CloudAcademy: Knowledge Check: Networking (SAA-C03) 2 of 2 Flashcards
Your new client is a federal agencyutilizing a hybrid cloud environment. The agency distributes large amounts of sensitive data throughout the world. Your task is to ensure that thedata is secure using various encryption techniques as well as security groups and access control lists.
One of the requirements is to distribute content utilizing CloudFront for optimal performance but to completely restrict access from within certain disallow-list countries.
What CloudFront featurecan you enableto fulfill this requirement?
A. SSL encryption
B. Firewall rules
C. Geo-restriction
D. Server-side encryption
C. Geo-restriction
Explanation:
You can use geo restriction, also known as geoblocking, to prevent users in specific geographic locations from accessing content that you’re distributing through a CloudFront web distribution.
To use geo restriction, you have two options:
Use the CloudFront geo restriction feature. Use this option to restrict access to all of the files that are associated with a distribution and to restrict access at the country level. Use a third-party geolocation service. Use this option to restrict access to a subset of the files that are associated with a distribution or to restrict access at a finer granularity than the country level.
Which of the following AWS Networking components reduces the latency of network traffic between external users and applications hosted on AWS by directing customer traffic to AWS network infrastructure, such as edge locations and the AWS private network, instead of the public internet?
A. Elastic IP addresses (EIP)
B. AWS Global Accelerators
C. Elastic Network Interfaces (ENI)
D. Elastic Network Adaptors (ENA)
B. AWS Global Accelerators
Explanation:
The ultimate aim of the AWS Global Accelerator is to get UDP and TCP traffic from your end user clients to your applications faster and quicker and more reliably, through the use of the AWS global infrastructure and specified endpoints, instead of having to traverse the public internet, which is not as reliable and carries a higher security risk.
Each of the choices below is a cache layer within Amazon CloudFront except for:
A. AWS Origin Shield
B. regional edge caches
C. edge locations
D. CloudFront origins
D. CloudFront origins
Explanation:
Although we often discuss CloudFront as a single cache, actually CloudFront has three cache in layers. Cloudfront distributions, these exist over 300 Amazon edge locations globally. Regional edge caches, and at the time of writing there are 13 regional edge caches. And AWS Origin shield, an additional cache in layer between your regional edge caches and the origins. Origin shield is not enabled by default. You must enable it for each origin in the distributions you create.
In Amazon Route 53 Application Recovery Controller, a _____ is used to turn traffic flow ON or OFF to individual cells in regions or availability zones.
A. traffic monitoring group
B. routing control
C. traffic rule group
D. routing policy
B. routing control
Explanation:
A routing control is used to turn traffic flow ON or OFF to individual cells in regions or availability zones.
What is Amazon CloudFront?
A. A global content delivery network
B. A web service to schedule regular data movement
C. An encrypted endpoint to upload files to the cloud
D. A development front-end to Amazon Web Services
A. A global content delivery network
Explanation:
Amazon CloudFront is a global content delivery network (CDN) service that accelerates delivery of your websites, APIs, video content or other web assets through CDN caching. It integrates with other Amazon Web Services products to give developers and businesses an easy way to accelerate content to end users with no minimum usage commitments.
The Amazon Route 53 _____ is the DNS service for VPCs that integrates with your data center.
A. Traffic Flow service
B. Resolver
C. Weighted routing policy
D. Application Recovery Controller
B. Resolver
Explanation:
The Route 53 Resolver is the DNS service for VPCs that integrates with your data center.
When one is creating a record in Amazon Route 53, the _____ defines how to answer a DNS query.
A. traffic policy
B. routing policy
C. reply policy
D. time to live
B. routing policy
Explanation:
When you create a record using Route 53, you specify the record name, the record type, the actual value, the time to live in seconds, and the routing policy for this record. The routing policy for a record defines how to answer a DNS query.
What is Amazon CloudFront’s first step in processing file requests?
