AWS Certified Solutions Architect - Professional Questions and Answers (Dumps and Practice Questions)

Question : A web company is looking to implement an intrusion detection and prevention system into
their deployed VPC. This platform should have the ability to scale to thousands of
instances running inside of the VPC.
How should they architect their solution to achieve these goals?

1. Configure an instance with monitoring software and the elastic network interface (ENI)
set to promiscuous mode packet sniffing to see an traffic across the VPC.
2. Create a second VPC and route all traffic from the primary application VPC through the
second VPC where the scalable virtualized IDS/IPS platform resides.
3. Access Mostly Uused Products by 50000+ Subscribers
traffic through the platform to a scalable virtualized IDS/IPS.
4. Configure each host with an agent that collects all network traffic and sends that traffic
to the IDS/IPS platform for inspection.

Answer: 4

Explanation: Many AWS customers install host-based IDS software, such as the open source product OSSEC, that includes file integrity checking and rootkit detection software. Use these
products to analyze important system files and folders and calculate checksum that reflect their trusted state, and then regularly check to see whether these files have been modified
and alert the system administrator if so.

A distributed threat protection solution: This approach installs threat protection agents on individual instances in the cloud. A central threat management server communicates with
all host-based threat management agents for log collection, analysis, correlation, and active threat response purposes.

Related Questions

1. Configure an instance with monitoring software and the elastic network interface (ENI)
set to promiscuous mode packet sniffing to see an traffic across the VPC.
2. Create a second VPC and route all traffic from the primary application VPC through the
second VPC where the scalable virtualized IDS/IPS platform resides.
3. Access Mostly Uused Products by 50000+ Subscribers
traffic through the platform to a scalable virtualized IDS/IPS.
4. Configure each host with an agent that collects all network traffic and sends that traffic
to the IDS/IPS platform for inspection.

Question : QuickTechie.com has three different datacenters in Mumbai, Geneva and Navada. Which is planning to extend
their data center by connecting their DC
with the AWS VPC using the VPN gateway. QuickTechie.com is setting up a dynamically routed VPN connection.
Select the information which is not required to setup this configuration?

1. The type of customer gateway, such as Cisco ASA, Juniper J-Series, Juniper SSG, Yamaha.
2. Internet-routable IP address (static) of the customer gateway's external interface.
3. Elastic IP ranges that the organization wants to advertise over the VPN connection to the VPC.
4. Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the customer gateway.
5. None of the above

Question : QuickTechie.com Inc. Have their own datacenter in Geneva, now they wish to use AWS service for better and robust infrastructure as well as secure network.
They have created new 50 Instances in the AWS VPC. Now they are planning to start distributing server load (from Geneva datacenter to) on these new 50 instances.
Which of the following needs to be done to start communication between VPC and Geneva datacenteres.

1. attache a virtual private gateway to the VPC
2. create a custom route table
3. update your security group rules
4. 1 and 3
5. All 1,2 and 3

Question : You have created a VPN network between Your local datacenter and AWS VPC. Select the correct statement which applies.

1. Each VPN connection has one tunnel
2. Each VPN connection has two tunnels
3. Each VPN connection has three tunnels
4. None of the above