A.aws:SourceIp

B.aws:EpochTime

C.aws:CurrentTime

D.aws:SecureTransport

 

 

 

 

Answer: A

Explanation:

If you use aws:SourceIp, and the request comes from an Amazon EC2 instance, the instance’s public IP address is used to determine if access is allowed.

Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/using_iam.html

 

 

 

 

Question: 327

In which step of “start using AWS Direct Connect” steps is the virtual interface you created tagged with a customer-provided tag that complies with the Ethernet 802.1Q standard?

A.Download Router Configuration.

B.Complete the Cross Connect.

C.Configure Redundant Connections with AWS Direct Connect.

D.Create a Virtual Interface.

 

 

 

 

 

Answer: D Explanation:

In the list of using Direct Connect steps, the create a Virtual Interface step is to provision your

virtual interfaces. Each virtual interface must be tagged with a customer-provided tag that complies with the Ethernet 802.1Q standard. This tag is required for any traffic traversing the AWS Direct Connect connection.

Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.html#createvirtualin terface

 

 

 

 

Question: 328

A user has created a VPC with CIDR 20.0.0.0/16 using the VPC wizard. The user has created public and VPN only subnets along with hardware VPN access to connect to the user’s data centre. The user has not yet launched any instance as well as modified or deleted any setup. He wants to delete this VPC from the console. Will the console allow the user to delete the VPC?

A.Yes, the user can detach the virtual private gateway and then use the VPC console to delete the VPC.

B.No, since the NAT instance is running, the user cannot delete the VPC.

C.Yes, the user can use the CLI to delete the VPC that will detach the virtual private gateway automatically.

D.No, the VPC console needs to be accessed using an administrator account to delete the VPC.

 

 

 

 

Answer: A

Explanation:

You can delete your VPC at any time (for example, if you decide it’s too small). However, you must terminate all instances in the VPC first. When you delete a VPC using the VPC console, Amazon deletes all its components, such as subnets, security groups, network ACLs, route tables, Internet gateways, VPC peering connections, and DHCP options.If you have a VPN connection, you don’t have to delete it or the other components related to the VPN (such as the customer gateway and virtual private gateway). Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html#VPC_Deletin g

 

 

 

 

Question: 329

You have been asked to set up a public website on AWS with the following criteria: You want the database and the application server running on an Amazon VPC.

You want the database to be able to connect to the Internet so that it can be automatically updated to the correct patch level.

You do not want to receive any incoming traffic from the Internet to the database.

Which solutions would be the best to satisfy all the above requirements for your planned public website on AWS? (Choose 2 answers)

A.Set up both the public website and the database on a public subnet and block all incoming requests from the Internet with a Network Access Control List (NACL)

B.Set up both the public website and the database on a public subnet, and block all incoming requests from the Internet with a security group which only allows access from the IP of the public website.

C.Set up the public website on a public subnet and set up the database in a private subnet which connects to the Internet via a NAT instance.

D.Set up both the public website and the database on a private subnet and block all incoming requests from the Internet with a Network Access Control List (NACL). Set up a Security group between the public website and the database which only allows access via port 80.

 

 

 

 

 

Answer: BC Explanation:

You want the database to be able to connect to the Internet you need to either set it up on a

public subnet or set it up on a private subnet which connects to the Internet via a NAT instance

Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html Question: 330

Which statement is NOT true about accessing remote AWS region in the US by your AWS Direct Connect which is located in the US?

A.AWS Direct Connect locations in the United States can access public resources in any US region.

发表评论

电子邮件地址不会被公开。 必填项已用*标注

error: Content is protected !!