Review Questions
1.Due to federal governance restrictions, your sensitive customer data is not allowed to traverse the public Internet when in transit between certain AWS hosted applications. You need to interconnect two private VPCs in the Osaka region. What AWS network interconnect option would you use to meet these requirements?
A.CloudWatch
B.CloudTrail
C.Direct Connect
D.PrivateLink
- What is the function of assigning user rights to resources?
A.Authorization
B.Cognito
C.Authentication
D.Step functions
3.MPLS networks are a common offering by service providers and telephone companies worldwide and are widely deployed and often the preferred WAN connectivity option. Which nodes are used in the core to forward frames based on label information?
A.LER
B.LSR
C.LDP
D.LSP
E.LIB
4.You are investigating ways to connect your VPCs with three external business partners that also use AWS as their preferred cloud provider. What options can be considered to interconnect these accounts’ VPC integrations? (Select two.)
A.Organizations
B.MPLS
C.Resource Access Manager
D.Kinesis Firehose
E.Route 53
5.You have been tasked with establishing a logical relationship between your corporate and AWS Active Directory deployments to enable authentication and authorization services in a consolidated database. What service could you implement to achieve this objective?
A.Implement Simple AD
B.Establish an AD trust
C.Read-only domain controllers
D.Flexible Single Master Operation role
6.Jill has accessed her federated Active Directory servers and has been granted permissions to write to a SQL database in the AWS Milan region. What is the process that granted her the permissions to access the database?
A.RDS
B.Authentication
C.Elastic Beanstalk
D.Authorization
- You want to create a hub for your VPC that connects your global networks. You have been tasked to keep VPC interconnections to a minimum and consider the ease of future VPC expansions. Which service would you investigate to meet this objective?
A.Transit Gateway
B.MPLS
C.Hub-and-spoke
D.AD Connector
E.AWS Global Accelerator
8.You are investigating upgrading your network to add real-time intelligence to route around impairments and manage traffic flows during times of congestion. You want the WAN traffic to automatically and dynamically be forwarded over the path based on network conditions and defined policies such as application QoS requirements (low latency for voice, high bandwidth for video), security, circuit costs, or any other defined criteria. What network technology would meet this requirement?
A.MPLS
B.SD-WAN
C.EIGRP
D.Intermediate system to Intermediate system
E.BPDU
9.What is the function of identifying a user entering your AWS cloud applications?
A.SWF
B.Cognito
C.Authentication
D.Organizational unit ID
E.Authorization
10.Which protocol enables applications to delegate authentication to an external identity provider so that AWS can automatically grant, revoke, or change a user’s access to applications and services when an administrator adds, removes, or modifies the user’s information in the IdP?
A.SAML
B.LDAP
C.AWS KMS
D.IAM
11.A basic user database needs to be created in the Stockholm region as a central source of usernames and which services they are granted based on their credentials. You are looking for a low-cost alternative to a full-featured user database. Which would be a good option?
A.Implement Simple AD
B.Establish an AD trust
C.Read-only domain controllers
D.Flexible Single Master Operation role
- As an AWS solutions architect specializing in networking, you have been asked to troubleshoot an issue where your private development and test VPCs are inter-connected with a peer connection and the test and production VPCs are peer interconnected to each other. The developers need to access an online development portal hosted by another cloud provider that uses the Internet gateway attached to the PROD VPC. What could be the issue preventing developers from accessing their Internet-based tools?
A.There is no route back to DEV in the PROD VPC
B.The NAT gateway is missing
C.The routing table in the TEST VPC needs statics assigned to PROD and DEV
D.There is a nontransitive issue in the TEST VPC
E.The security groups need to be modified to allow access to the Internet from the DEV PPC
