1.

A company is using a NAT gateway to allow internet connectivity for private subnets in a VPC in
the us-west-2 Region. After a security audit, the company needs to remove the NAT gateway.
In the private subnets, the company has resources that use the unified Amazon CloudWatch agent.
A network engineer must create a solution to ensure that the unified CloudWatch agent continues
to work after the removal of the NAT gateway.
Which combination of steps should the network engineer take to meet these requirements?
(Choose three.)
a. Validate that private DNS is enabled on the VPC by setting the enableDnsHostnames
VPC attribute and the enableDnsSupport VPC attribute to true.
b. Create a new security group with entries to allow inbound traffic that uses the TCP
protocol on port 443 from the IP prefixes of the private subnets
c. Create the following interface VPC endpoints in the VPC: com.amazonaws.us-west-
2.logs and com.amazonaws.us-west-2.monitoring. Associate the new security group with
the endpoint network interfaces
2. An international company provides early warning about tsunamis. The company plans to use IoT
devices to monitor sea waves around the world. The data that is collected by the IoT devices must
reach the company’s infrastructure on AWS as quickly as possible. The company is using three
operation centers around the world. Each operation center is connected to AWS through Its own
AWS Direct Connect connection. Each operation center is connected to the internet through at
least two upstream internet service providers.
The company has its own provider-independent (PI) address space. The IoT devices use TCP
protocols for reliable transmission of the data they collect. The IoT devices have both landline
and mobile internet connectivity. The infrastructure and the solution will be deployed in multiple
AWS Regions. The company will use Amazon Route 53 for DNS services.
A network engineer needs to design connectivity between the IoT devices and the services that
run in the AWS Cloud.
Which solution will meet these requirements with the HIGHEST availability?
a. Set up an accelerator in AWS Global Accelerator. Configure Regional endpoint groups
and health checks
3. A company is planning a migration of its critical workloads from an on-premises data center to
Amazon EC2 instances. The plan includes a new 10 Gbps AWS Direct Connect dedicated
connection from the on-premises data center to a VPC that is attached to a transit gateway. The
migration must occur over encrypted paths between the on-premises data center and the AWS
Cloud.
Which solution will meet these requirements while providing the HIGHEST throughput?
a. Configure a public VIF on the Direct Connect connection. Configure two AWS Site-to-
Site VPN connections to the transit gateway. Enable equal-cost multi-path (ECMP)
routing.
4. A network engineer must develop an AWS CloudFormation template that can create a virtual
private gateway, a customer gateway, a VPN connection, and static routes in a route table. During
testing of the template, the network engineer notes that the CloudFormation template has
encountered an error and is rolling back.
What should the network engineer do to resolve the error?
a. Add the DependsOn attribute to the resource declaration for the route table entry. Specify
the virtual private gateway resource