC2 instances and then delivered to S3. The company wants the data to NOT be passed through the public Internet.

How could a SysOps administrator design this solution so that the data does not pass through the public Internet?
- Configure a VPC Gateway Endpoint along with a corresponding route entry that directs the data to S3
- Configure a VPC Interface Endpoint along with a corresponding route entry that directs the data to S3
- Configure a Network Access List Interface Endpoint along with a corresponding route entry that directs the data to S3
- Configure a NAT gateway in the private subnet with a corresponding route entry that directs the data to S3
Correct

Incorrect
Question 12 of 25

12. Question
A company wants to use a network address translation (NAT) gateway to enable the instances in its private subnet to connect to the internet and prevent the internet from initiating a connection with those instances.

Sort the steps from the top (first step) to the bottom (last step) to create a NAT gateway using the console.
- Open the Amazon VPC console at https://console.aws.amazon.com/vpc
- Choose Create a NAT Gateway
- In the navigation pane, choose NAT Gateways, Create NAT Gateway
- Select the allocation ID of an Elastic IP address to associate with the NAT gateway
- Specify the subnet in which to create the NAT gateway
View Answers:
Correct

Incorrect
Question 13 of 25

13. Question
A company wants to use a security group to control inbound and outbound traffic. The company has already launched an instance in a VPC and now they want to assign two security groups to the instance.

Sort the steps from the top (first step) to the bottom (last step) to create a security group using the console.
- From VPC, select the ID of your VPC
- In the navigation pane, choose Security Groups
- Open the Amazon VPC console at https://console.aws.amazon.com/vpc
- Choose Create
- Enter a name for the security group (for example, my-security-group), and then provide a description
- Choose Create security group
View Answers:
Correct

Incorrect
Question 14 of 25

14. Question
A company wants to add an additional layer of protection from web attacks that attempt to exploit vulnerabilities to its web app. The company needs to create rules to filter web traffic based on specific IP addresses and block common web exploits like SQL injection and cross-site scripting.

Which of the following AWS service meet these requirements?
- CloudFront
- Amazon S3 Access Control List (ACLs)
- Amazon Inspector
- AWS WAF
Correct

Incorrect
Question 15 of 25

15. Question
A company that has a MySQL on Amazon Relational Database Service discovers common attack patterns, such as SQL injection and cross-site scripting. You have been hired to implement a solution to improve web traffic visibility by monitoring the entire inbound traffic and improve the security against web attacks.

Which of the following services should you implement to meet the requirements?
- AWS Security Hub
- AWS WAF
- AWS Shield
- Amazon Inspector
Correct

Incorrect
Question 16 of 25

16. Question
Which of the following AWS service is a security management service which allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organization?
- AWS Secrets Manager
- AWS Firewall Manager
- AWS Shield
- AWS WAF
Correct

Incorrect
Question 17 of 25

17. Question
A company is using Amazon Elastic Container Service (Amazon ECS) containers to host its applications. The company wants to use AWS WAF to protect the applications that are hosted in Amazon ECS containers.

Which actions should a SysOps administrator take to meet these requirements?
- Create a Web ACL. Then Add a string match rule and Add an AWS Managed Rules rule group. Finish your Web ACL configuration and Clean up your resources.
- Set up AWS WAF and Create a Web ACL. Finish your Web ACL configuration and Clean up your resources.
- Set up AWS WAF and Create a Web ACL. Then Add a string match rule and Add an AWS Managed Rules rule group. Finish your Web ACL configuration and Clean up your resources.
- Set up AWS WAF. Then Add a string match rule and Add an AWS Managed Rules rule group. Finish your Web ACL configuration and Clean up your resources.
Correct

Incorrect
Question 18 of 25

18. Question
A company is using Amazon CloudFront distributions and Amazon Route 53 hosted zones. The company wants to add protection against DDoS attacks for those resource types using AWS Shield Advanced.

Which of the following is the THIRD step in the AWS Shield Advanced configuration process?
- Subscribe to AWS Shield Advanced
- Add resources to protect
- Configure layer 7 DDoS mitigation
- Create a DDoS Dashboard in CloudWatch and Set CloudWatch Alarms
Correct

Incorrect
Question 19 of 25

19. Question
Your Online Travel Agent (OTA) startup in California recently faced tremendous growth. Users from all over the world started using the APP. After investigation, you noticed 60% of the traffic was originated from Germany. Because of this, you decide to localize your content and present all of your website’s content in German to the users from Germany and English to the rest of the users. Also, you want all queries from Europe to be routed to an ELB load balancer in the Frankfurt region.

