rather than launching and then terminating If the AZ did not have capacity, or the AMI was deleted the instance would not launch References: Question 55 How can a company connect their EC2 instances in one region with EC2 instances in another region using private IP addresses? 1. Inter-Region VPC Peering 2. AWS Direct Connect 3. AWS Managed VPN 4. VPC Peering Answer: 1 Explanation: Amazon EC2 now allows peering relationships to be established between Virtual Private Clouds (VPCs) across different AWS regions. Inter-Region VPC Peering allows VPC resources like EC2 instances, RDS databases and Lambda functions running in different AWS regions to communicate with each other using private IP addresses, without requiring gateways, VPN connections or separate network appliances VPC Peering is used to peer VPCs within the same region AWS Direct Connect is a private connection from an on-premise network to an AWS region, it does not enable connectivity between regions (unless you use Direct Connect Gateway)
References: - region-vpc-peering/ Question 56 Which of the following descriptions is incorrect in relation to the design of Availability Zones? 1. AZ’s have direct, low-latency, high throughput and redundant network connections between each other 2. Each AZ is designed as an independent failure zone 3. AZs are physically separated within a typical metropolitan region and are located in lower risk flood plains 4. Each subnet in a VPC is mapped to all AZs in the region Answer: 4 Explanation: Subnets are created within a single AZ and do not get mapped to multiple AZs References: - global-infrastructure/ - networking/ Question 57 How can a systems administrator connect to a Linux instance in a private subnet using the Internet? 1. Deploy a bastion host in a public subnet 2. Add a public elastic IP address to the instance 3. Use a NAT Gateway 4. Update the security group to allow the traffic Answer: 1 Explanation: When you have an EC2 instance in a private subnet you cannot add a public elastic IP address to it or update security group rules to allow connectivity. Instead you must deploy a bastion host server into a public subnet and use that to jump across from the public subnet to the private subnet A NAT Gateway is used to allow instances in a private subnet to access the Internet, it cannot be used for proxying inbound connections References: - private-amazon-vpc/ Question 58 When designing a VPC, what is the purpose of an Internet Gateway?
You've reached the end of your free preview.
Want to read all 253 pages?
- Fall '19