Review Questions – Network Implementation – ANS-C01 Study Guide
Review Questions
- DX hybrid networks offer what advantages over traversing the Internet to access your AWS services? (Select three.)
- High bandwidth
- Dynamic routing resiliency
- Edge location access
- Low and predictable latency
- Global acceleration
- Native VxLAN support
- You want to establish a direct connection to your VPC in the eu-west-3 Paris region. Your finance group does not want to purchase and ship a router to France for this project. What options do you have?
- Open a support ticket with the AWS European support desk and request they allocate a router port in the Paris region
- Use an AWS carrier business partner that offers interconnection services at a collocation facility shared by AWS in France
- Use your DX router you have installed at the Stockholm collocation facility to also connect to eu-west-3
- You must have your router hardware installed locally at the Paris DX facility to be able to connect to the AWS router to access the eu-west-3 region
- Because of the large amounts of file transfers to your Redshift deployment running on Amazon, you are exploring options to increase your DX throughput to the maximum available. What is the best option available to meet this need?
- Upgrade to a VxLAN underlay for higher upload speeds to your DX availability zone connection
- Upgrade your port speed at the DX facility
- Use LACP to link aggregate multiple 100G interfaces between your customer interfaces and the AWS DX interfaces
- Remove the static routes and configure the interconnection to use BGP
- Your corporate requirement is to encrypt all external WAN traffic at the Austin corporate data center. You notice that the DX connection through Equinix in Dallas is not encrypted. What options are available to remediate this issue?
- Enable SSL/TLS encryption on the DX interface at the Equinix facility
- Enable IPSec at each end of the connection
- Encryption is not supported over the Direct Connect link
- Use the CloudFront network to connect to instead of Direct Connect since it supports IPSec
- You are exploring routing protocol options to dynamically exchange routes with AWS over your Direct Connect link in Denver. What options are available?
- iBGP
- OSPF
- IS-IS
- eBGP
- You are configuring your Direct Connect interface into the us-west-2 region and want to access your EC2 fleet in availability zone 1. How would you configure the DX interface?
- Use GRE and point it to AZ-A
- Create an overlay network that includes us-west-2 and availability zone 1
- Create a private VIF
- Create a public VIF
- What interface would you point your data center’s VPN concentrator to for a site-to-site AWS VPN connection?
- DX interconnect
- Customer gateway
- Virtual private gateway
- Global Accelerator endpoint
- For a router to forward an IPv4 packet to a remote location, what must be present?
- A static route
- A dynamic routing protocol that constantly updates the routing table
- A route in the routers routing and forwarding table showing the next hop egress interface
- Configure an 802.1Q tag pointing to the remote network
- You have a small network that never changes. You have no desire to manage the complexity of setting up the Border Gateway Protocol. What options are available to you to populate your router’s forwarding tables?
- Configure static routes.
- Use a less complex dynamic routing protocol such as OSPF.
- You must use BGP to route packets through a IPv4 network
- Networks that have fewer than eight subnets do not require routing to be configured.
- You are setting up a direct connection between your New Orleans data center and the AWS Ohio region and want to use a dynamic routing protocol. What will be required to begin building the router configuration needed at the DX hosting center?
- AWS will assign you a unique VLAN ID
- A connection into your OSPF Area 0 backbone router
- A unique autonomous system number
- A list from AWS of what IPSec transforms they want to use and then you can use that data to build your tunnel parameters
- BGP is known as a distance vector routing protocol; what characteristics give it this label?
- Next hop reachability based on latency, jitter, bandwidth, and reliability.
- AS path metrics.
- The use of the Bellman–Ford route calculation algorithm.
- Vector labels are exchanged by BGP to determine the best route to enter into the routing table.
- Outgoing BGP router advertisements are used to effect what result?
- AS egress traffic flows
- Multi-exit discriminator values
- Traffic coming into the AS
- Best metric policies
- You are setting up a site-to-site VPN from your corporate data center to AWS to access your EC2 fleet sitting behind application load balancers in multiple regions. You have been tasked with keeping the number of VPN tunnels low to reduce complexity and monitoring overhead. What is the best solution?
- Configure Route 53 to load balance between the application load balancers
- Configure CloudHub to connect to the required VPCs
- Configure a VPN connection to a VPG and use BGP routing in the data center.
- Use PrivateLink to connect to the application load balancers
- What architecture uses only one autonomous system across the entire worldwide routed network infrastructure?
- OSPF
- Generic Routing Protocol
- iBGP
- VxLAN
- Storage, video, and large file transfer traffic benefit from which layer 2 option being enabled?
- Spanning tree protocol
- LACP
- Jumbos
- Bidirectional forwarding
- You are required to support multicast traffic over your VPN network. You learn that the IPSec tunnels do not forward multicast traffic, and you are searching for a solution that does not require you to replace your network architecture. What is a viable option?
- Use an underlay network
- Implement VxLAN
- Configure Generic Routing Encapsulation and send the multicast traffic through the GRE tunnel
- Implement the GENEVE protocol
- You need a protocol that prevents bad actors from tampering with packets in flight. What would you suggest implementing?
- BGP
- Transport Layer Security
- Secure Sockets Layer
- IPSec
- What are some of the use cases for account resource sharing? (Select three.)
- Departmental segmentation
- Support for VPN backup connections in case the primary DX connection fails
- Nonrepudiation
- Serverless container isolation
- Docker support
- Accounting
- Company resource sharing between accounts