Which of the following services would allow you to fulfill this requirement?
- Use Route 53 Geolocation Routing policy
- Use Route 53 Failover routing policy
- Use Route 53 Geoproximity routing policy
- Use Route 53 Latency routing policy
Correct

Incorrect
Question 20 of 25

20. Question
A company wants to configure a public hosted zone to provide information about how they want to route traffic on the internet for its domain (examsdigest.com).

Which solution will meet these requirements with the LEAST amount of effort?
- Under DNS management choose Get started and Create hosted zone. Enter the name of the domain that you want to route traffic for and for type, accept the default value of Private Hosted Zone. Then Choose Create.
- Under DNS management choose Get started and Create hosted zone. For type, accept the default value of Public Hosted Zone. Then Choose Create.
- Under DNS management choose Get started and Create hosted zone. Enter the name of the domain that you want to route traffic for and for type, accept the default value of Public Hosted Zone. Then Choose Create.
- Under DNS management choose Get started. Enter the name of the domain that you want to route traffic for and for type, accept the default value of Public Hosted Zone. Then Choose Create.
Correct

Incorrect
Question 21 of 25

21. Question
A SysOps Administrator is configuring a Route 53 Resolver using the wizard. Which of the following steps has to be done before choosing the direction that you want to forward DNS queries?
- Confirm that the settings that you specified on previous pages are correct
- Enter the applicable values for configuring an outbound endpoint
- Enter the applicable values for creating a rule
- Choose the Region where you want to create a Resolver endpoint
Correct

Incorrect
Question 22 of 25

22. Question
A company wants to create a secure static website for its domain name. The company’s website uses only files like HTML, CSS, JavaScript, and doesn’t need servers or server-side processing.

Which of the following are prerequisites to deploy this secure static website solution using the console? (Select TWO.)
- A registered domain name, such as example.com, that’s pointed to an Amazon Route 53 hosted zone
- The hosted zone must be in a different AWS account where you deploy this solution
- AWS Identity and Access Management (IAM) permissions to launch CloudFormation templates that create IAM roles
- Permissions to create all the AWS resources in the solution
- AWS Identity and Access Management (IAM) permissions to launch CloudFormation templates that create IAM roles, and permissions to create all the AWS resources in the solution
Correct

Incorrect
Question 23 of 25

23. Question
A SysOps administrator tries to add an alternate domain name (CNAME) to its distribution but CloudFront returns an InvalidViewerCertificate error.

Which actions should the SysOps administrator take to fix this issue? (Select TWO.)
- Make all of your objects publicly readable in Amazon S3
- Reduce the number of certificates in the chain, and then try again
- Create a CloudFront origin access identity (OAI) so that CloudFront can access it
- Check the Not Valid Before and Not Valid After fields in the certificates in your certificate chain to make sure that all of the certificates are valid based on the dates that you’ve listed
- Explicitly enable public read privileges for each object that you upload to Amazon S3
Correct

Incorrect
Question 24 of 25

24. Question
A company is using VPC Flow Logs to capture information about the IP traffic going to and from the network interfaces in its VPC. The company has created a flow log, and the Amazon VPC console displays the flow log as Active. However, they cannot see any log streams in CloudWatch Logs or log files in its Amazon S3 bucket.

Which actions should the SysOps administrator take to fix this issue?
- Ensure that you have specified the ARN for an existing S3 bucket, and that the ARN is in the correct format
- Clean up the bucket's policy by removing the flow log entries that are no longer needed
- Wait a few minutes for the log group to be created, or for traffic to be recorded
- Grant permissions to the entire bucket by replacing the individual flow log entries with the following.
```
arn:aws:s3:::bucket_name/*
```
Correct

Incorrect

Question 25 of 25

25. Question

A company just created a subnet and configured a routing. The company wants to launch an instance of type `t2.micro` into the default subnet for the current Region using a command-line tool.

Which action should a SysOps administrator take to meet these requirements?

aws ec2 run-instances \

    --image-id ami-0abcdef1234567890 \

    --instance-type t3.micro

aws run-instances \

    --image-id ami-0abcdef1234567890 \

    --instance-type t2.micro

aws ec2 instances \

    --image-id ami-0abcdef1234567890 \

    --instance-type t2.micro

aws ec2 run-instances \

    --image-id ami-0abcdef1234567890 \

    --instance-type t2.micro

Correct

Incorrect

Exam Simulator: Networking and Content Delivery

Anastasia-Instructor September 1, 2022

Quiz Summary

Information

Results

Results

Categories

1. Question

You can configure a Lambda function to connect to private subnets in a virtual private cloud (VPC) in your AWS account.

What happens when you connect a function to a VPC?

