Network Security & Name Resolution

Question 1

You need to allow inbound DNS client queries to a VPC subnet. Which port should you allow in the Network ACL rule?

25

443

23

53

Answer 1

53

Question 2

Which type of DNS record routing rule allows sending a percentage of traffic to a specific host?

Weighted

Simple

Latency

Geolocation

Answer 2

Weighted

Question 3

You are registering a new DNS domain through Route 53. What must you supply when registering the domain?

Contact details

VPC ID

Account ID

EC2 instance ID

Answer 3

Contact details

Question 4

Which records exist automatically in a new hosted DNS zone?

SOA

NS

AAAA

A

Answer 4

SOA

NS

Question 5

Which of the following statements is correct?

Network ACLs are associated with EC2 instances

Network ACL rules have a priority number

Security group rules have a priority number

Security groups are associated with subnets

Answer 5

Network ACL rules have a priority number

Question 6

Which of the following statements is correct? Choose two.

Network ACL rules have a priority number

Security group rules have a priority number

Security groups are associated with EC2 instances

Network ACLs are associated subnets

Answer 6

Network ACL rules have a priority number

Network ACLs are associated subnets

Question 7

You are using the AWS management console to create a new Network ACL. What must the ACL be associated with?

VPC

EC2 instance

DNS zone

Security group

Answer 7

VPC

Question 8

You have created a network ACL. You now need to create ACL rules using the CLI. Which command should you use?

aws vpc create-network-acl-entry

aws ec2 create-network-acl-entry

aws vpc create-acl-entry

aws ec2 create- acl-entry

Answer 8

aws ec2 create-network-acl-entry

Question 9

Which PowerShell statement is used to create a Network ACL?

New-VPCNetworkAcl -VpcId

New-VPCNetworkAcl -SubnetId

New-EC2NetworkAcl -SubnetId

New-EC2NetworkAcl -VpcId

Answer 9

New-EC2NetworkAcl -VpcId

Question 10

Which AWS objects can Elastic IPs be associated with? Choose two.

Instance

Network interface

EC2 instance

VPC subnet

Answer 10

Instance

Network interface

Question 11

You are using the AWS management console to create a new Security Group. What must the security group be associated with?

VPC

DNS zone

EC2 instance

Security group

Answer 11

VPC

Question 12

Which CLI command is used to list AWS Security Groups?

aws ec2 show-security-groups

aws ec2 get-security-groups

aws ec2 describe-security-groups

aws ec2 list-security-groups

Answer 12

aws ec2 describe-security-groups

Question 13

You need to allow port 3389 traffic to pass into an EC2 instance. Which PowerShell cmdlet should you use to modify the security group associated with the instance?

Add-SecurityGroupIngress

Add-EC2SecurityGroupIngress

Grant-EC2SecurityGroupIngress

Grant-SecurityGroupIngress

Answer 13

Grant-EC2SecurityGroupIngress

Question 14

Which term best describes the role of an AWS Internet Gateway?

Proxy

Routing table

Pass-through

Packet filtering

Answer 14

Pass-through

Question 15

You have created an Internet Gateway in VPC1, yet EC2 instances in VPC1 subnets cannot reach the Internet. What should you do?

Add a route from the subnets

Associate the Internet Gateway with each subnet

Restart the instances

Associate the Internet Gateway with each EC2 instance

Answer 15

Add a route from the subnets

Question 16

Which term best describes the role of an AWS NAT Gateway?

Proxy

Routing table

Packet filtering

Pass-through

Answer 16

Proxy

Question 17

Which two items must a new NAT gateway be associated with?

Elastic IP

VPC

EC2 instance

Subnet

Answer 17

Elastic IP

Subnet