AWS Certified Solutions Architect - Professional Questions and Answers (Dumps and Practice Questions)

Question : QuickTechie.com has three different datacenters in Mumbai, Geneva and Navada. Which is planning to extend
their data center by connecting their DC
with the AWS VPC using the VPN gateway. QuickTechie.com is setting up a dynamically routed VPN connection.
Select the information which is not required to setup this configuration?

1. The type of customer gateway, such as Cisco ASA, Juniper J-Series, Juniper SSG, Yamaha.
2. Internet-routable IP address (static) of the customer gateway's external interface.
3. Elastic IP ranges that the organization wants to advertise over the VPN connection to the VPC.
4. Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the customer gateway.
5. None of the above


Correct Answer 3 :
Explanation: When you create a VPN connection, you must specify the type of routing that you plan to use. The type of routing that you select can depend on the make and
model of your VPN devices. If your VPN device supports Border Gateway Protocol (BGP), specify dynamic routing when you configure your VPN connection. If your device does not support
BGP, specify static routing. For a list of static and dynamic routing devices that have been tested with Amazon VPC, see the Amazon Virtual Private Cloud FAQs. When you use a BGP
device, you don't need to specify static routes to the VPN connection because the device uses BGP to advertise its routes to the virtual private gateway. If you use a device that
doesn't support BGP, you must select static routing and enter the routes (IP prefixes) for your network that should be communicated to the virtual private gateway. Only IP prefixes
that are known to the virtual private gateway, whether through BGP advertisement or static route entry, can receive traffic from your VPC. We recommend that you use BGP-capable
devices, when available, because the BGP protocol offers robust liveness detection checks that can assist failover to the second VPN tunnel if the first tunnel goes down. Devices
that don't support BGP may also perform health checks to assist failover to the second tunnel when needed.

To use Amazon VPC with a VPN connection, you or your network administrator must designate a physical appliance as your customer gateway and configure it. We provide you with the
required configuration information, including the VPN preshared key and other parameters related to setting up the VPN connection. Your network administrator typically performs this
configuration. For information about the customer gateway requirements and configuration, see the Amazon VPC Network Administrator Guide. The following table lists the information
that you need to have so that we can establish your VPN connection.
The type of customer gateway (for example, Cisco ASA, Juniper J-Series, Juniper SSG, Yamaha)
Specifies how to format the returned information that you use to configure the customer gateway.
For information about the specific devices that we've tested, see What customer gateway devices are known to work with Amazon VPC? in the Amazon VPC FAQ.

Internet-routable IP address (static) of the customer gateway's external interface.
Used to create and configure your customer gateway (it's referred to as YOUR_UPLINK_?ADDRESS)
The value must be static and can't be behind a device performing network address translation (NAT).

(Optional) Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the customer gateway, if you are creating a dynamically routed VPN connection.
Used to create and configure your customer gateway (referred to as YOUR_BGP_ASN).

If you use the wizard in the console to set up your VPC, we automatically use 65000 as the ASN.
You can use an existing ASN assigned to your network. If you don't have one, you can use a private ASN (in the 64512-65534 range). For more information about ASNs, see the Wikipedia
article.

Amazon VPC supports 2-byte ASN numbers.

Internal network IP ranges that you want advertised over the VPN connection to the VPC.
Used to specify static routes.





Question : QuickTechie.com Inc. Have their own datacenter in Geneva, now they wish to use AWS service for better and robust infrastructure as well as secure network.
They have created new 50 Instances in the AWS VPC. Now they are planning to start distributing server load (from Geneva datacenter to) on these new 50 instances.
Which of the following needs to be done to start communication between VPC and Geneva datacenteres.

1. attache a virtual private gateway to the VPC
2. create a custom route table
3. update your security group rules
4. 1 and 3
5. All 1,2 and 3

Correct Answer 5 :
Explanation: By default, instances that you launch into a virtual private cloud (VPC) can't communicate with your own network. You can enable access to your network from
your VPC by attaching a virtual private gateway to the VPC, creating a custom route table, and updating your security group rules.