A. The request is routed back to the origin for file transfer.
B. The request is routed back to the origin, and then to the Edge location for file transfer.
C. The request is routed to the edge location closest to the origin.
D. The request is routed to the edge location that can deliver the file with the least latency.
D. The request is routed to the edge location that can deliver the file with the least latency.
Explanation:
Amazon CloudFront speeds up distribution of your static and dynamic content through its network of edge locations. When a request for a file is made, CloudFront does not route the request to the web server for transfer of the file. The request is routed to the closest edge location, which checks its cache for the file before routing the request back to the web server for the latest file version. The request is not routed to the web server initially but rather the cache at the edge location is checked before the web server request is made. The request is not cached in the edge location, the file is.
You are creating a CloudFront web distribution. Which of the following should be configured under Origin Settings to restrict access to an S3 bucket?
A. Origin Domain Name
B. Origin Access Identity
C. Origin ID
D. Viewer Protocol Policy
B. Origin Access Identity
Explanation:
You can configure access to an S3 bucket under Origin Access Identity after either entering a new access identity or selecting an existing one. An origin domain name is selected as the initial step when creating a CloudFront web distribution, and an origin ID is entered in the third step. Viewer Protocol Policy is configured under Default Cache Behavior Settings.
Which Amazon Route 53 routing policy requires you to define a record to be primary and a different record to be secondary?
A. Weighted
B. Geolocation
C. Multi-value Answer
D. Failover
D. Failover
Explanation:
The Failover routing policy is able to route traffic to a primary resource and, based on a health check, redirect traffic to a secondary resource. Using Failover routing you define a record to be primary and a different record to be secondary.
The _____ record type in Amazon Route 53 maps a custom hostname in your domain to an AWS Resource.
A. AAAA
B. Alias
C. A
D. CNAME
B. Alias
Explanation:
The Alias record type is unique to Amazon Route 53 and maps a custom hostname in your domain to an AWS Resource, which is usually represented by an internal AWS name.
When data expires in an AWS Edge Location, where can that Edge Location retrieve the data instead of a CloudFront origin server, thereby reducing latency?
A. A CloudFront distribution
B. A Regional Edge Cache
C. An AWS Global Accelerator
D. A VPC Endpoint
B. A Regional Edge Cache|
Explanation:
Regional Edge Caches sit between your CloudFront Origin servers and the Edge Locations. A Regional Edge Cache has a larger cache-width than each of the individual Edge Locations, and because data expires from the cache at the Edge Locations, the data is retained at the Regional Edge Caches. Therefore, when data is requested at the Edge Location that is no longer available, the Edge Location can retrieve the cached data from the Regional Edge Cache instead of the Origin servers, which would have higher latency.
In Amazon Route 53, _____ simplifies the process of creating and maintaining records in large and complex configurations, which is useful when you have a group of resources that perform the same operation, such as a fleet of web servers for the same domain.
A. the Resolver service
B. Traffic Flow
C. the Application Recovery Controller
D. a routing policy
B. Traffic Flow
Explanation:
Traffic Flow simplifies the process of creating and maintaining records in large and complex configurations. This is useful when you have a group of resources that perform the same operation, such as a fleet of web servers for the same domain.
Where does a Global Accelerator route traffic to reduce network latency?
A. To VPN connections
B. To edge locations
C. To VPC Transit Gateways
D. To Direct Connect colocation facilities
B. To edge locations
Explanation:
Because the routing of your request is based across the AWS Global Infrastructure, Global Accelerator intelligently routes customer requests across the most optimized path using its global reach of edge locations, for the lowest latency and avoids any resources that are unhealthy. This helps to improve regional failover and high availability across your deployment.
Which Amazon Route 53 routing policy requires that you use Route 53’s Traffic Flow feature and create a traffic policy?
A. Latency
B. Geo-proximity
C. Failover
D. Geolocation
B. Geo-proximity
Explanation:
The Geo-proximity routing policy requires that you use Route 53’s Traffic Flow feature and create a traffic policy.
