Module 7 Knowledge Check
Module 7 Knowledge Check
1. What is AWS Site-to Site VPN?
A solution that provides a connection between VPC and an on-premises network by using IPsec
Explanation: AWS Site-to-Site VPN creates an encrypted connection by using IPSEC. The connection is often across the internet, but it can also be used to encrypt a connection across AWS Direct Connect.
2. What does AWS Direct Connect provide?
A dedicated network connection from an on-premises network to AWS that uses 802.1q
Explanation: AWS Direct Connect establishes a connection between an on-premises network and AWS through a Direct Connect location. It uses IEEE 802.1q VLAN tagging to separate traffic across the connection.
3. A company has two VPC. VPC A has a CIDR block of 10.1.0.0/16. VPC B has CIDR block of 10.2.0.0/16. Both VPCs belong to the same AWS account. What is the simplest way to connect the two VPCs so that they can route all traffic between them?
VPC Peering
Explanation: VPC peering enables full network connectivity between two VPC in the same account or in different accounts.
4. A company is implementing a system to back up on-premises system to AWS. Which network connectivity method will provide a solution with the most consistent performance?
AWS Direct Connect
Explanation: AWS Direct Connect create a dedicated private network connection that does not cross the internet. Because of this, it has more consistent performance than an internet connection.
5. Systems in a secure subnet in a VPC must access a bucket in Amazon S3. Which solution stops traffic from crossing the internet?
Create VPC gateway endpoint for Amazon S3
Explanation: A VPC gateway endpoint adds a route for the Amazon S3 prefix list to the subnet route tables that you select. The route keeps traffic between the subnet and S3 inside the Amazon network, instead of using the default behaviour of routing traffic across the internet.
6. A company has three VPC. VPC A, B, and C have CIDR block that do not overlap. Both A and C have separate VPC peering connections with B. However, A cannot communicate with C. What is the simplest and most cost-effective way to enable full communication between A and C?
Add a peering connection between A and C, and route traffic between A and C through peering connection
Explanation: VPC peering is point-to-point. Full connectivity between any two VPC requires a separate peering connection. Connecting all VPC in a group by using VPC peering requires a full mesh network.
7. Because of a natural disaster, a company moved a secondary data center to a temporary facility with internet connectivity. It needs a secure connection to the company VPC that must be operational as soon as possible. The data center will move again in 2 weeks. Which option meets the requirements?
AWS Site-to-Site VPN
Explanation: An AWS Site-to-Site VPN connection can be quickly established across the internet. The connection can be terminated when it is no longer needed.
8. What is the simplest way to connect 100 VPC together?
Connect the VPC to AWS Transit Gateway
Explanation: AWS Transit Gateway connects VPC and on-premises networks through a central hub, and can scale to connect thousands of VPC
9. A company security admin requires that EC2 instances in a specific subnet must connect to Amazon DynamoDB through VPC endpoint. The company network standard requires that the infrastructure support high availability. Which action meets these architecture requirements without adding another subnet?
Associate a single VPC endpoint with the subnet
Explanation: VPC endpoints are horizontally scaled, redundant, and highly available.
10. A company uses a single AWS Direct Connect between their on-premises network and VPC. They want to ensure that the network connectivity is highly available by adding a backup connection. Which network connectivity method provides most cost-effective solution for the backup connection?
On-demand AWS Site-to-Site VPN connection across the Internet.
Explanation: An AWS Site-to-Site VPN connection can be quickly established across the internet. The connection can be terminated when it is no longer needed.
Akhir kata :