You can complete this process manually, as described on this page, or let the VPC creation wizard take care of many of these steps for you. For more information about using the VPC
creation wizard to set up the virtual private gateway, Although the term VPN connection is a general term, in the Amazon VPC documentation, a VPN connection refers to the connection
between your VPC and your own network.
Components of Your VPN

A VPN connection consists of the following components.

Virtual Private Gateway

A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection.

For information about how many virtual private gateways you can have per region, as well as the limits for other components within your VPC, see Amazon VPC Limits.

Customer Gateway

A customer gateway is a physical device or software application on your side of the VPN connection.







Question : You have created a VPN network between Your local datacenter and AWS VPC. Select the correct statement which applies.

1. Each VPN connection has one tunnel
2. Each VPN connection has two tunnels
3. Each VPN connection has three tunnels
4. None of the above

Correct Answer 2 :
Explanation: You use a VPN connection to connect your network to a VPC. Each VPN connection has two tunnels, with each tunnel using a unique virtual private gateway
public IP address. It is important to configure both tunnels for redundancy. When one tunnel becomes unavailable (for example, down for maintenance), network traffic is automatically
routed to the available tunnel for that specific VPN connection.

Related Questions

---

Question : Sometime it ispossible that your customer gateway becomes unavailable, and to protect against a loss of connectivity between QuickTechie.com Inc Geneva
datacenter and AWS VPC, You will set up a second VPN connection to your VPC by using a second customer gateway. By using redundant VPN connections and customer
gateways, you can perform maintenance on one of your customer gateways while traffic continues to flow over the second customer gateway's VPN connection. To
establish redundant VPN connections and customer gateways on your network, you need to set up a second VPN connection. The customer gateway IP address


1. for second VPN connection must be publicly accessible
2. can be the same public IP address that you are using for the first VPN connection.
3. for second VPN connection must be privately accessible
4. 1 and 2
5. 2 and 3


Question : You have created a VPN for your organization and found that tunnel credentials for your VPN connection have been compromised. What you must do ?

1. change the IKE preshared key
2. delete the VPN connection
3. delete the VPC and create new one
4. 1 and 2
5. All 1,2 and 3 are correct


Question : The device on the AWS side of the VPN connection is the ________________ .



1. virtual private gateway
2. private gateway
3. customer gateway
4. customer gateway's external interface



Question : QuickTechie.com has multiple branch offices and existing Internet connections. You also have multiple VPN connections with AWS, but wish to
establish secure communication between sites. Select the correct statement.

1. you can provide secure communication between sites using the AWS VPN CloudHub
2. To use the AWS VPN CloudHub, you must create a virtual private gateway with multiple customer gateways
3. To use the AWS VPN CloudHub, you must create a virtual private gateway with single customer gateways
4. 1 and 2
5. 1 and 3



Question : There is a big Investment bank who wish to use cloud infrastructire. However, they are having huge portfolio of customers and thier data needs to
be confidential. They are having 100 number of App Servers and In house Oracle database setup. How they can leverage the AWS cloud infra.


1. The organization should plan the all 100 app server on the public subnet and oracle rds in a private subnet so it will not be in the public cloud.
2. The organization should plan the app server on the public subnet and keep the Oracle database in the organization's data center and connect them with the VPN gateway.
3. The organization should plan the app server on the public subnet and use RDS with the private subnet for a secure data operation.
4. The organization should use the public subnet for the app server and use RDS with a storage gateway to access as well as sync the data securely from the local data center.





Question : Select the correct statement regrading VPC and Subnet

1. You can create a VPC that spans multiple Availability Zones
2. subnet must reside entirely within one Availability Zone and cannot span zones
3. If a subnet have a route to the Internet gateway, the subnet is known as a private subnet
4. 1,2
5. 1,2,3