Question: 1
You are currently hosting multiple applications in a VPC and have logged numerous port scans
coming in from a specific IP address block. Your security team has requested that all access from the
offending IP address block be denied for the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the specified
IP address block?
A. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access
from the IP address block
B. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP
address block
C. Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block
D. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your
organization uses in that VPC to deny access from the IP address block
Answer: B
Question: 2
When preparing for a compliance assessment of your system built inside of AWS. what are three
best-practices for you to prepare for an audit? (Choose three.)
A. Gather evidence of your IT operational controls
B. Request and obtain applicable third-party audited AWS compliance reports and certifications
C. Request and obtain a compliance and security tour of an AWS data center for a pre-assessment
security review
D. Request and obtain approval from AWS to perform relevant network scans and in-depth
penetration tests of your system's Instances and endpoints
E. Schedule meetings with AWS's third-party auditors to provide evidence of AWS compliance that
maps to your control objectives
Answer: A,B,D
Question: 3
You have started a new job and are reviewing your company's infrastructure on AWS You notice one
web application where they have an Elastic Load Balancer (&B) in front of web instances in an Auto
Scaling Group When you check the metrics for the ELB in CloudWatch you see four healthy instances
in Availability Zone (AZ) A and zero in AZ B There are zero unhealthy instances.
What do you need to fix to balance the instances across AZs?
A. Set the ELB to only be attached to another AZ
B. Make sure Auto Scaling is configured to launch in both AZs
C. Make sure your AMI is available in both AZs
D. Make sure the maximum size of the Auto Scaling Group is greater than 4
Answer: B
Question: 4
You have been asked to leverage Amazon VPC BC2 and SOS to implement an application that submits
and receives millions of messages per second to a message queue. You want to ensure your
application has sufficient bandwidth between your EC2 instances and SQS
Which option will provide the most scalable solution for communicating between the application
and SQS?
A. Ensure the application instances are properly configured with an Elastic Load Balancer
B. Ensure the application instances are launched in private subnets with the EBS-optimized option
enabled
C. Ensure the application instances are launched in public subnets with the associate-public-IPaddress=
true option enabled
D. Launch application instances in private subnets with an Auto Scaling group and Auto Scaling
triggers configured to watch the SQS queue size
Answer: D
Explanation:
Bandwidth literally means network not IO Bandwidth. Having alerts to scale the Autoscaling is most
sophisticated option.
Question: 5
You have identified network throughput as a bottleneck on your m1.small EC2 instance when
uploading data Into Amazon S3 In the same region.
How do you remedy this situation?
A. Add an additional ENI
B. Change to a larger Instance
C. Use DirectConnect between EC2 and S3
D. Use EBS PIOPS on the local volume
Answer: B
Source Link:
Related Links:
No comments:
Post a Comment