Professional Documents
Culture Documents
subnet, you realise that you have forgotten to assign a public IP to the
instance during creation. What is the simplest way to make your instance
reachable from the outside world? *
Create an Elastic IP and new network interface. Associate the Elastic IP to the new
network interface, and the new network interface to your instance.
Associate the private IP of your instance to the public IP of the internet gateway.
Nothing – by default all instances deployed into any public subnet will
automatically receive a public IP.
Respuesta correcta
FALSE
TRUE
Are you permitted to conduct your own vulnerability scans on your own 1/1
VPC without alerting AWS first? *
Yes. You can perform any scan without alerting AWS first.
No. You must always alert AWS before performing any type of vulnerability scan
Depends on the type of scan and the service being scanned. Some scans can be
performed without alerting AWS, some require you to alert.
TRUE
FALSE
Respuesta correcta
TRUE
True or False: You can accelerate your application by adding a second 1/1
internet gateway to your VPC. *
FALSE
TRUE
When peering VPCs, you may peer your VPC only with another VPC in 1/1
your same AWS account. *
FALSE
TRUE
True or False: An application load balancer must be deployed into at least 0/1
two subnets. *
TRUE
FALSE
Respuesta correcta
TRUE
Which of the following is a chief advantage of using VPC endpoints to 1/1
connect your VPC to services such as S3? *
Traffic between your VPC and the other service does not leave the Amazon
network.
VPC Endpoints offer a faster path through the public internet than you can realize
with a NAT instance.
VPC Endpoints require public IP addresses, offering rapid connectivity from the
public internet.
VPC endpoints are dedicated hardware devices that cannot be accessed without the
correct IAM credentials.
Which of the following allows you to SSH or RDP into an EC2 instance 1/1
located in a private subnet? *
NAT instance
NAT gateway
Internet gateway
Bastion Host
How many internet gateways can I attach to my custom VPC * 1/1
You have five VPCs in a 'hub and spoke' configuration, with VPC 'A' in the 1/1
center and individually paired with VPCs 'B', 'C', 'D', and 'E', which make
up the 'spokes'. There are no other VPC connections. Which of the
following VPCs can VPC 'B' communicate with directly? *
VPC 'A'
Security Groups are stateful and Network Access Control Lists are stateless.
Security Groups are stateless and Network Access Control Lists are stateful.
Both Security Groups and Network Access Control Lists are stateless.
Both Security Groups and Network Access Control Lists are stateful.
Which of the following offers the largest range of internal IP addresses? * 1/1
/16
/28
/24
/20
Security groups act like a firewall at the instance level, whereas _________ 1/1
are an additional layer of security that act at the subnet level. *
Network ACLs
DB Security Groups
Route Tables
In a default VPC, all Amazon EC2 instances are assigned two IP 1/1
addresses at launch. What are they? *
TRUE
FALSE
5
Select the incorrect statement. * 1/1
To save administration headaches, a consultant advises that you leave all 1/1
security groups in web-facing subnets open on port 22 to 0.0.0.0/0
CIDR. That way, you can connect wherever you are in the world. Is this a
good security design? *
Yes
No
Formularios