An organization with a growing e-commerce presence uses the AWS CloudHSM to offload the SSL/TLS processing of its web server fleet. The company leverages Amazon EC2 Auto Scaling for web servers to handle the growth. What architectural approach is optimal to scale the encryption operation?

A. Use multiple CloudHSM instances, and load balance them using a Network Load Balancer.

B. Use multiple CloudHSM instances to the cluster; request to it will automatically load balance.

C. Enable Auto Scaling on the CloudHSM instance, with similar configuration to the web tier Auto Scaling group.

D. Use multiple CloudHSM instances, and load balance them using an Application Load Balancer.

Your company runs an application for the US market in the us-east-1 AWS region. This application uses proprietary TCP and UDP protocols on Amazon Elastic Compute Cloud (EC2) instances. End users run a real-time, front-end application on their local PCs. This front-end application knows the DNS hostname of the service.

You must prepare the system for global expansion. The end users must access the application with lowest latency.

How should you use AWS services to meet these requirements?

A. Register the IP addresses of the service hosts as “A” records with latency-based routing policy in Amazon Route 53, and set a Route 53 health check for these hosts.

B. Set the Elastic Load Balancing (ELB) load balancer in front of the hosts of the service, and register the ELB name of the main service host as an ALIAS record with a latency-based routing policy in Route

53.

C. Set Amazon CloudFront in front of the host of the service, and register the CloudFront name of the main service as an ALIAS record in Route 53.

D. Set the Amazon API gateway in front of the service, and register the API gateway name of the main service as an ALIAS record in Route 53.

Which of the following is true when you don't configure Amazon CloudFront to forward cookies to your origin?

A. CloudFront removes the Cookie header from requests that it forwards to your origin.

B. CloudFront disables viewer requests to your origin, including all cookies.

C. CloudFront caches your objects based on cookie values.

D. CloudFront automates code deployments to any instance.

A customer has set up multiple VPCs for Dev, Test, Prod, and Management. You need to set up AWS Direct Connect to enable data flow from on-premises to each VPC. The customer has monitoring software running in the Management VPC that collects metrics from the instances in all the other VPCs. Due to budget requirements, data transfer charges should be kept at minimum.

Which design should be recommended?

A. Create a total of four private VIFs, one for each VPC owned by the customer, and route traffic between VPCs using the Direct Connect link.

B. Create a private VIF to the Management VPC, and peer this VPC to all other VPCs.

C. Create a private VIF to the Management VPC, and peer this VPC to all other VPCs; enable source/ destination NAT in the Management VPC.

D. Create a total of four private VIFs, and enable VPC peering between all VPCs.

A company wants to conduct a proof of concept for an SAP HANA application with a key objective to automate the provisioning of infrastructure and the application. The company operates a hybrid cloud infrastructure with AWS Direct Connect between its data center and VPC. Security policy dictates that all traffic from AWS be routed through on-premises data center firewalls. Security policy also prohibits the use of a VPC internet gateway for internet access. The company enforces use of a forward proxy server for all outbound network traffic. All resources inside the VPC are able to reach on-premises servers.

All Amazon EC2 Linux instances require package updates over the internet. However, the updates are falling and sending errors.

What would cause these errors?

A. Inbound security groups are configured incorrectly on the EC2 instances running in the VPC.

B. The VPC route table does not have entries for the proxy server in the data center.

C. The EC2 instances are not configured to use the proxy running in the data center for traffic on TCP port

80.

D. The data center firewall is blocking all traffic sent from the VPC CIDR range destined for 0.0.0.0/0.