Recommended AWS Knowledge
Professional experience using AWS technology
AWS Security best practices
AWS storage options and their underlying consistency models
AWS networking nuances and how they relate to the integration of AWS services
Recommended General IT Knowledge
Advanced networking architectures and interconnectivity options (e.g., IP VPN, MPLS/VPLS)
Networking technologies within the OSI model, and how they affect implementation decisions
Development of automation scripts and tools
Routing architectures (including static and dynamic)
Multi-region solutions for a global enterprise
Highly available connectivity solutions (e.g., DX, VPN)
SAMPLE QUESTIONS
1. Your organization has a single Virtual Private Cloud (VPC) for development workloads.
An open source Virtual Private Network (VPN) running on an Amazon Elastic Compute
Cloud (Amazon EC2) instance is configured to provide developers with remote access. The
VPN instance gives users IP addresses from a Classless Inter-Domain Routing (CIDR) range
outside the VPC and performs a source Network Address Translation (NAT) on received
traffic to the private address of the instance. Your organization acquired a company that
also uses AWS with their own VPC. You have configured VPC peering between the two
VPCs and instances can communicate without issue. Which of the following flows will fail?
A. An incoming connection from one user on the VPN to another user on the VPN.
B. A virus scan from an instance in the acquired VPC to a user connected through VPN.
C. An Application Programming Interface (API) request from a VPN user to an instance
in the acquired VPC.
D. A web request to the Internet from a user connected through VPN.
2. When using AWS Certification Manager (ACM) and Amazon CloudFront, you configured
your certificate within ACM. When you try to enable Amazon CloudFront, however, you
do not see the certificate available for use. What could be the problem?
A. ACM does not support Amazon CloudFront.
B. You need to purchase a certificate from a third-party Certificate Authority (CA) and
upload it to ACM.
C. You need to configure the preshared key for ACM.
D. You might not have created the ACM certificate in the right region.
3.AWS Shield Standard provides protection at which layers of the Open Systems Interconnection
(OSI) model? (Choose two.)
A. Physical (Layer 1)
B. Data Link (Layer 2)
C. Network (Layer 3)
D. Transport (Layer 4)
E. Application (Layer 7)