Network Specialist All

Question 1

What is required to send VPC Flow Logs to CloudWatch?

Answer 1

IAM Role

Question 2

3 Types of Placement Groups?

Answer 2

• Cluster – clusters instances into a low-latency group in a single Availability Zone
• Partition – spreads instances across logical partitions, ensuring that instances in one partition do not share underlying hardware with instances in other partitions
Spread – spreads instances across underlying hardware

Question 3

Is CloudWatch supported for NAT GW?

Answer 3

No

Question 4

Interface VPC Endpoint

Answer 4

1. One interface per Avail Zone
2. No endpoint policy support
3. Access from direct connect but not from VPN GW
4. Use endpoint specifc DNS name or route 53 private hosted

Question 5

GW VPC Endpoint

Answer 5

1. Supports multiple avail zones
2. Uses routing table ID instead of DNS
3. Pollicy is supported

Question 6

What IP addresses can reach the public VIF of a customer router connected to direct connect?

Answer 6

All Amazon owned addresses.

Question 7

Max Number of peering sessions per VPC

Answer 7

125

Question 8

Number of Transit GW connections per DC GW

Answer 8

3

Question 9

Can you access a Interface GW from DC?

Answer 9

No, only interface endpoints

Question 10

Can you enable private hostname for DMS endpoint?

Answer 10

Yes. Then it can be accessed with https://kms..amazonaws.com

Question 11

Does ALB support on premise targets?

Answer 11

Yes

Question 12

What does VPC endpoint policy require?

Answer 12

1. The principal that can perform actions
2. The actions that can be performed
3. The resources on which actions can be performed

Question 13

What VPC endpoint operations does CloudTrial logs not support?

Answer 13

Principles in other accounts or operations from other accounts.

Question 14

With ALB is cross-zone load-balancing enabled by default?

Answer 14

Yes

Question 15

With NLB is cross-zone load-balancing enabled by default?

Answer 15

No

Question 16

From within a VPC what is returned if the the public route53 DNS name is queried?

Answer 16

Private IP address

Question 17

How many available IP addresses are required for Internet facing load-balancers?

Answer 17

8

Question 18

Is it possible to create NS records in a private hosted zone to delegate a subdomain?

Answer 18

No

Question 19

Number of VIFs support per DC connection?

Answer 19

50

Question 20

How many VGW’s can a DC gateway connect to?

Answer 20

10

Question 21

Can VPC’s connected with VGW’s through DC GW communicate over the connection?

Answer 21

No

Question 22

Limit of CIDR advertisements through a transit VIF?

Answer 22

20

Question 23

Can route 53 DNS health checkers check private addresses?

Answer 23

No. Instance must have public address

Question 24

Are multiple VGW per VPC allowed?

Answer 24

Yes

Question 25

Can VGW have more than a single BGP peer?

Answer 25

No

Question 26

Number of VIFs per DC GW

Answer 26

30

Question 27

Can ALB use KMS?

Answer 27

No

Question 28

When to move private keys from site to AWS?

Answer 28

Never

Question 29

How many fields can Cloudfront encrypt without using Lambda@Edge?

Answer 29

CloudFront can protect a maximum of 10 fields and only within HTTP(S) POST requests that carry HTML form encoded payloads.

Question 30

What is the only required section in a CloudFormation Template?

Answer 30

Resources

Question 31

What CloudFormation function returns array of CIDR ranges

Answer 31

Fn::Cidr

Question 32

What is required for CloudFormation template in order to peer VPC’s from different accounts?

Answer 32

The VPC account being peered to needs a role for peering VPC. That must be reference in template

Question 33

What must be turned on to complete config rule in CF t template?

Answer 33

Recorder