2. Question

A company wants to monitor the traffic that is reaching its instance by capturing information about the IP traffic going to and from the network interfaces in its VPC.

Which solution will meet this requirement?

3. Question

Which of the following VPC features acts as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level?

4. Question

You have been tasked to improve the security of the data flow between your Amazon Redshift cluster and other resources. The very first step is to use VPC flow logs to monitor all the COPY and UNLOAD traffic of your Redshift cluster that moves in and out of your VPC.

Which of the following option is the most suitable solution to improve the security of your data?

5. Question

A company has a VPC for the IT department and another VPC for the accounting department. Which type of networking connection in AWS should a SysOps administrator use for the IT department in order to get access to all resources that are in the accounting department, and vice versa?

6. Question

A company wants to create a VPC with a dedicated tenancy for the 10.0.0.0/16 IPv4 CIDR block.

Which command should a SysOps administrator type in the command-line tool to meet the requirement?

7. Question

A company needs to increase the security of its VPC. The company wants to control traffic in and out of its subnets.

Which service should a SysOps administrator use to meet the requirement?

8. Question

Which of the following ACL rules allows inbound HTTP traffic from any IPv4 address.

9. Question

A company just launched an EC2 instance in a subnet into its VPC. After investigation, a SysOps administrator has realized that the EC2 instance isn’t accessible from the Internet.

What could be the primary cause of this issue?

10. Question

A company just finalized the process of hosting its WordPress blog on a new Amazon EC2 Linux instance. After trying to connect to the instance the SysOps administrator gets the following error message:

Which actions should the SysOps administrator take to fix this issue? (Select TWO.)

11. Question

Α company handles sensitive data in their private subnet, the data is processed by the EC2 instances and then delivered to S3. The company wants the data to NOT be passed through the public Internet.

How could a SysOps administrator design this solution so that the data does not pass through the public Internet?

12. Question

A company wants to use a network address translation (NAT) gateway to enable the instances in its private subnet to connect to the internet and prevent the internet from initiating a connection with those instances.

Sort the steps from the top (first step) to the bottom (last step) to create a NAT gateway using the console.

13. Question

A company wants to use a security group to control inbound and outbound traffic. The company has already launched an instance in a VPC and now they want to assign two security groups to the instance.

Sort the steps from the top (first step) to the bottom (last step) to create a security group using the console.

14. Question

A company wants to add an additional layer of protection from web attacks that attempt to exploit vulnerabilities to its web app. The company needs to create rules to filter web traffic based on specific IP addresses and block common web exploits like SQL injection and cross-site scripting.

Which of the following AWS service meet these requirements?

15. Question

Which of the following services should you implement to meet the requirements?

16. Question

Which of the following AWS service is a security management service which allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organization?

17. Question

A company is using Amazon Elastic Container Service (Amazon ECS) containers to host its applications. The company wants to use AWS WAF to protect the applications that are hosted in Amazon ECS containers.

Which actions should a SysOps administrator take to meet these requirements?

18. Question

A company is using Amazon CloudFront distributions and Amazon Route 53 hosted zones. The company wants to add protection against DDoS attacks for those resource types using AWS Shield Advanced.

Which of the following is the THIRD step in the AWS Shield Advanced configuration process?

19. Question

Which of the following services would allow you to fulfill this requirement?

20. Question

A company wants to configure a public hosted zone to provide information about how they want to route traffic on the internet for its domain (examsdigest.com).

Which solution will meet these requirements with the LEAST amount of effort?

21. Question

A SysOps Administrator is configuring a Route 53 Resolver using the wizard. Which of the following steps has to be done before choosing the direction that you want to forward DNS queries?

22. Question

A company wants to create a secure static website for its domain name. The company’s website uses only files like HTML, CSS, JavaScript, and doesn’t need servers or server-side processing.

Which of the following are prerequisites to deploy this secure static website solution using the console? (Select TWO.)

23. Question

A SysOps administrator tries to add an alternate domain name (CNAME) to its distribution but CloudFront returns an InvalidViewerCertificate error.

Which actions should the SysOps administrator take to fix this issue? (Select TWO.)

24. Question

Which actions should the SysOps administrator take to fix this issue?

25. Question

A company just created a subnet and configured a routing. The company wants to launch an instance of type t2.micro into the default subnet for the current Region using a command-line tool.

Which action should a SysOps administrator take to meet these requirements?

A SysOps administrator tries to add an alternate domain name (CNAME) to its distribution but CloudFront returns an `InvalidViewerCertificate` error.

A company just created a subnet and configured a routing. The company wants to launch an instance of type `t2.micro` into the default subnet for the current Region using a command-line tool.